Home | History | Annotate | Download | only in racoon
      1 /*	$NetBSD: crypto_openssl.c,v 1.11.6.6 2009/04/29 10:50:25 tteras Exp $	*/
      2 
      3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
      4 
      5 /*
      6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
      7  * All rights reserved.
      8  *
      9  * Redistribution and use in source and binary forms, with or without
     10  * modification, are permitted provided that the following conditions
     11  * are met:
     12  * 1. Redistributions of source code must retain the above copyright
     13  *    notice, this list of conditions and the following disclaimer.
     14  * 2. Redistributions in binary form must reproduce the above copyright
     15  *    notice, this list of conditions and the following disclaimer in the
     16  *    documentation and/or other materials provided with the distribution.
     17  * 3. Neither the name of the project nor the names of its contributors
     18  *    may be used to endorse or promote products derived from this software
     19  *    without specific prior written permission.
     20  *
     21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
     22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
     25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     31  * SUCH DAMAGE.
     32  */
     33 
     34 #include "config.h"
     35 
     36 #include <sys/types.h>
     37 #include <sys/param.h>
     38 
     39 #include <stdlib.h>
     40 #include <stdio.h>
     41 #include <limits.h>
     42 #include <string.h>
     43 
     44 /* get openssl/ssleay version number */
     45 #include <openssl/opensslv.h>
     46 
     47 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
     48 #error OpenSSL version 0.9.6 or later required.
     49 #endif
     50 
     51 #include <openssl/pem.h>
     52 #include <openssl/evp.h>
     53 #include <openssl/x509.h>
     54 #include <openssl/x509v3.h>
     55 #include <openssl/x509_vfy.h>
     56 #include <openssl/bn.h>
     57 #include <openssl/dh.h>
     58 #include <openssl/md5.h>
     59 #include <openssl/sha.h>
     60 #include <openssl/hmac.h>
     61 #include <openssl/des.h>
     62 #include <openssl/crypto.h>
     63 #ifdef HAVE_OPENSSL_ENGINE_H
     64 #include <openssl/engine.h>
     65 #endif
     66 #ifndef ANDROID_CHANGES
     67 #include <openssl/blowfish.h>
     68 #include <openssl/cast.h>
     69 #else
     70 #define EVP_bf_cbc()    NULL
     71 #define EVP_cast5_cbc() NULL
     72 #endif
     73 #include <openssl/err.h>
     74 #ifdef HAVE_OPENSSL_RC5_H
     75 #include <openssl/rc5.h>
     76 #endif
     77 #ifdef HAVE_OPENSSL_IDEA_H
     78 #include <openssl/idea.h>
     79 #endif
     80 #if defined(HAVE_OPENSSL_AES_H)
     81 #include <openssl/aes.h>
     82 #elif defined(HAVE_OPENSSL_RIJNDAEL_H)
     83 #include <openssl/rijndael.h>
     84 #else
     85 #include "crypto/rijndael/rijndael-api-fst.h"
     86 #endif
     87 #if defined(HAVE_OPENSSL_CAMELLIA_H)
     88 #include <openssl/camellia.h>
     89 #endif
     90 #ifdef WITH_SHA2
     91 #ifdef HAVE_OPENSSL_SHA2_H
     92 #include <openssl/sha2.h>
     93 #else
     94 #include "crypto/sha2/sha2.h"
     95 #endif
     96 #endif
     97 #include "plog.h"
     98 
     99 /* 0.9.7 stuff? */
    100 #if OPENSSL_VERSION_NUMBER < 0x0090700fL
    101 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
    102 #else
    103 #define USE_NEW_DES_API
    104 #endif
    105 
    106 #define OpenSSL_BUG()	do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
    107 
    108 #include "var.h"
    109 #include "misc.h"
    110 #include "vmbuf.h"
    111 #include "plog.h"
    112 #include "crypto_openssl.h"
    113 #include "debug.h"
    114 #include "gcmalloc.h"
    115 
    116 #if defined(OPENSSL_IS_BORINGSSL)
    117 /* HMAC_cleanup is deprecated wrapper in OpenSSL and has been removed in
    118  * BoringSSL. */
    119 #define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx)
    120 #endif
    121 
    122 /*
    123  * I hate to cast every parameter to des_xx into void *, but it is
    124  * necessary for SSLeay/OpenSSL portability.  It sucks.
    125  */
    126 
    127 static int cb_check_cert_local __P((int, X509_STORE_CTX *));
    128 static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
    129 static X509 *mem2x509 __P((vchar_t *));
    130 
    131 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
    132 
    133 /* X509 Certificate */
    134 /*
    135  * convert the string of the subject name into DER
    136  * e.g. str = "C=JP, ST=Kanagawa";
    137  */
    138 vchar_t *
    139 eay_str2asn1dn(str, len)
    140 	const char *str;
    141 	int len;
    142 {
    143 	X509_NAME *name;
    144 	char *buf;
    145 	char *field, *value;
    146 	int i, j;
    147 	vchar_t *ret = NULL;
    148 	caddr_t p;
    149 
    150 	if (len == -1)
    151 		len = strlen(str);
    152 
    153 	buf = racoon_malloc(len + 1);
    154 	if (!buf) {
    155 		plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
    156 		return NULL;
    157 	}
    158 	memcpy(buf, str, len);
    159 
    160 	name = X509_NAME_new();
    161 
    162 	field = &buf[0];
    163 	value = NULL;
    164 	for (i = 0; i < len; i++) {
    165 		if (!value && buf[i] == '=') {
    166 			buf[i] = '\0';
    167 			value = &buf[i + 1];
    168 			continue;
    169 		} else if (buf[i] == ',' || buf[i] == '/') {
    170 			buf[i] = '\0';
    171 
    172 			plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
    173 			     field, value);
    174 
    175 			if (!value) goto err;
    176 			if (!X509_NAME_add_entry_by_txt(name, field,
    177 					(value[0] == '*' && value[1] == 0) ?
    178 						V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
    179 					(unsigned char *) value, -1, -1, 0)) {
    180 				plog(LLV_ERROR, LOCATION, NULL,
    181 				     "Invalid DN field: %s=%s\n",
    182 				     field, value);
    183 				plog(LLV_ERROR, LOCATION, NULL,
    184 				     "%s\n", eay_strerror());
    185 				goto err;
    186 			}
    187 			for (j = i + 1; j < len; j++) {
    188 				if (buf[j] != ' ')
    189 					break;
    190 			}
    191 			field = &buf[j];
    192 			value = NULL;
    193 			continue;
    194 		}
    195 	}
    196 	buf[len] = '\0';
    197 
    198 	plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
    199 	     field, value);
    200 
    201 	if (!value) goto err;
    202 	if (!X509_NAME_add_entry_by_txt(name, field,
    203 			(value[0] == '*' && value[1] == 0) ?
    204 				V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
    205 			(unsigned char *) value, -1, -1, 0)) {
    206 		plog(LLV_ERROR, LOCATION, NULL,
    207 		     "Invalid DN field: %s=%s\n",
    208 		     field, value);
    209 		plog(LLV_ERROR, LOCATION, NULL,
    210 		     "%s\n", eay_strerror());
    211 		goto err;
    212 	}
    213 
    214 	i = i2d_X509_NAME(name, NULL);
    215 	if (!i)
    216 		goto err;
    217 	ret = vmalloc(i);
    218 	if (!ret)
    219 		goto err;
    220 	p = ret->v;
    221 	i = i2d_X509_NAME(name, (void *)&p);
    222 	if (!i)
    223 		goto err;
    224 
    225 	return ret;
    226 
    227     err:
    228 	if (buf)
    229 		racoon_free(buf);
    230 	if (name)
    231 		X509_NAME_free(name);
    232 	if (ret)
    233 		vfree(ret);
    234 	return NULL;
    235 }
    236 
    237 /*
    238  * convert the hex string of the subject name into DER
    239  */
    240 vchar_t *
    241 eay_hex2asn1dn(const char *hex, int len)
    242 {
    243 	BIGNUM *bn = BN_new();
    244 	char *binbuf;
    245 	size_t binlen;
    246 	vchar_t *ret = NULL;
    247 
    248 	if (len == -1)
    249 		len = strlen(hex);
    250 
    251 	if (BN_hex2bn(&bn, hex) != len) {
    252 		plog(LLV_ERROR, LOCATION, NULL,
    253 		     "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
    254 		     eay_strerror());
    255 		goto out;
    256 	}
    257 
    258 	binlen = BN_num_bytes(bn);
    259 	ret = vmalloc(binlen);
    260 	if (!ret) {
    261 		plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
    262 		return NULL;
    263 	}
    264 	binbuf = ret->v;
    265 
    266 	BN_bn2bin(bn, (unsigned char *) binbuf);
    267 
    268 out:
    269 	BN_free(bn);
    270 
    271 	return ret;
    272 }
    273 
    274 /*
    275  * The following are derived from code in crypto/x509/x509_cmp.c
    276  * in OpenSSL0.9.7c:
    277  * X509_NAME_wildcmp() adds wildcard matching to the original
    278  * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
    279  */
    280 #include <ctype.h>
    281 /* Case insensitive string comparision */
    282 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
    283 {
    284 	int i;
    285 
    286 	if (a->length != b->length)
    287 		return (a->length - b->length);
    288 
    289 	for (i=0; i<a->length; i++)
    290 	{
    291 		int ca, cb;
    292 
    293 		ca = tolower(a->data[i]);
    294 		cb = tolower(b->data[i]);
    295 
    296 		if (ca != cb)
    297 			return(ca-cb);
    298 	}
    299 	return 0;
    300 }
    301 
    302 /* Case insensitive string comparision with space normalization
    303  * Space normalization - ignore leading, trailing spaces,
    304  *       multiple spaces between characters are replaced by single space
    305  */
    306 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
    307 {
    308 	unsigned char *pa = NULL, *pb = NULL;
    309 	int la, lb;
    310 
    311 	la = a->length;
    312 	lb = b->length;
    313 	pa = a->data;
    314 	pb = b->data;
    315 
    316 	/* skip leading spaces */
    317 	while (la > 0 && isspace(*pa))
    318 	{
    319 		la--;
    320 		pa++;
    321 	}
    322 	while (lb > 0 && isspace(*pb))
    323 	{
    324 		lb--;
    325 		pb++;
    326 	}
    327 
    328 	/* skip trailing spaces */
    329 	while (la > 0 && isspace(pa[la-1]))
    330 		la--;
    331 	while (lb > 0 && isspace(pb[lb-1]))
    332 		lb--;
    333 
    334 	/* compare strings with space normalization */
    335 	while (la > 0 && lb > 0)
    336 	{
    337 		int ca, cb;
    338 
    339 		/* compare character */
    340 		ca = tolower(*pa);
    341 		cb = tolower(*pb);
    342 		if (ca != cb)
    343 			return (ca - cb);
    344 
    345 		pa++; pb++;
    346 		la--; lb--;
    347 
    348 		if (la <= 0 || lb <= 0)
    349 			break;
    350 
    351 		/* is white space next character ? */
    352 		if (isspace(*pa) && isspace(*pb))
    353 		{
    354 			/* skip remaining white spaces */
    355 			while (la > 0 && isspace(*pa))
    356 			{
    357 				la--;
    358 				pa++;
    359 			}
    360 			while (lb > 0 && isspace(*pb))
    361 			{
    362 				lb--;
    363 				pb++;
    364 			}
    365 		}
    366 	}
    367 	if (la > 0 || lb > 0)
    368 		return la - lb;
    369 
    370 	return 0;
    371 }
    372 
    373 static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
    374 {
    375     int i,j;
    376     X509_NAME_ENTRY *na,*nb;
    377 
    378     if (sk_X509_NAME_ENTRY_num(a->entries)
    379 	!= sk_X509_NAME_ENTRY_num(b->entries))
    380 	    return sk_X509_NAME_ENTRY_num(a->entries)
    381 	      -sk_X509_NAME_ENTRY_num(b->entries);
    382     for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
    383     {
    384 	    na=sk_X509_NAME_ENTRY_value(a->entries,i);
    385 	    nb=sk_X509_NAME_ENTRY_value(b->entries,i);
    386 	    j=OBJ_cmp(na->object,nb->object);
    387 	    if (j) return(j);
    388 	    if ((na->value->length == 1 && na->value->data[0] == '*')
    389 	     || (nb->value->length == 1 && nb->value->data[0] == '*'))
    390 		    continue;
    391 	    j=na->value->type-nb->value->type;
    392 	    if (j) return(j);
    393 	    if (na->value->type == V_ASN1_PRINTABLESTRING)
    394 		    j=nocase_spacenorm_cmp(na->value, nb->value);
    395 	    else if (na->value->type == V_ASN1_IA5STRING
    396 		    && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
    397 		    j=nocase_cmp(na->value, nb->value);
    398 	    else
    399 		    {
    400 		    j=na->value->length-nb->value->length;
    401 		    if (j) return(j);
    402 		    j=memcmp(na->value->data,nb->value->data,
    403 			    na->value->length);
    404 		    }
    405 	    if (j) return(j);
    406 	    j=na->set-nb->set;
    407 	    if (j) return(j);
    408     }
    409 
    410     return(0);
    411 }
    412 
    413 /*
    414  * compare two subjectNames.
