summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
authorHakan Olsson <ho@cvs.openbsd.org>2002-06-10 18:09:00 +0000
committerHakan Olsson <ho@cvs.openbsd.org>2002-06-10 18:09:00 +0000
commit2bad24d48d7d5d6600e54f58f739b9721511d3ef (patch)
tree82d021bca39c9e9fa98407a476d84f353c2c9d1d /sbin/isakmpd
parent2c5d74d6bbb48ebdd6e6c66fcad23e407a71c75d (diff)
The dlopen() stuff goes away.
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/Makefile7
-rw-r--r--sbin/isakmpd/dnssec.c14
-rw-r--r--sbin/isakmpd/dyn.c82
-rw-r--r--sbin/isakmpd/dyn.h54
-rw-r--r--sbin/isakmpd/exchange.c4
-rw-r--r--sbin/isakmpd/ike_auth.c64
-rw-r--r--sbin/isakmpd/ike_quick_mode.c43
-rw-r--r--sbin/isakmpd/init.c5
-rw-r--r--sbin/isakmpd/key.c23
-rw-r--r--sbin/isakmpd/libcrypto.c185
-rw-r--r--sbin/isakmpd/libcrypto.h136
-rw-r--r--sbin/isakmpd/policy.c85
-rw-r--r--sbin/isakmpd/policy.h34
-rw-r--r--sbin/isakmpd/regress/rsakeygen/rsakeygen.c42
-rw-r--r--sbin/isakmpd/regress/x509/x509test.c40
-rw-r--r--sbin/isakmpd/sa.c4
-rw-r--r--sbin/isakmpd/sysdep/bsdi/GNUmakefile.sysdep3
-rw-r--r--sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep4
-rw-r--r--sbin/isakmpd/sysdep/linux/Makefile.sysdep8
-rw-r--r--sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep3
-rw-r--r--sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep10
-rw-r--r--sbin/isakmpd/sysdep/openbsd/Makefile.sysdep8
-rw-r--r--sbin/isakmpd/x509.c154
23 files changed, 208 insertions, 804 deletions
diff --git a/sbin/isakmpd/Makefile b/sbin/isakmpd/Makefile
index 1d0fe019263..ac9e35cf432 100644
--- a/sbin/isakmpd/Makefile
+++ b/sbin/isakmpd/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.45 2002/03/05 00:10:56 deraadt Exp $
+# $OpenBSD: Makefile,v 1.46 2002/06/10 18:08:58 ho Exp $
# $EOM: Makefile,v 1.78 2000/10/15 21:33:42 niklas Exp $
#
@@ -154,11 +154,6 @@ DPADD+= ${LIBGMP}
CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_OPENSSL
.endif
-.ifdef HAVE_DLOPEN
-CFLAGS+= -DHAVE_DLOPEN
-SRCS+= dyn.c
-.endif
-
.ifdef USE_KEYNOTE
USE_LIBCRYPTO= yes
USE_LIBDES= yes
diff --git a/sbin/isakmpd/dnssec.c b/sbin/isakmpd/dnssec.c
index e0482300a3c..ceb5092cc9a 100644
--- a/sbin/isakmpd/dnssec.c
+++ b/sbin/isakmpd/dnssec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dnssec.c,v 1.13 2002/06/09 08:13:06 todd Exp $ */
+/* $OpenBSD: dnssec.c,v 1.14 2002/06/10 18:08:58 ho Exp $ */
/*
* Copyright (c) 2001 Håkan Olsson. All rights reserved.
@@ -264,7 +264,7 @@ dns_RSA_dns_to_x509 (u_int8_t *key, int keylen, RSA **rsa_key)
return -1;
}
- rsa = LC (RSA_new, ());
+ rsa = RSA_new ();
if (rsa == NULL)
{
log_error ("dns_RSA_dns_to_x509: failed to allocate new RSA struct");
@@ -279,7 +279,7 @@ dns_RSA_dns_to_x509 (u_int8_t *key, int keylen, RSA **rsa_key)
if (keylen < 3)
{
log_print ("dns_RSA_dns_to_x509: invalid public key");
- LC (RSA_free, (rsa));
+ RSA_free (rsa);
return -1;
}
e_len = *(key + key_offset++) << 8;
@@ -289,21 +289,21 @@ dns_RSA_dns_to_x509 (u_int8_t *key, int keylen, RSA **rsa_key)
if (e_len > (keylen - key_offset))
{
log_print ("dns_RSA_dns_to_x509: invalid public key");
- LC (RSA_free, (rsa));
+ RSA_free (rsa);
return -1;
}
- rsa->e = LC (BN_bin2bn, (key + key_offset, e_len, NULL));
+ rsa->e = BN_bin2bn (key + key_offset, e_len, NULL);
key_offset += e_len;
/* XXX if (keylen <= key_offset) -> "invalid public key" ? */
- rsa->n = LC (BN_bin2bn, (key + key_offset, keylen - key_offset, NULL));
+ rsa->n = BN_bin2bn (key + key_offset, keylen - key_offset, NULL);
*rsa_key = rsa;
LOG_DBG ((LOG_MISC, 30, "dns_RSA_dns_to_x509: got %d bits RSA key",
- LC (BN_num_bits, (rsa->n))));
+ BN_num_bits (rsa->n)));
return 0;
}
diff --git a/sbin/isakmpd/dyn.c b/sbin/isakmpd/dyn.c
deleted file mode 100644
index a189c4d138d..00000000000
--- a/sbin/isakmpd/dyn.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/* $OpenBSD: dyn.c,v 1.1 1999/08/28 11:54:55 niklas Exp $ */
-/* $EOM: dyn.c,v 1.2 1999/08/26 11:13:36 niklas Exp $ */
-
-/*
- * Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Ericsson Radio Systems.
- * 4. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-#include <dlfcn.h>
-
-#include "sysdep.h"
-
-#include "dyn.h"
-#include "log.h"
-
-int
-dyn_load (struct dynload_script *scr)
-{
- int i;
- void **desc = 0;
-
- for (i = 0; scr[i].op != EOS; i++)
- switch (scr[i].op)
- {
- case LOAD:
- desc = scr[i].ptr;
- *desc = dlopen (scr[i].name, DL_LAZY);
- if (!*desc)
- {
- log_print ("dyn_load: dlopen (\"%s\", DL_LAZY) failed: %s",
- scr[i].name, dlerror ());
- return 0;
- }
- break;
-
- case SYM:
- if (!desc || !*desc)
- continue;
- *scr[i].ptr = dlsym (*desc, scr[i].name);
- if (!*scr[i].ptr)
- {
- log_print ("dyn_load: dlsym (\"%s\") failed: %s", scr[i].name,
- dlerror ());
- *desc = 0;
- return 0;
- }
- break;
-
- default:
- log_print ("dyn_load: bad operation (%d) on entry %d, ignoring",
- scr[i].op, i);
- }
- return 1;
-}
diff --git a/sbin/isakmpd/dyn.h b/sbin/isakmpd/dyn.h
deleted file mode 100644
index dbfeb70e9a4..00000000000
--- a/sbin/isakmpd/dyn.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/* $OpenBSD: dyn.h,v 1.1 1999/08/28 11:54:55 niklas Exp $ */
-/* $EOM: dyn.h,v 1.1 1999/08/12 22:34:27 niklas Exp $ */
-
-/*
- * Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Ericsson Radio Systems.