    415  * OUT:        0: equal
    416  *	positive:
    417  *	      -1: other error.
    418  */
    419 int
    420 eay_cmp_asn1dn(n1, n2)
    421 	vchar_t *n1, *n2;
    422 {
    423 	X509_NAME *a = NULL, *b = NULL;
    424 	caddr_t p;
    425 	int i = -1;
    426 
    427 	p = n1->v;
    428 	if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
    429 		goto end;
    430 	p = n2->v;
    431 	if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
    432 		goto end;
    433 
    434 	i = X509_NAME_wildcmp(a, b);
    435 
    436     end:
    437 	if (a)
    438 		X509_NAME_free(a);
    439 	if (b)
    440 		X509_NAME_free(b);
    441 	return i;
    442 }
    443 
    444 #ifdef ANDROID_CHANGES
    445 
    446 static BIO *BIO_from_android(char *path)
    447 {
    448 	void *data;
    449 	if (sscanf(path, pname, &data) == 1) {
    450 		return BIO_new_mem_buf(data, -1);
    451 	}
    452 	return NULL;
    453 }
    454 
    455 #endif
    456 
    457 /*
    458  * this functions is derived from apps/verify.c in OpenSSL0.9.5
    459  */
    460 int
    461 eay_check_x509cert(cert, CApath, CAfile, local)
    462 	vchar_t *cert;
    463 	char *CApath;
    464 	char *CAfile;
    465 	int local;
    466 {
    467 	X509_STORE *cert_ctx = NULL;
    468 	X509_LOOKUP *lookup = NULL;
    469 	X509 *x509 = NULL;
    470 	X509_STORE_CTX *csc;
    471 	int error = -1;
    472 
    473 	cert_ctx = X509_STORE_new();
    474 	if (cert_ctx == NULL)
    475 		goto end;
    476 
    477 	if (local)
    478 		X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
    479 	else
    480 		X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
    481 
    482 #ifdef ANDROID_CHANGES
    483 	if (pname) {
    484 		BIO *bio = BIO_from_android(CAfile);
    485 		STACK_OF(X509_INFO) *stack;
    486 		X509_INFO *info;
    487 		int i;
    488 
    489 		if (!bio) {
    490 			goto end;
    491 		}
    492 		stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
    493 		BIO_free(bio);
    494 		if (!stack) {
    495 			goto end;
    496 		}
    497 		for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
    498 			info = sk_X509_INFO_value(stack, i);
    499 			if (info->x509) {
    500 				X509_STORE_add_cert(cert_ctx, info->x509);
    501 			}
    502 			if (info->crl) {
    503 				X509_STORE_add_crl(cert_ctx, info->crl);
    504 			}
    505 		}
    506 		sk_X509_INFO_pop_free(stack, X509_INFO_free);
    507 	} else {
    508 #endif
    509 	lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
    510 	if (lookup == NULL)
    511 		goto end;
    512 
    513 	X509_LOOKUP_load_file(lookup, CAfile,
    514 	    (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
    515 
    516 	lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
    517 	if (lookup == NULL)
    518 		goto end;
    519 	error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
    520 	if(!error) {
    521 		error = -1;
    522 		goto end;
    523 	}
    524 	error = -1;	/* initialized */
    525 #ifdef ANDROID_CHANGES
    526 	}
    527 #endif
    528 
    529 	/* read the certificate to be verified */
    530 	x509 = mem2x509(cert);
    531 	if (x509 == NULL)
    532 		goto end;
    533 
    534 	csc = X509_STORE_CTX_new();
    535 	if (csc == NULL)
    536 		goto end;
    537 	X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
    538 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
    539 	X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
    540 	X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
    541 #endif
    542 	error = X509_verify_cert(csc);
    543 	X509_STORE_CTX_free(csc);
    544 
    545 	/*
    546 	 * if x509_verify_cert() is successful then the value of error is
    547 	 * set non-zero.
    548 	 */
    549 	error = error ? 0 : -1;
    550 
    551 end:
    552 	if (error)
    553 		plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
    554 	if (cert_ctx != NULL)
    555 		X509_STORE_free(cert_ctx);
    556 	if (x509 != NULL)
    557 		X509_free(x509);
    558 
    559 	return(error);
    560 }
    561 
    562 /*
    563  * callback function for verifing certificate.
    564  * this function is derived from cb() in openssl/apps/s_server.c
    565  */
    566 static int
    567 cb_check_cert_local(ok, ctx)
    568 	int ok;
    569 	X509_STORE_CTX *ctx;
    570 {
    571 	char buf[256];
    572 	int log_tag;
    573 
    574 	if (!ok) {
    575 		X509_NAME_oneline(
    576 				X509_get_subject_name(ctx->current_cert),
    577 				buf,
    578 				256);
    579 		/*
    580 		 * since we are just checking the certificates, it is
    581 		 * ok if they are self signed. But we should still warn
    582 		 * the user.
    583  		 */
    584 		switch (ctx->error) {
    585 		case X509_V_ERR_CERT_HAS_EXPIRED:
    586 		case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
    587 		case X509_V_ERR_INVALID_CA:
    588 		case X509_V_ERR_PATH_LENGTH_EXCEEDED:
    589 		case X509_V_ERR_INVALID_PURPOSE:
    590 		case X509_V_ERR_UNABLE_TO_GET_CRL:
    591 			ok = 1;
    592 			log_tag = LLV_WARNING;
    593 			break;
    594 		default:
    595 			log_tag = LLV_ERROR;
    596 		}
    597 		plog(log_tag, LOCATION, NULL,
    598 			"%s(%d) at depth:%d SubjectName:%s\n",
    599 			X509_verify_cert_error_string(ctx->error),
    600 			ctx->error,
    601 			ctx->error_depth,
    602 			buf);
    603 	}
    604 	ERR_clear_error();
    605 
    606 	return ok;
    607 }
    608 
    609 /*
    610  * callback function for verifing remote certificates.
    611  * this function is derived from cb() in openssl/apps/s_server.c
    612  */
    613 static int
    614 cb_check_cert_remote(ok, ctx)
    615 	int ok;
    616 	X509_STORE_CTX *ctx;
    617 {
    618 	char buf[256];
    619 	int log_tag;
    620 
    621 	if (!ok) {
    622 		X509_NAME_oneline(
    623 				X509_get_subject_name(ctx->current_cert),
    624 				buf,
    625 				256);
    626 		switch (ctx->error) {
    627 		case X509_V_ERR_UNABLE_TO_GET_CRL:
    628 			ok = 1;
    629 			log_tag = LLV_WARNING;
    630 			break;
    631 		default:
    632 			log_tag = LLV_ERROR;
    633 		}
    634 		plog(log_tag, LOCATION, NULL,
    635 			"%s(%d) at depth:%d SubjectName:%s\n",
    636 			X509_verify_cert_error_string(ctx->error),
    637 			ctx->error,
    638 			ctx->error_depth,
    639 			buf);
    640 	}
    641 	ERR_clear_error();
    642 
    643 	return ok;
    644 }
    645 
    646 /*
    647  * get a subjectAltName from X509 certificate.
    648  */
    649 vchar_t *
    650 eay_get_x509asn1subjectname(cert)
    651 	vchar_t *cert;
    652 {
    653 	X509 *x509 = NULL;
    654 	u_char *bp;
    655 	vchar_t *name = NULL;
    656 	int len;
    657 
    658 	bp = (unsigned char *) cert->v;
    659 
    660 	x509 = mem2x509(cert);
    661 	if (x509 == NULL)
    662 		goto error;
    663 
    664 	/* get the length of the name */
    665 	len = i2d_X509_NAME(x509->cert_info->subject, NULL);
    666 	name = vmalloc(len);
    667 	if (!name)
    668 		goto error;
    669 	/* get the name */
    670 	bp = (unsigned char *) name->v;
    671 	len = i2d_X509_NAME(x509->cert_info->subject, &bp);
    672 
    673 	X509_free(x509);
    674 
    675 	return name;
    676 
    677 error:
    678 	plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
    679 
    680 	if (name != NULL)
    681 		vfree(name);
    682 
    683 	if (x509 != NULL)
    684 		X509_free(x509);
    685 
    686 	return NULL;
    687 }
    688 
    689 /*
    690  * get the subjectAltName from X509 certificate.