- * 4. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-#ifndef _DYN_H_
-#define _DYN_H_
-
-#ifdef SYMBOL_PREFIX
-#define SYM(x) SYMBOL_PREFIX #x
-#else
-#define SYM(x) #x
-#endif
-
-struct dynload_script {
- enum { LOAD, SYM, EOS } op;
- char *name;
- void **ptr;
-};
-
-int dyn_load (struct dynload_script *);
-
-#endif /* _DYN_H_ */
diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c
index 6da0b577059..553d7f62d4b 100644
--- a/sbin/isakmpd/exchange.c
+++ b/sbin/isakmpd/exchange.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: exchange.c,v 1.66 2002/06/07 19:53:19 ho Exp $ */
+/* $OpenBSD: exchange.c,v 1.67 2002/06/10 18:08:58 ho Exp $ */
/* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */
/*
@@ -1268,7 +1268,7 @@ exchange_free_aux (void *v_exch)
#if defined (POLICY) || defined (KEYNOTE)
if (exchange->policy_id != -1)
- LK (kn_close, (exchange->policy_id));
+ kn_close (exchange->policy_id);
#endif
exchange_free_aca_list (exchange);
diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index 0bfc004c542..5fac75637d1 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_auth.c,v 1.64 2002/06/09 08:13:06 todd Exp $ */
+/* $OpenBSD: ike_auth.c,v 1.65 2002/06/10 18:08:58 ho Exp $ */
/* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */
/*
@@ -194,10 +194,6 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)
case IKE_AUTH_RSA_SIG:
#if defined (USE_X509) || defined (USE_KEYNOTE)
-#ifdef HAVE_DLOPEN
- if (!libcrypto)
- return 0;
-#endif
#if defined (USE_KEYNOTE)
if (local_id &&
(keyfile = conf_get_str ("KeyNote", "Credential-directory")) != 0)
@@ -262,7 +258,7 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)
buf2 = kn_get_string (buf);
free (buf);
- if (LK (kn_decode_key, (&dc, buf2, KEYNOTE_PRIVATE_KEY)) == -1)
+ if (kn_decode_key (&dc, buf2, KEYNOTE_PRIVATE_KEY) == -1)
{
free (buf2);
log_print ("ike_auth_get_key: failed decoding key in \"%s\"",
@@ -278,7 +274,7 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)
log_print ("ike_auth_get_key: wrong algorithm type %d in \"%s\"",
dc.dec_algorithm, keyfile);
free (keyfile);
- LK (kn_free_key, (&dc));
+ kn_free_key (&dc);
return 0;
}
@@ -295,28 +291,28 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)
if (check_file_secrecy (keyfile, 0))
return 0;
- keyh = LC (BIO_new, (LC (BIO_s_file, ())));
+ keyh = BIO_new (BIO_s_file ());
if (keyh == NULL)
{
log_print ("ike_auth_get_key: "
"BIO_new (BIO_s_file ()) failed");
return 0;
}
- if (LC (BIO_read_filename, (keyh, keyfile)) == -1)
+ if (BIO_read_filename (keyh, keyfile) == -1)
{
log_print ("ike_auth_get_key: "
"BIO_read_filename (keyh, \"%s\") failed",
keyfile);
- LC (BIO_free, (keyh));
+ BIO_free (keyh);
return 0;
}
#if SSLEAY_VERSION_NUMBER >= 0x00904100L
- rsakey = LC (PEM_read_bio_RSAPrivateKey, (keyh, NULL, NULL, NULL));
+ rsakey = PEM_read_bio_RSAPrivateKey (keyh, NULL, NULL, NULL);
#else
- rsakey = LC (PEM_read_bio_RSAPrivateKey, (keyh, NULL, NULL));
+ rsakey = PEM_read_bio_RSAPrivateKey (keyh, NULL, NULL);
#endif
- LC (BIO_free, (keyh));
+ BIO_free (keyh);
if (!rsakey)
{
log_print ("ike_auth_get_key: PEM_read_bio_RSAPrivateKey failed");
@@ -625,7 +621,7 @@ rsa_sig_decode_hash (struct message *msg)
* We need the policy session initialized now, so we can add
* credentials etc.
*/
- exchange->policy_id = LK (kn_init, ());
+ exchange->policy_id = kn_init ();
if (exchange->policy_id == -1)
{
log_print ("rsa_sig_decode_hash: failed to initialize policy session");
@@ -761,11 +757,11 @@ rsa_sig_decode_hash (struct message *msg)
dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA;
dc.dec_key = key;
- pp = LK (kn_encode_key, (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
- KEYNOTE_PUBLIC_KEY));
+ pp = kn_encode_key (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
+ KEYNOTE_PUBLIC_KEY);
if (pp == NULL)
{
- LK (kn_free_key, (&dc));
+ kn_free_key (&dc);
log_print ("rsa_sig_decode_hash: failed to ASCII-encode key");
return -1;
}
@@ -775,7 +771,7 @@ rsa_sig_decode_hash (struct message *msg)
if (!exchange->keynote_key)
{
free (pp);
- LK (kn_free_key, (&dc));
+ kn_free_key (&dc);
log_print ("rsa_sig_decode_hash: failed to allocate %d bytes",
dclen);
return -1;
@@ -823,15 +819,15 @@ rsa_sig_decode_hash (struct message *msg)
if (!p)
{
log_print ("rsa_sig_decode_hash: missing signature payload");
- LC (RSA_free, (key));
+ RSA_free (key);
return -1;
}
/* Check that the sig is of the correct size. */
len = GET_ISAKMP_GEN_LENGTH (p->p) - ISAKMP_SIG_SZ;
- if (len != LC (RSA_size, (key)))
+ if (len != RSA_size (key))
{
- LC (RSA_free, (key));
+ RSA_free (key);
log_print ("rsa_sig_decode_hash: "
"SIG payload length does not match public key");
return -1;
@@ -840,16 +836,16 @@ rsa_sig_decode_hash (struct message *msg)
*hash_p = malloc (len);
if (!*hash_p)
{
- LC (RSA_free, (key));
+ RSA_free (key);
log_error ("rsa_sig_decode_hash: malloc (%d) failed", len);
return -1;
}
- len = LC (RSA_public_decrypt, (len, p->p + ISAKMP_SIG_DATA_OFF, *hash_p, key,
- RSA_PKCS1_PADDING));
+ len = RSA_public_decrypt (len, p->p + ISAKMP_SIG_DATA_OFF, *hash_p, key,
+ RSA_PKCS1_PADDING);
if (len == -1)
{
- LC (RSA_free, (key));
+ RSA_free (key);
log_print ("rsa_sig_decode_hash: RSA_public_decrypt () failed");
return -1;
}
@@ -1113,16 +1109,16 @@ rsa_sig_encode_hash (struct message *msg)
snprintf (header, 80, "rsa_sig_encode_hash: HASH_%c", initiator ? 'I' : 'R');
LOG_DBG_BUF ((LOG_MISC, 80, header, buf, hashsize));
- data = malloc (LC (RSA_size, (exchange->sent_key)));
+ data = malloc (RSA_size (exchange->sent_key));
if (!data)
{
log_error ("rsa_sig_encode_hash: malloc (%d) failed",
- LC (RSA_size, (exchange->sent_key)));
+ RSA_size (exchange->sent_key));
return -1;
}
- datalen = LC (RSA_private_encrypt, (hashsize, buf, data,
- exchange->sent_key, RSA_PKCS1_PADDING));
+ datalen = RSA_private_encrypt (hashsize, buf, data, exchange->sent_key,
+ RSA_PKCS1_PADDING);
if (datalen == -1)
{
log_print ("rsa_sig_encode_hash: RSA_private_encrypt () failed");
@@ -1230,23 +1226,23 @@ get_raw_key_from_file (int type, u_int8_t *id, size_t id_len, RSA **rsa)
/* If the file does not exist, fail silently. */
if (stat (filename, &st) == 0)
{
- bio = LC (BIO_new, (LC (BIO_s_file, ())));
+ bio = BIO_new (BIO_s_file ());
if (!bio)
{
log_error ("get_raw_key_from_file: could not initialize BIO");
return -1;
}
- if (LC (BIO_read_filename, (bio, filename)) <= 0)
+ if (BIO_read_filename (bio, filename) <= 0)
{
LOG_DBG((LOG_NEGOTIATION, 50, "get_raw_key_from_file: "
"BIO_read_filename(bio, \"%s\") failed", filename));