    691  * the name must be terminated by '\0'.
    692  */
    693 int
    694 eay_get_x509subjectaltname(cert, altname, type, pos)
    695 	vchar_t *cert;
    696 	char **altname;
    697 	int *type;
    698 	int pos;
    699 {
    700 	X509 *x509 = NULL;
    701 	GENERAL_NAMES *gens = NULL;
    702 	GENERAL_NAME *gen;
    703 	int len;
    704 	int error = -1;
    705 
    706 	*altname = NULL;
    707 	*type = GENT_OTHERNAME;
    708 
    709 	x509 = mem2x509(cert);
    710 	if (x509 == NULL)
    711 		goto end;
    712 
    713 	gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
    714 	if (gens == NULL)
    715 		goto end;
    716 
    717 	/* there is no data at "pos" */
    718 	if (pos > sk_GENERAL_NAME_num(gens))
    719 		goto end;
    720 
    721 	gen = sk_GENERAL_NAME_value(gens, pos - 1);
    722 
    723 	/* read DNSName / Email */
    724 	if (gen->type == GEN_DNS	||
    725 		gen->type == GEN_EMAIL	||
    726 		gen->type == GEN_URI )
    727 	{
    728 		/* make sure if the data is terminated by '\0'. */
    729 		if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
    730 		{
    731 			plog(LLV_ERROR, LOCATION, NULL,
    732 				 "data is not terminated by NUL.");
    733 			racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
    734 			goto end;
    735 		}
    736 
    737 		len = gen->d.ia5->length + 1;
    738 		*altname = racoon_malloc(len);
    739 		if (!*altname)
    740 			goto end;
    741 
    742 		strlcpy(*altname, (char *) gen->d.ia5->data, len);
    743 		*type = gen->type;
    744 		error = 0;
    745 	}
    746 	/* read IP address */
    747 	else if (gen->type == GEN_IPADD)
    748 	{
    749 		unsigned char p[5], *ip;
    750 		ip = p;
    751 
    752 		/* only support IPv4 */
    753 		if (gen->d.ip->length != 4)
    754 			goto end;
    755 
    756 		/* convert Octet String to String
    757 		 * XXX ???????
    758 		 */
    759 		/*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/
    760 		ip = gen->d.ip->data;
    761 
    762 		/* XXX Magic, enough for an IPv4 address
    763 		 */
    764 		*altname = racoon_malloc(20);
    765 		if (!*altname)
    766 			goto end;
    767 
    768 		sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
    769 		*type = gen->type;
    770 		error = 0;
    771 	}
    772 	/* XXX other possible types ?
    773 	 * For now, error will be -1 if unsupported type
    774 	 */
    775 
    776 end:
    777 	if (error) {
    778 		if (*altname) {
    779 			racoon_free(*altname);
    780 			*altname = NULL;
    781 		}
    782 		plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
    783 	}
    784 	if (x509)
    785 		X509_free(x509);
    786 	if (gens)
    787 		/* free the whole stack. */
    788 		sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
    789 
    790 	return error;
    791 }
    792 
    793 
    794 /*
    795  * decode a X509 certificate and make a readable text terminated '\n'.
    796  * return the buffer allocated, so must free it later.
    797  */
    798 char *
    799 eay_get_x509text(cert)
    800 	vchar_t *cert;
    801 {
    802 	X509 *x509 = NULL;
    803 	BIO *bio = NULL;
    804 	char *text = NULL;
    805 	u_char *bp = NULL;
    806 	int len = 0;
    807 	int error = -1;
    808 
    809 	x509 = mem2x509(cert);
    810 	if (x509 == NULL)
    811 		goto end;
    812 
    813 	bio = BIO_new(BIO_s_mem());
    814 	if (bio == NULL)
    815 		goto end;
    816 
    817 	error = X509_print(bio, x509);
    818 	if (error != 1) {
    819 		error = -1;
    820 		goto end;
    821 	}
    822 
    823 #if defined(ANDROID_CHANGES)
    824 	len = BIO_get_mem_data(bio, (char**) &bp);
    825 #else
    826 	len = BIO_get_mem_data(bio, &bp);
    827 #endif
    828 	text = racoon_malloc(len + 1);
    829 	if (text == NULL)
    830 		goto end;
    831 	memcpy(text, bp, len);
    832 	text[len] = '\0';
    833 
    834 	error = 0;
    835 
    836     end:
    837 	if (error) {
    838 		if (text) {
    839 			racoon_free(text);
    840 			text = NULL;
    841 		}
    842 		plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
    843 	}
    844 	if (bio)
    845 		BIO_free(bio);
    846 	if (x509)
    847 		X509_free(x509);
    848 
    849 	return text;
    850 }
    851 
    852 /* get X509 structure from buffer. */
    853 static X509 *
    854 mem2x509(cert)
    855 	vchar_t *cert;
    856 {
    857 	X509 *x509;
    858 
    859 #ifndef EAYDEBUG
    860     {
    861 	u_char *bp;
    862 
    863 	bp = (unsigned char *) cert->v;
    864 
    865 	x509 = d2i_X509(NULL, (void *)&bp, cert->l);
    866     }
    867 #else
    868     {
    869 	BIO *bio;
    870 	int len;
    871 
    872 	bio = BIO_new(BIO_s_mem());
    873 	if (bio == NULL)
    874 		return NULL;
    875 	len = BIO_write(bio, cert->v, cert->l);
    876 	if (len == -1)
    877 		return NULL;
    878 	x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
    879 	BIO_free(bio);
    880     }
    881 #endif
    882 	return x509;
    883 }
    884 
    885 /*
    886  * get a X509 certificate from local file.
    887  * a certificate must be PEM format.
    888  * Input:
    889  *	path to a certificate.
    890  * Output:
    891  *	NULL if error occured
    892  *	other is the cert.
    893  */
    894 vchar_t *
    895 eay_get_x509cert(path)
    896 	char *path;
    897 {
    898 	FILE *fp;
    899 	X509 *x509;
    900 	vchar_t *cert;
    901 	u_char *bp;
    902 	int len;
    903 	int error;
    904 
    905 #ifdef ANDROID_CHANGES
    906 	if (pname) {
    907 		BIO *bio = BIO_from_android(path);
    908 		if (!bio) {
    909 			return NULL;
    910 		}
    911 		x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
    912 		BIO_free(bio);
    913 	} else {
    914 #endif
    915 	/* Read private key */
    916 	fp = fopen(path, "r");
    917 	if (fp == NULL)
    918 		return NULL;
    919 	x509 = PEM_read_X509(fp, NULL, NULL, NULL);
    920 	fclose (fp);
    921 #ifdef ANDROID_CHANGES
    922 	}
    923 #endif
    924 
    925 	if (x509 == NULL)
    926 		return NULL;
    927 
    928 	len = i2d_X509(x509, NULL);
    929 	cert = vmalloc(len);
    930 	if (cert == NULL) {
    931 		X509_free(x509);
    932 		return NULL;
    933 	}
    934 	bp = (unsigned char *) cert->v;
    935 	error = i2d_X509(x509, &bp);
    936 	X509_free(x509);
    937 
    938 	if (error == 0) {
    939 		vfree(cert);
    940 		return NULL;
    941 	}
    942 
    943 	return cert;
    944 }
    945 
    946 /*
    947  * check a X509 signature
    948  *	XXX: to be get hash type from my cert ?
    949  *		to be handled EVP_dss().
    950  * OUT: return -1 when error.
    951  *	0
    952  */
    953 int
    954 eay_check_x509sign(source, sig, cert)
    955 	vchar_t *source;
    956 	vchar_t *sig;
    957 	vchar_t *cert;
    958 {
    959 	X509 *x509;
    960 	u_char *bp;
    961 	EVP_PKEY *evp;
    962 	int res;
    963 
    964 	bp = (unsigned char *) cert->v;
    965 
    966 	x509 = d2i_X509(NULL, (void *)&bp, cert->l);
    967 	if (x509 == NULL) {
    968 		plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror());
    969 		return -1;
    970 	}
    971 
    972 	evp = X509_get_pubkey(x509);
    973 	if (! evp) {
    974 		plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
    975 		X509_free(x509);
    976 		return -1;
    977 	}
    978 
    979 	res = eay_rsa_verify(source, sig, evp->pkey.rsa);
    980 
    981 	EVP_PKEY_free(evp);
    982 	X509_free(x509);
    983 
    984 	return res;
    985 }
    986 
    987 /*
    988  * check RSA signature
    989  * OUT: return -1 when error.
    990  *	0 on success
    991  */
    992 int
    993 eay_check_rsasign(source, sig, rsa)
    994 	vchar_t *source;
    995 	vchar_t *sig;
    996 	RSA *rsa;
    997 {
    998 	return eay_rsa_verify(source, sig, rsa);
    999 }
   1000 
   1001 /*
   1002  * get PKCS#1 Private Key of PEM format from local file.
   1003  */
   1004 vchar_t *
   1005 eay_get_pkcs1privkey(path)
   1006 	char *path;
   1007 {
   1008 	FILE *fp;
   1009 	EVP_PKEY *evp = NULL;
   1010 	vchar_t *pkey = NULL;
   1011 	u_char *bp;
   1012 	int pkeylen;
   1013 	int error = -1;
   1014 
   1015 #ifdef ANDROID_CHANGES
   1016 	if (pname) {
   1017 		BIO *bio = BIO_from_android(path);
   1018 		if (!bio) {
   1019 			return NULL;
   1020 		}
   1021 		evp = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
   1022 		BIO_free(bio);
   1023 	} else {
   1024 #endif
   1025 	/* Read private key */
   1026 	fp = fopen(path, "r");
   1027 	if (fp == NULL)
   1028 		return NULL;
   1029 
   1030 	evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
   1031 
   1032 	fclose (fp);
   1033 #ifdef ANDROID_CHANGES
   1034 	}
   1035 #endif
   1036 
   1037 	if (evp == NULL)
   1038 		return NULL;
   1039 
   1040 	pkeylen = i2d_PrivateKey(evp, NULL);
   1041 	if (pkeylen == 0)
   1042 		goto end;
   1043 	pkey = vmalloc(pkeylen);
   1044 	if (pkey == NULL)
   1045 		goto end;
   1046 	bp = (unsigned char *) pkey->v;
   1047 	pkeylen = i2d_PrivateKey(evp, &bp);
   1048 	if (pkeylen == 0)
   1049 		goto end;
   1050 
   1051 	error = 0;
   1052 
   1053 end:
   1054 	if (evp != NULL)
   1055 		EVP_PKEY_free(evp);
   1056 	if (error != 0 && pkey != NULL) {
   1057 		vfree(pkey);
   1058 		pkey = NULL;
   1059 	}
   1060 
   1061 	return pkey;
   1062 }
   1063 
   1064 /*
   1065  * get PKCS#1 Public Key of PEM format from local file.