- LC (BIO_free, (bio));
+ BIO_free (bio);
return -1;
}
LOG_DBG((LOG_NEGOTIATION, 80, "get_raw_key_from_file: reading file %s",
filename));
- *rsa = LC (PEM_read_bio_RSA_PUBKEY, (bio, NULL, NULL, NULL));
- LC (BIO_free, (bio));
+ *rsa = PEM_read_bio_RSA_PUBKEY (bio, NULL, NULL, NULL);
+ BIO_free (bio);
}
else
LOG_DBG((LOG_NEGOTIATION, 50, "get_raw_key_from_file: file %s not found",
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c
index a8030e0d317..0272dec11c9 100644
--- a/sbin/isakmpd/ike_quick_mode.c
+++ b/sbin/isakmpd/ike_quick_mode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_quick_mode.c,v 1.62 2002/06/07 21:59:22 ho Exp $ */
+/* $OpenBSD: ike_quick_mode.c,v 1.63 2002/06/10 18:08:58 ho Exp $ */
/* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */
/*
@@ -120,7 +120,7 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
/* Initialize if necessary -- e.g., if pre-shared key auth was used */
if (isakmp_sa->policy_id < 0)
{
- if ((isakmp_sa->policy_id = LK (kn_init, ())) == -1)
+ if ((isakmp_sa->policy_id = kn_init ()) == -1)
{
log_print ("check_policy: failed to initialize policy session");
return 0;
@@ -128,15 +128,13 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
}
/* Add the callback that will handle attributes. */
- if (LK (kn_add_action, (isakmp_sa->policy_id, ".*",
- (char *) policy_callback,
- ENVIRONMENT_FLAG_FUNC | ENVIRONMENT_FLAG_REGEX))
- == -1)
+ if (kn_add_action (isakmp_sa->policy_id, ".*", (char *) policy_callback,
+ ENVIRONMENT_FLAG_FUNC | ENVIRONMENT_FLAG_REGEX) == -1)
{
log_print ("check_policy: "
"kn_add_action (%d, \".*\", %p, FUNC | REGEX) failed",
isakmp_sa->policy_id, policy_callback);
- LK (kn_close, (isakmp_sa->policy_id));
+ kn_close (isakmp_sa->policy_id);
isakmp_sa->policy_id = -1;
return 0;
}
@@ -155,10 +153,10 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
/* Add the policy assertions */
for (i = 0; i < keynote_policy_asserts_num; i++)
- keynote_ids[i] = LK (kn_add_assertion, (isakmp_sa->policy_id,
- keynote_policy_asserts[i],
- strlen (keynote_policy_asserts[i]),
- ASSERT_FLAG_LOCAL));
+ keynote_ids[i] = kn_add_assertion (isakmp_sa->policy_id,
+ keynote_policy_asserts[i],
+ strlen (keynote_policy_asserts[i]),
+ ASSERT_FLAG_LOCAL);
/* Initialize -- we'll let the callback do all the work. */
policy_exchange = exchange;
@@ -275,9 +273,9 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
}
dc.dec_key = isakmp_sa->recv_key;
- principal[0] = LK (kn_encode_key, (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
- KEYNOTE_PUBLIC_KEY));
- if (LKV (keynote_errno) == ERROR_MEMORY)
+ principal[0] = kn_encode_key (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
+ KEYNOTE_PUBLIC_KEY);
+ if (keynote_errno == ERROR_MEMORY)
{
log_print ("check_policy: failed to get memory for public key");
goto policydone;
@@ -304,7 +302,7 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
principal[1] = 0;
/* Generate a "DN:" principal. */
- subject = LC (X509_get_subject_name, (isakmp_sa->recv_cert));
+ subject = X509_get_subject_name (isakmp_sa->recv_cert);
if (subject)
{
principal[1] = calloc (259, sizeof (char));
@@ -315,7 +313,7 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
goto policydone;