   1066  */
   1067 vchar_t *
   1068 eay_get_pkcs1pubkey(path)
   1069 	char *path;
   1070 {
   1071 	FILE *fp;
   1072 	EVP_PKEY *evp = NULL;
   1073 	vchar_t *pkey = NULL;
   1074 	X509 *x509 = NULL;
   1075 	u_char *bp;
   1076 	int pkeylen;
   1077 	int error = -1;
   1078 
   1079 	/* Read private key */
   1080 	fp = fopen(path, "r");
   1081 	if (fp == NULL)
   1082 		return NULL;
   1083 
   1084 	x509 = PEM_read_X509(fp, NULL, NULL, NULL);
   1085 
   1086 	fclose (fp);
   1087 
   1088 	if (x509 == NULL)
   1089 		return NULL;
   1090 
   1091 	/* Get public key - eay */
   1092 	evp = X509_get_pubkey(x509);
   1093 	if (evp == NULL)
   1094 		return NULL;
   1095 
   1096 	pkeylen = i2d_PublicKey(evp, NULL);
   1097 	if (pkeylen == 0)
   1098 		goto end;
   1099 	pkey = vmalloc(pkeylen);
   1100 	if (pkey == NULL)
   1101 		goto end;
   1102 	bp = (unsigned char *) pkey->v;
   1103 	pkeylen = i2d_PublicKey(evp, &bp);
   1104 	if (pkeylen == 0)
   1105 		goto end;
   1106 
   1107 	error = 0;
   1108 end:
   1109 	if (evp != NULL)
   1110 		EVP_PKEY_free(evp);
   1111 	if (error != 0 && pkey != NULL) {
   1112 		vfree(pkey);
   1113 		pkey = NULL;
   1114 	}
   1115 
   1116 	return pkey;
   1117 }
   1118 
   1119 vchar_t *
   1120 eay_get_x509sign(src, privkey)
   1121 	vchar_t *src, *privkey;
   1122 {
   1123 	EVP_PKEY *evp;
   1124 	u_char *bp = (unsigned char *) privkey->v;
   1125 	vchar_t *sig = NULL;
   1126 	int len;
   1127 	int pad = RSA_PKCS1_PADDING;
   1128 
   1129 	/* XXX to be handled EVP_PKEY_DSA */
   1130 	evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
   1131 	if (evp == NULL)
   1132 		return NULL;
   1133 
   1134 	sig = eay_rsa_sign(src, evp->pkey.rsa);
   1135 
   1136 	EVP_PKEY_free(evp);
   1137 
   1138 	return sig;
   1139 }
   1140 
   1141 vchar_t *
   1142 eay_get_rsasign(src, rsa)
   1143 	vchar_t *src;
   1144 	RSA *rsa;
   1145 {
   1146 	return eay_rsa_sign(src, rsa);
   1147 }
   1148 
   1149 vchar_t *
   1150 eay_rsa_sign(vchar_t *src, RSA *rsa)
   1151 {
   1152 	int len;
   1153 	vchar_t *sig = NULL;
   1154 	int pad = RSA_PKCS1_PADDING;
   1155 
   1156 	len = RSA_size(rsa);
   1157 
   1158 	sig = vmalloc(len);
   1159 	if (sig == NULL)
   1160 		return NULL;
   1161 
   1162 	len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
   1163 			(unsigned char *) sig->v, rsa, pad);
   1164 
   1165 	if (len == 0 || len != sig->l) {
   1166 		vfree(sig);
   1167 		sig = NULL;
   1168 	}
   1169 
   1170 	return sig;
   1171 }
   1172 
   1173 int
   1174 eay_rsa_verify(src, sig, rsa)
   1175 	vchar_t *src, *sig;
   1176 	RSA *rsa;
   1177 {
   1178 	vchar_t *xbuf = NULL;
   1179 	int pad = RSA_PKCS1_PADDING;
   1180 	int len = 0;
   1181 	int error;
   1182 
   1183 	len = RSA_size(rsa);
   1184 	xbuf = vmalloc(len);
   1185 	if (xbuf == NULL) {
   1186 		plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
   1187 		return -1;
   1188 	}
   1189 
   1190 	len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
   1191 			(unsigned char *) xbuf->v, rsa, pad);
   1192 	if (len == 0 || len != src->l) {
   1193 		plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
   1194 		vfree(xbuf);
   1195 		return -1;
   1196 	}
   1197 
   1198 	error = memcmp(src->v, xbuf->v, src->l);
   1199 	vfree(xbuf);
   1200 	if (error != 0)
   1201 		return -1;
   1202 
   1203 	return 0;
   1204 }
   1205 
   1206 /*
   1207  * get error string
   1208  * MUST load ERR_load_crypto_strings() first.
   1209  */
   1210 char *
   1211 eay_strerror()
   1212 {
   1213 	static char ebuf[512];
   1214 	int len = 0, n;
   1215 	unsigned long l;
   1216 	char buf[200];
   1217 	const char *file, *data;
   1218 	int line, flags;
   1219 	unsigned long es;
   1220 
   1221 #if defined(ANDROID_CHANGES)
   1222 	es = 0;
   1223 #else
   1224 	es = CRYPTO_thread_id();
   1225 #endif
   1226 
   1227 	while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
   1228 		n = snprintf(ebuf + len, sizeof(ebuf) - len,
   1229 				"%lu:%s:%s:%d:%s ",
   1230 				es, ERR_error_string(l, buf), file, line,
   1231 				(flags & ERR_TXT_STRING) ? data : "");
   1232 		if (n < 0 || n >= sizeof(ebuf) - len)
   1233 			break;
   1234 		len += n;
   1235 		if (sizeof(ebuf) < len)
   1236 			break;
   1237 	}
   1238 
   1239 	return ebuf;
   1240 }
   1241 
   1242 vchar_t *
   1243 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
   1244 {
   1245 	vchar_t *res;
   1246 	EVP_CIPHER_CTX ctx;
   1247 
   1248 	if (!e)
   1249 		return NULL;
   1250 
   1251 	if (data->l % EVP_CIPHER_block_size(e))
   1252 		return NULL;
   1253 
   1254 	if ((res = vmalloc(data->l)) == NULL)
   1255 		return NULL;
   1256 
   1257 	EVP_CIPHER_CTX_init(&ctx);
   1258 
   1259 #if !defined(OPENSSL_IS_BORINGSSL)
   1260 	switch(EVP_CIPHER_nid(e)){
   1261 	case NID_bf_cbc:
   1262 	case NID_bf_ecb:
   1263 	case NID_bf_cfb64:
   1264 	case NID_bf_ofb64:
   1265 	case NID_cast5_cbc:
   1266 	case NID_cast5_ecb:
   1267 	case NID_cast5_cfb64:
   1268 	case NID_cast5_ofb64:
   1269 		/* XXX: can we do that also for algos with a fixed key size ?
   1270 		 */
   1271 		/* init context without key/iv
   1272          */
   1273         if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
   1274         {
   1275             OpenSSL_BUG();
   1276             vfree(res);
   1277             return NULL;
   1278         }
   1279 
   1280         /* update key size
   1281          */
   1282         if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
   1283         {
   1284             OpenSSL_BUG();
   1285             vfree(res);
   1286             return NULL;
   1287         }
   1288 
   1289         /* finalize context init with desired key size
   1290          */
   1291         if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
   1292 							(u_char *) iv->v, enc))
   1293         {
   1294             OpenSSL_BUG();
   1295             vfree(res);
   1296             return NULL;
   1297 		}
   1298 		break;
   1299 	default:
   1300 #endif  /* OPENSSL_IS_BORINGSSL */
   1301 		if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
   1302 							(u_char *) iv->v, enc)) {
   1303 			OpenSSL_BUG();
   1304 			vfree(res);
   1305 			return NULL;
   1306 		}
   1307 #if !defined(OPENSSL_IS_BORINGSSL)
   1308 	}
   1309 #endif
   1310 
   1311 	/* disable openssl padding */
   1312 	EVP_CIPHER_CTX_set_padding(&ctx, 0);
   1313 
   1314 	if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
   1315 		OpenSSL_BUG();
   1316 		vfree(res);
   1317 		return NULL;
   1318 	}
   1319 
   1320 	EVP_CIPHER_CTX_cleanup(&ctx);
   1321 
   1322 	return res;
   1323 }
   1324 
   1325 int
   1326 evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
   1327 {
   1328 	return 0;
   1329 }
   1330 
   1331 int
   1332 evp_keylen(int len, const EVP_CIPHER *e)
   1333 {
   1334 	if (!e)
   1335 		return -1;
   1336 	/* EVP functions return lengths in bytes, ipsec-tools
   1337 	 * uses lengths in bits, therefore conversion is required. --AK
   1338 	 */
   1339 	if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
   1340 		return -1;
   1341 
   1342 	return EVP_CIPHER_key_length(e) << 3;
   1343 }
   1344 
   1345 /*
   1346  * DES-CBC
   1347  */
   1348 vchar_t *
   1349 eay_des_encrypt(data, key, iv)
   1350 	vchar_t *data, *key, *iv;
   1351 {
   1352 	return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
   1353 }
   1354 
   1355 vchar_t *
   1356 eay_des_decrypt(data, key, iv)
   1357 	vchar_t *data, *key, *iv;
   1358 {
   1359 	return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
   1360 }
   1361 
   1362 #if defined(OPENSSL_IS_BORINGSSL)
   1363 /* BoringSSL doesn't implement DES_is_weak_key because the concept is nonsense.
   1364  * Thankfully, ipsec-tools never actually uses the result of this function. */
   1365 static int
   1366 DES_is_weak_key(const DES_cblock *key)
   1367 {
   1368 	return 0;
   1369 }
   1370 #endif  /* OPENSSL_IS_BORINGSSL */
   1371 
   1372 int
   1373 eay_des_weakkey(key)
   1374 	vchar_t *key;
   1375 {
   1376 #ifdef USE_NEW_DES_API
   1377 	return DES_is_weak_key((void *)key->v);
   1378 #else
   1379 	return des_is_weak_key((void *)key->v);
   1380 #endif
   1381 }
   1382 
   1383 int
   1384 eay_des_keylen(len)
   1385 	int len;
   1386 {
   1387 	return evp_keylen(len, EVP_des_cbc());
   1388 }
   1389 
   1390 #ifdef HAVE_OPENSSL_IDEA_H
   1391 /*
   1392  * IDEA-CBC
   1393  */
   1394 vchar_t *
   1395 eay_idea_encrypt(data, key, iv)
   1396 	vchar_t *data, *key, *iv;
   1397 {
   1398 	vchar_t *res;
   1399 	IDEA_KEY_SCHEDULE ks;
   1400 
   1401 	idea_set_encrypt_key((unsigned char *)key->v, &ks);
   1402 
   1403 	/* allocate buffer for result */
   1404 	if ((res = vmalloc(data->l)) == NULL)
   1405 		return NULL;
   1406 
   1407 	/* decryption data */
   1408 	idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
   1409 			&ks, (unsigned char *)iv->v, IDEA_ENCRYPT);
   1410 
   1411 	return res;
   1412 }
   1413 
   1414 vchar_t *
   1415 eay_idea_decrypt(data, key, iv)
   1416 	vchar_t *data, *key, *iv;
   1417 {
   1418 	vchar_t *res;
   1419 	IDEA_KEY_SCHEDULE ks, dks;
   1420 
   1421 	idea_set_encrypt_key((unsigned char *)key->v, &ks);
   1422 	idea_set_decrypt_key(&ks, &dks);
   1423 
   1424 	/* allocate buffer for result */
   1425 	if ((res = vmalloc(data->l)) == NULL)
   1426 		return NULL;
   1427 
   1428 	/* decryption data */
   1429 	idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
   1430 			&dks, (unsigned char *)iv->v, IDEA_DECRYPT);
   1431 
   1432 	return res;
   1433 }
   1434 
   1435 int
   1436 eay_idea_weakkey(key)
   1437 	vchar_t *key;
   1438 {
   1439 	return 0;       /* XXX */
   1440 }
   1441 
   1442 int
   1443 eay_idea_keylen(len)
   1444 	int len;
   1445 {
   1446 	if (len != 0 && len != 128)
   1447 		return -1;
   1448 	return 128;
   1449 }
   1450 #endif
   1451 
   1452 /*
   1453  * BLOWFISH-CBC
   1454  */
   1455 vchar_t *
   1456 eay_bf_encrypt(data, key, iv)
   1457 	vchar_t *data, *key, *iv;
   1458 {
   1459 	return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
   1460 }
   1461 
   1462 vchar_t *
   1463 eay_bf_decrypt(data, key, iv)
   1464 	vchar_t *data, *key, *iv;
   1465 {
   1466 	return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
   1467 }
   1468 
   1469 int
   1470 eay_bf_weakkey(key)
   1471 	vchar_t *key;
   1472 {
   1473 	return 0;	/* XXX to be done. refer to RFC 2451 */
   1474 }
   1475 
   1476 int
   1477 eay_bf_keylen(len)
   1478 	int len;
   1479 {
   1480 	if (len == 0)
   1481 		return 448;
   1482 	if (len < 40 || len > 448)
   1483 		return -1;
   1484 	return len;
   1485 }
   1486 
   1487 #ifdef HAVE_OPENSSL_RC5_H
   1488 /*
   1489  * RC5-CBC
   1490  */
   1491 vchar_t *
   1492 eay_rc5_encrypt(data, key, iv)
   1493 	vchar_t *data, *key, *iv;
   1494 {
   1495 	vchar_t *res;
   1496 	RC5_32_KEY ks;
   1497 
   1498 	/* in RFC 2451, there is information about the number of round. */
   1499 	RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
   1500 
   1501 	/* allocate buffer for result */
   1502 	if ((res = vmalloc(data->l)) == NULL)
   1503 		return NULL;
   1504 
   1505 	/* decryption data */
   1506 	RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
   1507 		&ks, (unsigned char *)iv->v, RC5_ENCRYPT);
   1508 
   1509 	return res;
   1510 }
   1511 
   1512 vchar_t *
   1513 eay_rc5_decrypt(data, key, iv)
   1514 	vchar_t *data, *key, *iv;
   1515 {
   1516 	vchar_t *res;
   1517 	RC5_32_KEY ks;
   1518 
   1519 	/* in RFC 2451, there is information about the number of round. */
   1520 	RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
   1521 
   1522 	/* allocate buffer for result */
   1523 	if ((res = vmalloc(data->l)) == NULL)
   1524 		return NULL;
   1525 
   1526 	/* decryption data */
   1527 	RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
   1528 		&ks, (unsigned char *)iv->v, RC5_DECRYPT);
   1529 
   1530 	return res;
   1531 }
   1532 
   1533 int
   1534 eay_rc5_weakkey(key)
   1535 	vchar_t *key;
   1536 {
   1537 	return 0;       /* No known weak keys when used with 16 rounds. */
   1538 
   1539 }
   1540 
   1541 int
   1542 eay_rc5_keylen(len)
   1543 	int len;
   1544 {
   1545 	if (len == 0)
   1546 		return 128;
   1547 	if (len < 40 || len > 2040)
   1548 		return -1;
   1549 	return len;
   1550 }
   1551 #endif
   1552 
   1553 /*
   1554  * 3DES-CBC
   1555  */
   1556 vchar_t *
   1557 eay_3des_encrypt(data, key, iv)
   1558 	vchar_t *data, *key, *iv;
   1559 {
   1560 	return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
   1561 }
   1562 
   1563 vchar_t *
   1564 eay_3des_decrypt(data, key, iv)
   1565 	vchar_t *data, *key, *iv;
   1566 {
   1567 	return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
   1568 }
   1569 
   1570 int
   1571 eay_3des_weakkey(key)
   1572 	vchar_t *key;
   1573 {
   1574 #ifdef USE_NEW_DES_API
   1575 	return (DES_is_weak_key((void *)key->v) ||
   1576 	    DES_is_weak_key((void *)(key->v + 8)) ||
   1577 	    DES_is_weak_key((void *)(key->v + 16)));
   1578 #else
   1579 	if (key->l < 24)
   1580 		return 0;
   1581 
   1582 	return (des_is_weak_key((void *)key->v) ||
   1583 	    des_is_weak_key((void *)(key->v + 8)) ||
   1584 	    des_is_weak_key((void *)(key->v + 16)));
   1585 #endif
   1586 }
   1587 
   1588 int
   1589 eay_3des_keylen(len)
   1590 	int len;
   1591 {
   1592 	if (len != 0 && len != 192)
   1593 		return -1;
   1594 	return 192;
   1595 }
   1596 
   1597 /*
   1598  * CAST-CBC
   1599  */
   1600 vchar_t *
   1601 eay_cast_encrypt(data, key, iv)
   1602 	vchar_t *data, *key, *iv;
   1603 {
   1604 	return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
   1605 }
   1606 
   1607 vchar_t *
   1608 eay_cast_decrypt(data, key, iv)
   1609 	vchar_t *data, *key, *iv;
   1610 {
   1611 	return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
   1612 }
   1613 
   1614 int
   1615 eay_cast_weakkey(key)
   1616 	vchar_t *key;
   1617 {
   1618 	return 0;	/* No known weak keys. */
   1619 }
   1620 
   1621 int
   1622 eay_cast_keylen(len)
   1623 	int len;
   1624 {
   1625 	if (len == 0)
   1626 		return 128;
   1627 	if (len < 40 || len > 128)
   1628 		return -1;
   1629 	return len;
   1630 }
   1631 
   1632 /*
   1633  * AES(RIJNDAEL)-CBC
   1634  */
   1635 #ifndef HAVE_OPENSSL_AES_H
   1636 vchar_t *
   1637 eay_aes_encrypt(data, key, iv)
   1638 	vchar_t *data, *key, *iv;
   1639 {
   1640 	vchar_t *res;
   1641 	keyInstance k;
   1642 	cipherInstance c;
   1643 
   1644 	memset(&k, 0, sizeof(k));
   1645 	if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
   1646 		return NULL;
   1647 
   1648 	/* allocate buffer for result */
   1649 	if ((res = vmalloc(data->l)) == NULL)
   1650 		return NULL;
   1651 
   1652 	/* encryption data */
   1653 	memset(&c, 0, sizeof(c));
   1654 	if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
   1655 		vfree(res);
   1656 		return NULL;
   1657 	}
   1658 	if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
   1659 		vfree(res);
   1660 		return NULL;
   1661 	}
   1662 
   1663 	return res;
   1664 }
   1665 
   1666 vchar_t *
   1667 eay_aes_decrypt(data, key, iv)
   1668 	vchar_t *data, *key, *iv;
   1669 {
   1670 	vchar_t *res;
   1671 	keyInstance k;
   1672 	cipherInstance c;
   1673 
   1674 	memset(&k, 0, sizeof(k));
   1675 	if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
   1676 		return NULL;
   1677 
   1678 	/* allocate buffer for result */
   1679 	if ((res = vmalloc(data->l)) == NULL)
   1680 		return NULL;
   1681 
   1682 	/* decryption data */
   1683 	memset(&c, 0, sizeof(c));
   1684 	if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
   1685 		vfree(res);
   1686 		return NULL;
   1687 	}
   1688 	if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
   1689 		vfree(res);
   1690 		return NULL;
   1691 	}
   1692 
   1693 	return res;
   1694 }
   1695 #else
   1696 static inline const EVP_CIPHER *
   1697 aes_evp_by_keylen(int keylen)
   1698 {
   1699 	switch(keylen) {
   1700 		case 16:
   1701 		case 128:
   1702 			return EVP_aes_128_cbc();
   1703 #if !defined(ANDROID_CHANGES)
   1704 		case 24:
   1705 		case 192:
   1706 			return EVP_aes_192_cbc();
   1707 #endif
   1708 		case 32:
   1709 		case 256:
   1710 			return EVP_aes_256_cbc();
   1711 		default:
   1712 			return NULL;
   1713 	}
   1714 }
   1715 
   1716 vchar_t *
   1717 eay_aes_encrypt(data, key, iv)
   1718        vchar_t *data, *key, *iv;
   1719 {
   1720 	return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
   1721 }
   1722 
   1723 vchar_t *
   1724 eay_aes_decrypt(data, key, iv)
   1725        vchar_t *data, *key, *iv;
   1726 {
   1727 	return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
   1728 }
   1729 #endif
   1730 
   1731 int
   1732 eay_aes_weakkey(key)
   1733 	vchar_t *key;
   1734 {
   1735 	return 0;
   1736 }
   1737 
   1738 int
   1739 eay_aes_keylen(len)
   1740 	int len;