}
strlcpy (principal[1], "DN:", 259);
- LC (X509_NAME_oneline, (subject, principal[1] + 3, 256));
+ X509_NAME_oneline (subject, principal[1] + 3, 256);
nprinc = 2;
} else {
nprinc = 1;
@@ -350,29 +348,28 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
LOG_DBG ((LOG_POLICY, 40, "check_policy: adding authorizer [%s]",
principal[i]));
- if (LK (kn_add_authorizer, (isakmp_sa->policy_id, principal[i])) == -1)
+ if (kn_add_authorizer (isakmp_sa->policy_id, principal[i]) == -1)
{
int j;
for (j = 0; j < i; j++)
- LK (kn_remove_authorizer, (isakmp_sa->policy_id, principal[j]));
+ kn_remove_authorizer (isakmp_sa->policy_id, principal[j]);
log_print ("check_policy: kn_add_authorizer failed");
goto policydone;
}
}
/* Ask policy */
- result = LK (kn_do_query, (isakmp_sa->policy_id, return_values,
- RETVALUES_NUM));
+ result = kn_do_query (isakmp_sa->policy_id, return_values, RETVALUES_NUM);
LOG_DBG ((LOG_POLICY, 40, "check_policy: kn_do_query returned %d", result));
/* Cleanup environment */
- LK (kn_cleanup_action_environment, (isakmp_sa->policy_id));
+ kn_cleanup_action_environment (isakmp_sa->policy_id);
/* Remove authorizers from the session */
for (i = 0; i < nprinc; i++)
{
- LK (kn_remove_authorizer, (isakmp_sa->policy_id, principal[i]));
+ kn_remove_authorizer (isakmp_sa->policy_id, principal[i]);
free (principal[i]);
}
@@ -400,7 +397,7 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
for (i = 0; i < keynote_policy_asserts_num; i++)
{
if (keynote_ids[i] != -1)
- LK (kn_remove_assertion, (isakmp_sa->policy_id, keynote_ids[i]));
+ kn_remove_assertion (isakmp_sa->policy_id, keynote_ids[i]);
}
if (keynote_ids)
diff --git a/sbin/isakmpd/init.c b/sbin/isakmpd/init.c
index a9dd80a78f1..9516740f697 100644
--- a/sbin/isakmpd/init.c
+++ b/sbin/isakmpd/init.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: init.c,v 1.18 2001/12/10 03:34:51 ho Exp $ */
+/* $OpenBSD: init.c,v 1.19 2002/06/10 18:08:58 ho Exp $ */
/* $EOM: init.c,v 1.25 2000/03/30 14:27:24 ho Exp $ */
/*
@@ -117,9 +117,6 @@ reinit (void)
/* Reread config file. */
conf_reinit ();
- /* Try again to link in libcrypto (good if we started without /usr). */
- libcrypto_init ();
-
/* Set timezone */
tzset ();
diff --git a/sbin/isakmpd/key.c b/sbin/isakmpd/key.c
index 3e00f2142d1..eb717907be6 100644
--- a/sbin/isakmpd/key.c
+++ b/sbin/isakmpd/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.10 2002/06/01 07:44:21 deraadt Exp $ */
+/* $OpenBSD: key.c,v 1.11 2002/06/10 18:08:58 ho Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
@@ -24,7 +24,6 @@
#include "sysdep.h"
-#include "dyn.h"
#include "key.h"
#include "libcrypto.h"
#include "log.h"
@@ -40,7 +39,7 @@ key_free (int type, int private, void *key)
free (key);
break;
case ISAKMP_KEY_RSA:
- LC (RSA_free, (key));
+ RSA_free (key);
break;
case ISAKMP_KEY_NONE:
default:
@@ -65,7 +64,7 @@ key_serialize (int type, int private, void *key, u_int8_t **data, size_t *datale
switch (private)
{
case ISAKMP_KEYTYPE_PUBLIC:
- *datalen = LC (i2d_RSAPublicKey, ((RSA *)key, NULL));
+ *datalen = i2d_RSAPublicKey ((RSA *)key, NULL);
*data = p = malloc (*datalen);
if (!p)
{
@@ -73,11 +72,11 @@ key_serialize (int type, int private, void *key, u_int8_t **data, size_t *datale