   1741 {
   1742 	if (len == 0)
   1743 		return 128;
   1744 	if (len != 128 && len != 192 && len != 256)
   1745 		return -1;
   1746 	return len;
   1747 }
   1748 
   1749 #if defined(HAVE_OPENSSL_CAMELLIA_H)
   1750 /*
   1751  * CAMELLIA-CBC
   1752  */
   1753 static inline const EVP_CIPHER *
   1754 camellia_evp_by_keylen(int keylen)
   1755 {
   1756 	switch(keylen) {
   1757 		case 16:
   1758 		case 128:
   1759 			return EVP_camellia_128_cbc();
   1760 		case 24:
   1761 		case 192:
   1762 			return EVP_camellia_192_cbc();
   1763 		case 32:
   1764 		case 256:
   1765 			return EVP_camellia_256_cbc();
   1766 		default:
   1767 			return NULL;
   1768 	}
   1769 }
   1770 
   1771 vchar_t *
   1772 eay_camellia_encrypt(data, key, iv)
   1773        vchar_t *data, *key, *iv;
   1774 {
   1775 	return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1);
   1776 }
   1777 
   1778 vchar_t *
   1779 eay_camellia_decrypt(data, key, iv)
   1780        vchar_t *data, *key, *iv;
   1781 {
   1782 	return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0);
   1783 }
   1784 
   1785 int
   1786 eay_camellia_weakkey(key)
   1787 	vchar_t *key;
   1788 {
   1789 	return 0;
   1790 }
   1791 
   1792 int
   1793 eay_camellia_keylen(len)
   1794 	int len;
   1795 {
   1796 	if (len == 0)
   1797 		return 128;
   1798 	if (len != 128 && len != 192 && len != 256)
   1799 		return -1;
   1800 	return len;
   1801 }
   1802 
   1803 #endif
   1804 
   1805 /* for ipsec part */
   1806 int
   1807 eay_null_hashlen()
   1808 {
   1809 	return 0;
   1810 }
   1811 
   1812 int
   1813 eay_kpdk_hashlen()
   1814 {
   1815 	return 0;
   1816 }
   1817 
   1818 int
   1819 eay_twofish_keylen(len)
   1820 	int len;
   1821 {
   1822 	if (len < 0 || len > 256)
   1823 		return -1;
   1824 	return len;
   1825 }
   1826 
   1827 int
   1828 eay_null_keylen(len)
   1829 	int len;
   1830 {
   1831 	return 0;
   1832 }
   1833 
   1834 /*
   1835  * HMAC functions
   1836  */
   1837 static caddr_t
   1838 eay_hmac_init(key, md)
   1839 	vchar_t *key;
   1840 	const EVP_MD *md;
   1841 {
   1842 	HMAC_CTX *c = racoon_malloc(sizeof(*c));
   1843 
   1844 	HMAC_Init(c, key->v, key->l, md);
   1845 
   1846 	return (caddr_t)c;
   1847 }
   1848 
   1849 #ifdef WITH_SHA2
   1850 /*
   1851  * HMAC SHA2-512
   1852  */
   1853 vchar_t *
   1854 eay_hmacsha2_512_one(key, data)
   1855 	vchar_t *key, *data;
   1856 {
   1857 	vchar_t *res;
   1858 	caddr_t ctx;
   1859 
   1860 	ctx = eay_hmacsha2_512_init(key);
   1861 	eay_hmacsha2_512_update(ctx, data);
   1862 	res = eay_hmacsha2_512_final(ctx);
   1863 
   1864 	return(res);
   1865 }
   1866 
   1867 caddr_t
   1868 eay_hmacsha2_512_init(key)
   1869 	vchar_t *key;
   1870 {
   1871 	return eay_hmac_init(key, EVP_sha2_512());
   1872 }
   1873 
   1874 void
   1875 eay_hmacsha2_512_update(c, data)
   1876 	caddr_t c;
   1877 	vchar_t *data;
   1878 {
   1879 	HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
   1880 }
   1881 
   1882 vchar_t *
   1883 eay_hmacsha2_512_final(c)
   1884 	caddr_t c;
   1885 {
   1886 	vchar_t *res;
   1887 	unsigned int l;
   1888 
   1889 	if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
   1890 		return NULL;
   1891 
   1892 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
   1893 	res->l = l;
   1894 	HMAC_cleanup((HMAC_CTX *)c);
   1895 	(void)racoon_free(c);
   1896 
   1897 	if (SHA512_DIGEST_LENGTH != res->l) {
   1898 		plog(LLV_ERROR, LOCATION, NULL,
   1899 			"hmac sha2_512 length mismatch %zd.\n", res->l);
   1900 		vfree(res);
   1901 		return NULL;
   1902 	}
   1903 
   1904 	return(res);
   1905 }
   1906 
   1907 /*
   1908  * HMAC SHA2-384
   1909  */
   1910 vchar_t *
   1911 eay_hmacsha2_384_one(key, data)
   1912 	vchar_t *key, *data;
   1913 {
   1914 	vchar_t *res;
   1915 	caddr_t ctx;
   1916 
   1917 	ctx = eay_hmacsha2_384_init(key);
   1918 	eay_hmacsha2_384_update(ctx, data);
   1919 	res = eay_hmacsha2_384_final(ctx);
   1920 
   1921 	return(res);
   1922 }
   1923 
   1924 caddr_t
   1925 eay_hmacsha2_384_init(key)
   1926 	vchar_t *key;
   1927 {
   1928 	return eay_hmac_init(key, EVP_sha2_384());
   1929 }
   1930 
   1931 void
   1932 eay_hmacsha2_384_update(c, data)
   1933 	caddr_t c;
   1934 	vchar_t *data;
   1935 {
   1936 	HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
   1937 }
   1938 
   1939 vchar_t *
   1940 eay_hmacsha2_384_final(c)
   1941 	caddr_t c;
   1942 {
   1943 	vchar_t *res;
   1944 	unsigned int l;
   1945 
   1946 	if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
   1947 		return NULL;
   1948 
   1949 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
   1950 	res->l = l;
   1951 	HMAC_cleanup((HMAC_CTX *)c);
   1952 	(void)racoon_free(c);
   1953 
   1954 	if (SHA384_DIGEST_LENGTH != res->l) {
   1955 		plog(LLV_ERROR, LOCATION, NULL,
   1956 			"hmac sha2_384 length mismatch %zd.\n", res->l);
   1957 		vfree(res);
   1958 		return NULL;
   1959 	}
   1960 
   1961 	return(res);
   1962 }
   1963 
   1964 /*
   1965  * HMAC SHA2-256
   1966  */
   1967 vchar_t *
   1968 eay_hmacsha2_256_one(key, data)
   1969 	vchar_t *key, *data;
   1970 {
   1971 	vchar_t *res;
   1972 	caddr_t ctx;
   1973 
   1974 	ctx = eay_hmacsha2_256_init(key);
   1975 	eay_hmacsha2_256_update(ctx, data);
   1976 	res = eay_hmacsha2_256_final(ctx);
   1977 
   1978 	return(res);
   1979 }
   1980 
   1981 caddr_t
   1982 eay_hmacsha2_256_init(key)
   1983 	vchar_t *key;
   1984 {
   1985 	return eay_hmac_init(key, EVP_sha2_256());
   1986 }
   1987 
   1988 void
   1989 eay_hmacsha2_256_update(c, data)
   1990 	caddr_t c;
   1991 	vchar_t *data;
   1992 {
   1993 	HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
   1994 }
   1995 
   1996 vchar_t *
   1997 eay_hmacsha2_256_final(c)
   1998 	caddr_t c;
   1999 {
   2000 	vchar_t *res;
   2001 	unsigned int l;
   2002 
   2003 	if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
   2004 		return NULL;
   2005 
   2006 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
   2007 	res->l = l;
   2008 	HMAC_cleanup((HMAC_CTX *)c);
   2009 	(void)racoon_free(c);
   2010 
   2011 	if (SHA256_DIGEST_LENGTH != res->l) {
   2012 		plog(LLV_ERROR, LOCATION, NULL,
   2013 			"hmac sha2_256 length mismatch %zd.\n", res->l);
   2014 		vfree(res);
   2015 		return NULL;
   2016 	}
   2017 
   2018 	return(res);
   2019 }
   2020 #endif	/* WITH_SHA2 */
   2021 
   2022 /*
   2023  * HMAC SHA1
   2024  */
   2025 vchar_t *
   2026 eay_hmacsha1_one(key, data)
   2027 	vchar_t *key, *data;
   2028 {
   2029 	vchar_t *res;
   2030 	caddr_t ctx;
   2031 
   2032 	ctx = eay_hmacsha1_init(key);
   2033 	eay_hmacsha1_update(ctx, data);
   2034 	res = eay_hmacsha1_final(ctx);
   2035 
   2036 	return(res);
   2037 }
   2038 
   2039 caddr_t
   2040 eay_hmacsha1_init(key)
   2041 	vchar_t *key;
   2042 {
   2043 	return eay_hmac_init(key, EVP_sha1());
   2044 }
   2045 
   2046 void
   2047 eay_hmacsha1_update(c, data)
   2048 	caddr_t c;
   2049 	vchar_t *data;
   2050 {
   2051 	HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
   2052 }
   2053 
   2054 vchar_t *
   2055 eay_hmacsha1_final(c)
   2056 	caddr_t c;
   2057 {
   2058 	vchar_t *res;
   2059 	unsigned int l;
   2060 
   2061 	if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
   2062 		return NULL;
   2063 
   2064 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
   2065 	res->l = l;
   2066 	HMAC_cleanup((HMAC_CTX *)c);
   2067 	(void)racoon_free(c);
   2068 
   2069 	if (SHA_DIGEST_LENGTH != res->l) {
   2070 		plog(LLV_ERROR, LOCATION, NULL,
   2071 			"hmac sha1 length mismatch %zd.\n", res->l);
   2072 		vfree(res);
   2073 		return NULL;
   2074 	}
   2075 
   2076 	return(res);
   2077 }
   2078 
   2079 /*
   2080  * HMAC MD5
   2081  */
   2082 vchar_t *
   2083 eay_hmacmd5_one(key, data)
   2084 	vchar_t *key, *data;
   2085 {
   2086 	vchar_t *res;
   2087 	caddr_t ctx;
   2088 
   2089 	ctx = eay_hmacmd5_init(key);
   2090 	eay_hmacmd5_update(ctx, data);
   2091 	res = eay_hmacmd5_final(ctx);
   2092 
   2093 	return(res);
   2094 }
   2095 
   2096 caddr_t
   2097 eay_hmacmd5_init(key)
   2098 	vchar_t *key;
   2099 {
   2100 	return eay_hmac_init(key, EVP_md5());
   2101 }
   2102 
   2103 void
   2104 eay_hmacmd5_update(c, data)
   2105 	caddr_t c;
   2106 	vchar_t *data;
   2107 {
   2108 	HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
   2109 }
   2110 
   2111 vchar_t *
   2112 eay_hmacmd5_final(c)
   2113 	caddr_t c;
   2114 {
   2115 	vchar_t *res;
   2116 	unsigned int l;
   2117 
   2118 	if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
   2119 		return NULL;
   2120 
   2121 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
   2122 	res->l = l;
   2123 	HMAC_cleanup((HMAC_CTX *)c);
   2124 	(void)racoon_free(c);
   2125 
   2126 	if (MD5_DIGEST_LENGTH != res->l) {
   2127 		plog(LLV_ERROR, LOCATION, NULL,
   2128 			"hmac md5 length mismatch %zd.\n", res->l);
   2129 		vfree(res);
   2130 		return NULL;
   2131 	}
   2132 
   2133 	return(res);
   2134 }
   2135 
   2136 #ifdef WITH_SHA2
   2137 /*
   2138  * SHA2-512 functions
   2139  */
   2140 caddr_t
   2141 eay_sha2_512_init()
   2142 {
   2143 	SHA512_CTX *c = racoon_malloc(sizeof(*c));
   2144 
   2145 	SHA512_Init(c);
   2146 
   2147 	return((caddr_t)c);
   2148 }
   2149 
   2150 void
   2151 eay_sha2_512_update(c, data)
   2152 	caddr_t c;
   2153 	vchar_t *data;
   2154 {
   2155 	SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
   2156 
   2157 	return;
   2158 }
   2159 
   2160 vchar_t *
   2161 eay_sha2_512_final(c)
   2162 	caddr_t c;
   2163 {
   2164 	vchar_t *res;
   2165 
   2166 	if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
   2167 		return(0);
   2168 
   2169 	SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
   2170 	(void)racoon_free(c);
   2171 
   2172 	return(res);
   2173 }
   2174 
   2175 vchar_t *
   2176 eay_sha2_512_one(data)
   2177 	vchar_t *data;
   2178 {
   2179 	caddr_t ctx;
   2180 	vchar_t *res;
   2181 
   2182 	ctx = eay_sha2_512_init();
   2183 	eay_sha2_512_update(ctx, data);
   2184 	res = eay_sha2_512_final(ctx);
   2185 
   2186 	return(res);
   2187 }
   2188 
   2189 int
   2190 eay_sha2_512_hashlen()
   2191 {
   2192 	return SHA512_DIGEST_LENGTH << 3;
   2193 }
   2194 #endif
   2195 
   2196 #ifdef WITH_SHA2
   2197 /*
   2198  * SHA2-384 functions
   2199  */
   2200 caddr_t
   2201 eay_sha2_384_init()
   2202 {
   2203 	SHA384_CTX *c = racoon_malloc(sizeof(*c));
   2204 
   2205 	SHA384_Init(c);
   2206 
   2207 	return((caddr_t)c);
   2208 }
   2209 
   2210 void
   2211 eay_sha2_384_update(c, data)
   2212 	caddr_t c;
   2213 	vchar_t *data;
   2214 {
   2215 	SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
   2216 
   2217 	return;
   2218 }
   2219 
   2220 vchar_t *
   2221 eay_sha2_384_final(c)
   2222 	caddr_t c;
   2223 {
   2224 	vchar_t *res;
   2225 
   2226 	if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
   2227 		return(0);
   2228 
   2229 	SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
   2230 	(void)racoon_free(c);
   2231 
   2232 	return(res);
   2233 }
   2234 
   2235 vchar_t *
   2236 eay_sha2_384_one(data)
   2237 	vchar_t *data;
   2238 {
   2239 	caddr_t ctx;
   2240 	vchar_t *res;
   2241 
   2242 	ctx = eay_sha2_384_init();
   2243 	eay_sha2_384_update(ctx, data);
   2244 	res = eay_sha2_384_final(ctx);
   2245 
   2246 	return(res);
   2247 }
   2248 
   2249 int
   2250 eay_sha2_384_hashlen()
   2251 {
   2252 	return SHA384_DIGEST_LENGTH << 3;
   2253 }
   2254 #endif
   2255 
   2256 #ifdef WITH_SHA2
   2257 /*
   2258  * SHA2-256 functions
   2259  */
   2260 caddr_t
   2261 eay_sha2_256_init()
   2262 {
   2263 	SHA256_CTX *c = racoon_malloc(sizeof(*c));
   2264 
   2265 	SHA256_Init(c);
   2266 
   2267 	return((caddr_t)c);
   2268 }
   2269 
   2270 void
   2271 eay_sha2_256_update(c, data)
   2272 	caddr_t c;
   2273 	vchar_t *data;
   2274 {
   2275 	SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
   2276 
   2277 	return;
   2278 }
   2279 
   2280 vchar_t *
   2281 eay_sha2_256_final(c)
   2282 	caddr_t c;
   2283 {
   2284 	vchar_t *res;
   2285 
   2286 	if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
   2287 		return(0);
   2288 
   2289 	SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
   2290 	(void)racoon_free(c);
   2291 
   2292 	return(res);
   2293 }
   2294 
   2295 vchar_t *
   2296 eay_sha2_256_one(data)
   2297 	vchar_t *data;
   2298 {
   2299 	caddr_t ctx;
   2300 	vchar_t *res;
   2301 
   2302 	ctx = eay_sha2_256_init();
   2303 	eay_sha2_256_update(ctx, data);
   2304 	res = eay_sha2_256_final(ctx);
   2305 
   2306 	return(res);
   2307 }
   2308 
   2309 int
   2310 eay_sha2_256_hashlen()
   2311 {
   2312 	return SHA256_DIGEST_LENGTH << 3;
   2313 }
   2314 #endif
   2315 
   2316 /*
   2317  * SHA functions
   2318  */
   2319 caddr_t
   2320 eay_sha1_init()
   2321 {
   2322 	SHA_CTX *c = racoon_malloc(sizeof(*c));
   2323 
   2324 	SHA1_Init(c);
   2325 
   2326 	return((caddr_t)c);
   2327 }
   2328 
   2329 void
   2330 eay_sha1_update(c, data)
   2331 	caddr_t c;
   2332 	vchar_t *data;
   2333 {
   2334 	SHA1_Update((SHA_CTX *)c, data->v, data->l);
   2335 
   2336 	return;
   2337 }
   2338 
   2339 vchar_t *
   2340 eay_sha1_final(c)
   2341 	caddr_t c;
   2342 {
   2343 	vchar_t *res;
   2344 
   2345 	if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
   2346 		return(0);
   2347 
   2348 	SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
   2349 	(void)racoon_free(c);
   2350 
   2351 	return(res);
   2352 }
   2353 
   2354 vchar_t *
   2355 eay_sha1_one(data)
   2356 	vchar_t *data;
   2357 {
   2358 	caddr_t ctx;
   2359 	vchar_t *res;
   2360 
   2361 	ctx = eay_sha1_init();
   2362 	eay_sha1_update(ctx, data);
   2363 	res = eay_sha1_final(ctx);
   2364 
   2365 	return(res);
   2366 }
   2367 
   2368 int
   2369 eay_sha1_hashlen()
   2370 {
   2371 	return SHA_DIGEST_LENGTH << 3;
   2372 }
   2373 
   2374 /*
   2375  * MD5 functions
   2376  */
   2377 caddr_t
   2378 eay_md5_init()
   2379 {
   2380 	MD5_CTX *c = racoon_malloc(sizeof(*c));
   2381 
   2382 	MD5_Init(c);
   2383 
   2384 	return((caddr_t)c);
   2385 }
   2386 
   2387 void
   2388 eay_md5_update(c, data)
   2389 	caddr_t c;
   2390 	vchar_t *data;
   2391 {
   2392 	MD5_Update((MD5_CTX *)c, data->v, data->l);
   2393 
   2394 	return;
   2395 }
   2396 
   2397 vchar_t *
   2398 eay_md5_final(c)
   2399 	caddr_t c;
   2400 {
   2401 	vchar_t *res;
   2402 
   2403 	if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
   2404 		return(0);
   2405 
   2406 	MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
   2407 	(void)racoon_free(c);
   2408 
   2409 	return(res);
   2410 }
   2411 
   2412 vchar_t *
   2413 eay_md5_one(data)
   2414 	vchar_t *data;
   2415 {
   2416 	caddr_t ctx;
   2417 	vchar_t *res;
   2418 
   2419 	ctx = eay_md5_init();
   2420 	eay_md5_update(ctx, data);
   2421 	res = eay_md5_final(ctx);
   2422 
   2423 	return(res);
   2424 }
   2425 
   2426 int
   2427 eay_md5_hashlen()
   2428 {
   2429 	return MD5_DIGEST_LENGTH << 3;
   2430 }
   2431 
   2432 /*
   2433  * eay_set_random
   2434  *   size: number of bytes.
   2435  */
   2436 vchar_t *
   2437 eay_set_random(size)
   2438 	u_int32_t size;
   2439 {
   2440 	BIGNUM *r = NULL;
   2441 	vchar_t *res = 0;
   2442 
   2443 	if ((r = BN_new()) == NULL)
   2444 		goto end;
   2445 	BN_rand(r, size * 8, 0, 0);
   2446 	eay_bn2v(&res, r);
   2447 
   2448 end:
   2449 	if (r)
   2450 		BN_free(r);
   2451 	return(res);
   2452 }
   2453 
   2454 /* DH */
   2455 int
   2456 eay_dh_generate(prime, g, publen, pub, priv)
   2457 	vchar_t *prime, **pub, **priv;
   2458 	u_int publen;
   2459 	u_int32_t g;
   2460 {
   2461 	BIGNUM *p = NULL;
   2462 	DH *dh = NULL;
   2463 	int error = -1;
   2464 
   2465 	/* initialize */
   2466 	/* pre-process to generate number */
   2467 	if (eay_v2bn(&p, prime) < 0)
   2468 		goto end;
   2469 
   2470 	if ((dh = DH_new()) == NULL)
   2471 		goto end;
   2472 	dh->p = p;
   2473 	p = NULL;	/* p is now part of dh structure */
   2474 	dh->g = NULL;
   2475 	if ((dh->g = BN_new()) == NULL)
   2476 		goto end;
   2477 	if (!BN_set_word(dh->g, g))
   2478 		goto end;
   2479 
   2480 	if (publen != 0) {
   2481 #if defined(OPENSSL_IS_BORINGSSL)
   2482 		dh->priv_length = publen;
   2483 #else
   2484 		dh->length = publen;
   2485 #endif
   2486 	}
   2487 
   2488 	/* generate public and private number */
   2489 	if (!DH_generate_key(dh))
   2490 		goto end;
   2491 
   2492 	/* copy results to buffers */
   2493 	if (eay_bn2v(pub, dh->pub_key) < 0)
   2494 		goto end;
   2495 	if (eay_bn2v(priv, dh->priv_key) < 0) {
   2496 		vfree(*pub);
   2497 		goto end;
   2498 	}
   2499 
   2500 	error = 0;
   2501 
   2502 end:
   2503 	if (dh != NULL)
   2504 		DH_free(dh);
   2505 	if (p != 0)
   2506 		BN_free(p);
   2507 	return(error);
   2508 }
   2509 
   2510 int
   2511 eay_dh_compute(prime, g, pub, priv, pub2, key)
   2512 	vchar_t *prime, *pub, *priv, *pub2, **key;
   2513 	u_int32_t g;
   2514 {
   2515 	BIGNUM *dh_pub = NULL;
   2516 	DH *dh = NULL;
   2517 	int l;
   2518 	unsigned char *v = NULL;
   2519 	int error = -1;
   2520 
   2521 	/* make public number to compute */
   2522 	if (eay_v2bn(&dh_pub, pub2) < 0)
   2523 		goto end;
   2524 
   2525 	/* make DH structure */
   2526 	if ((dh = DH_new()) == NULL)
   2527 		goto end;
   2528 	if (eay_v2bn(&dh->p, prime) < 0)
   2529 		goto end;
   2530 	if (eay_v2bn(&dh->pub_key, pub) < 0)
   2531 		goto end;
   2532 	if (eay_v2bn(&dh->priv_key, priv) < 0)
   2533 		goto end;
   2534 #if defined(OPENSSL_IS_BORINGSSL)
   2535 	dh->priv_length = pub2->l * 8;
   2536 #else
   2537 	dh->length = pub2->l * 8;
   2538 #endif
   2539 
   2540 	dh->g = NULL;
   2541 	if ((dh->g = BN_new()) == NULL)
   2542 		goto end;
   2543 	if (!BN_set_word(dh->g, g))
   2544 		goto end;
   2545 
   2546 	if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
   2547 		goto end;
   2548 	if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
   2549 		goto end;
   2550 	memcpy((*key)->v + (prime->l - l), v, l);
   2551 
   2552 	error = 0;
   2553 
   2554 end:
   2555 	if (dh_pub != NULL)
   2556 		BN_free(dh_pub);
   2557 	if (dh != NULL)
   2558 		DH_free(dh);
   2559 	if (v != NULL)
   2560 		racoon_free(v);
   2561 	return(error);
   2562 }
   2563 
   2564 /*
   2565  * convert vchar_t <-> BIGNUM.
   2566  *
   2567  * vchar_t: unit is u_char, network endian, most significant byte first.
   2568  * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
   2569  *	least significant BN_ULONG must come first.
   2570  *
   2571  * hex value of "0x3ffe050104" is represented as follows:
   2572  *	vchar_t: 3f fe 05 01 04
   2573  *	BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
   2574  *	BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
   2575  *	BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
   2576  */
   2577 int
   2578 eay_v2bn(bn, var)
   2579 	BIGNUM **bn;
   2580 	vchar_t *var;
   2581 {
   2582 	if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
   2583 		return -1;
   2584 
   2585 	return 0;
   2586 }
   2587 
   2588 int
   2589 eay_bn2v(var, bn)
   2590 	vchar_t **var;
   2591 	BIGNUM *bn;
   2592 {
   2593 #if defined(ANDROID_CHANGES)
   2594 	*var = vmalloc(BN_num_bytes(bn));
   2595 #else
   2596 	*var = vmalloc(bn->top * BN_BYTES);
   2597 #endif
   2598 	if (*var == NULL)
   2599 		return(-1);
   2600 
   2601 	(*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
   2602 
   2603 	return 0;
   2604 }
   2605 
   2606 void
   2607 eay_init()
   2608 {
   2609 	OpenSSL_add_all_algorithms();
   2610 	ERR_load_crypto_strings();
   2611 #ifdef HAVE_OPENSSL_ENGINE_H
   2612 	ENGINE_load_builtin_engines();
   2613 	ENGINE_register_all_complete();
   2614 #endif
   2615 }
   2616 
   2617 vchar_t *
   2618 base64_decode(char *in, long inlen)
   2619 {
   2620 #if defined(OPENSSL_IS_BORINGSSL)
   2621 	vchar_t *res;
   2622 	size_t decoded_size;
   2623 
   2624 	if (!EVP_DecodedLength(&decoded_size, inlen)) {
   2625 		return NULL;
   2626 	}
   2627 	res = vmalloc(decoded_size);
   2628 	if (res == NULL) {
   2629 		return NULL;
   2630 	}
   2631 	if (!EVP_DecodeBase64((uint8_t*) res->v, &res->l, decoded_size, (uint8_t*) in, inlen)) {
   2632 		vfree(res);
   2633 		return NULL;
   2634 	}
   2635 	return res;
   2636 #else
   2637 	BIO *bio=NULL, *b64=NULL;
   2638 	vchar_t *res = NULL;
   2639 	char *outb;
   2640 	long outlen;
   2641 
   2642 	outb = malloc(inlen * 2);
   2643 	if (outb == NULL)
   2644 		goto out;
   2645 	bio = BIO_new_mem_buf(in, inlen);
   2646 	b64 = BIO_new(BIO_f_base64());
   2647 	BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
   2648 	bio = BIO_push(b64, bio);
   2649 
   2650 	outlen = BIO_read(bio, outb, inlen * 2);
   2651 	if (outlen <= 0) {
   2652 		plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
   2653 		goto out;
   2654 	}
   2655 
   2656 	res = vmalloc(outlen);
   2657 	if (!res)
   2658 		goto out;
   2659 
   2660 	memcpy(res->v, outb, outlen);
   2661 
   2662 out:
   2663 	if (outb)
   2664 		free(outb);
   2665 	if (bio)
   2666 		BIO_free_all(bio);
   2667 
   2668 	return res;
   2669 #endif
   2670 }
   2671 
   2672 vchar_t *
   2673 base64_encode(char *in, long inlen)
   2674 {
   2675 #if defined(OPENSSL_IS_BORINGSSL)
   2676 	vchar_t *res;
   2677 	size_t encoded_size;
   2678 
   2679 	if (!EVP_EncodedLength(&encoded_size, inlen)) {
   2680 		return NULL;
   2681 	}
   2682 	res = vmalloc(encoded_size+1);
   2683 	if (res == NULL) {
   2684 		return NULL;
   2685 	}
   2686 	EVP_EncodeBlock((uint8_t*) res->v, (uint8_t*) in, inlen);
   2687 	res->v[encoded_size] = 0;
   2688 	return res;
   2689 #else
   2690 	BIO *bio=NULL, *b64=NULL;
   2691 	char *ptr;
   2692 	long plen = -1;
   2693 	vchar_t *res = NULL;
   2694 
   2695 	bio = BIO_new(BIO_s_mem());
   2696 	b64 = BIO_new(BIO_f_base64());
   2697 	BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
   2698 	bio = BIO_push(b64, bio);
   2699 
   2700 	BIO_write(bio, in, inlen);
   2701 	BIO_flush(bio);
   2702 
   2703 	plen = BIO_get_mem_data(bio, &ptr);
   2704 	res = vmalloc(plen+1);
   2705 	if (!res)
   2706 		goto out;
   2707 
   2708 	memcpy (res->v, ptr, plen);
   2709 	res->v[plen] = '\0';
   2710 
   2711 out:
   2712 	if (bio)
   2713 		BIO_free_all(bio);
   2714 
   2715 	return res;
   2716 #endif
   2717 }
   2718 
   2719 static RSA *
   2720 binbuf_pubkey2rsa(vchar_t *binbuf)
   2721 {
   2722 	BIGNUM *exp, *mod;
   2723 	RSA *rsa_pub = NULL;
   2724 
   2725 	if (binbuf->v[0] > binbuf->l - 1) {
   2726 		plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
   2727 		goto out;
   2728 	}
   2729 
   2730 	exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
   2731 	mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
   2732 			binbuf->l - binbuf->v[0] - 1, NULL);
   2733 	rsa_pub = RSA_new();
   2734 
   2735 	if (!exp || !mod || !rsa_pub) {
   2736 		plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
   2737 		if (exp)
   2738 			BN_free(exp);
   2739 		if (mod)
   2740 			BN_free(exp);
   2741 		if (rsa_pub)
   2742 			RSA_free(rsa_pub);
   2743 		rsa_pub = NULL;
   2744 		goto out;
   2745 	}
   2746 
   2747 	rsa_pub->n = mod;
   2748 	rsa_pub->e = exp;
   2749 
   2750 out:
   2751 	return rsa_pub;
   2752 }
   2753 
   2754 RSA *
   2755 base64_pubkey2rsa(char *in)
   2756 {
   2757 	BIGNUM *exp, *mod;
   2758 	RSA *rsa_pub = NULL;
   2759 	vchar_t *binbuf;
   2760 
   2761 	if (strncmp(in, "0s", 2) != 0) {
   2762 		plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
   2763 		return NULL;
   2764 	}
   2765 
   2766 	binbuf = base64_decode(in + 2, strlen(in + 2));
   2767 	if (!binbuf) {
   2768 		plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
   2769 		return NULL;
   2770 	}
   2771 
   2772 	if (binbuf->v[0] > binbuf->l - 1) {
   2773 		plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
   2774 		goto out;
   2775 	}
   2776 
   2777 	rsa_pub = binbuf_pubkey2rsa(binbuf);
   2778 
   2779 out:
   2780 	if (binbuf)
   2781 		vfree(binbuf);
   2782 
   2783 	return rsa_pub;
   2784 }
   2785 
   2786 RSA *
   2787 bignum_pubkey2rsa(BIGNUM *in)
   2788 {
   2789 	RSA *rsa_pub = NULL;
   2790 	vchar_t *binbuf;
   2791 
   2792 	binbuf = vmalloc(BN_num_bytes(in));
   2793 	if (!binbuf) {
   2794 		plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
   2795 		return NULL;
   2796 	}
   2797 
   2798 	BN_bn2bin(in, (unsigned char *) binbuf->v);
   2799 
   2800 	rsa_pub = binbuf_pubkey2rsa(binbuf);
   2801 
   2802 out:
   2803 	if (binbuf)
   2804 		vfree(binbuf);
   2805 
   2806 	return rsa_pub;
   2807 }
   2808 
   2809 u_int32_t
   2810 eay_random()
   2811 {
   2812 	u_int32_t result;
   2813 	vchar_t *vrand;
   2814 
   2815 	vrand = eay_set_random(sizeof(result));
   2816 	memcpy(&result, vrand->v, sizeof(result));
   2817 	vfree(vrand);
   2818 
   2819 	return result;
   2820 }
   2821 
   2822 const char *
   2823 eay_version()
   2824 {
   2825 #if defined(OPENSSL_IS_BORINGSSL)
   2826 	return "(BoringSSL)";
   2827 #else
   2828 	return SSLeay_version(SSLEAY_VERSION);
   2829 #endif
   2830 }
   2831