(unsigned long)*datalen);
return;
}
- *datalen = LC (i2d_RSAPublicKey, ((RSA *)key, &p));
+ *datalen = i2d_RSAPublicKey ((RSA *)key, &p);
break;
case ISAKMP_KEYTYPE_PRIVATE:
- *datalen = LC (i2d_RSAPrivateKey, ((RSA *)key, NULL));
+ *datalen = i2d_RSAPrivateKey ((RSA *)key, NULL);
*data = p = malloc (*datalen);
if (!p)
{
@@ -85,7 +84,7 @@ key_serialize (int type, int private, void *key, u_int8_t **data, size_t *datale
(unsigned long)*datalen);
return;
}
- *datalen = LC (i2d_RSAPrivateKey, ((RSA *)key, &p));
+ *datalen = i2d_RSAPrivateKey ((RSA *)key, &p);
break;
}
break;
@@ -137,16 +136,14 @@ key_internalize (int type, int private, u_int8_t *data, int datalen)
{
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
case ISAKMP_KEYTYPE_PUBLIC:
- return LC (d2i_RSAPublicKey, (NULL, (const u_int8_t **)&data,
- datalen));
+ return d2i_RSAPublicKey (NULL, (const u_int8_t **)&data, datalen);
case ISAKMP_KEYTYPE_PRIVATE:
- return LC (d2i_RSAPrivateKey, (NULL, (const u_int8_t **)&data,
- datalen));
+ return d2i_RSAPrivateKey (NULL, (const u_int8_t **)&data, datalen);
#else
case ISAKMP_KEYTYPE_PUBLIC:
- return LC (d2i_RSAPublicKey, (NULL, &data, datalen));
+ return d2i_RSAPublicKey (NULL, &data, datalen);
case ISAKMP_KEYTYPE_PRIVATE:
- return LC (d2i_RSAPrivateKey, (NULL, &data, datalen));
+ return d2i_RSAPrivateKey (NULL, &data, datalen);
#endif
default:
log_error ("key_internalize: not public or private RSA key passed");
diff --git a/sbin/isakmpd/libcrypto.c b/sbin/isakmpd/libcrypto.c
index 9529ac3f070..ad1822b8a12 100644
--- a/sbin/isakmpd/libcrypto.c
+++ b/sbin/isakmpd/libcrypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: libcrypto.c,v 1.13 2001/07/13 14:13:38 ho Exp $ */
+/* $OpenBSD: libcrypto.c,v 1.14 2002/06/10 18:08:58 ho Exp $ */
/* $EOM: libcrypto.c,v 1.14 2000/09/28 12:53:27 niklas Exp $ */
/*
@@ -36,193 +36,20 @@
*/
#include "sysdep.h"
-
-#include "dyn.h"
#include "libcrypto.h"
-void *libcrypto = 0;
-
-#ifdef USE_X509
-
-#ifdef HAVE_DLOPEN
-
-/*
- * These prototypes matches SSLeay version 0.9.0b or OpenSSL 0.9.4, if
- * you try to load a different version than that, you are on your own.
- */
-char *(*lc_ASN1_d2i_bio) (char *(*) (), char *(*) (), BIO *bp,
- unsigned char **);
-char *(*lc_ASN1_dup) (int (*) (), char *(*) (), char *);
-long (*lc_BIO_ctrl) (BIO *bp, int, long, char *);
-int (*lc_BIO_free) (BIO *a);
-BIO *(*lc_BIO_new) (BIO_METHOD *type);
-int (*lc_BIO_write) (BIO *, char *, int);
-BIO_METHOD *(*lc_BIO_s_file) (void);
-BIO_METHOD *(*lc_BIO_s_mem) (void);
-BIGNUM *(*lc_BN_bin2bn) (const unsigned char *, int, BIGNUM *);
-int (*lc_BN_num_bits) (const BIGNUM *);
-int (*lc_BN_print_fp) (FILE *, BIGNUM *);
-char *(*lc_PEM_ASN1_read_bio) (char *(*) (), char *, BIO *, char **,
- int (*) ());
-void (*lc_RSA_free) (RSA *);
-RSA *(*lc_RSA_new) (void);
-RSA *(*lc_RSA_generate_key) (int, unsigned long, void (*) (int, int, char *),
- char *);
-int (*lc_RSA_private_encrypt) (int, unsigned char *, unsigned char *, RSA *,
- int);
-int (*lc_RSA_public_decrypt) (int, unsigned char *, unsigned char *, RSA *,
- int);
-int (*lc_RSA_size) (RSA *);
-#if OPENSSL_VERSION_NUMBER >= 0x00905100L
-void (*lc_OpenSSL_add_all_algorithms) (void);
-#else
-void (*lc_SSLeay_add_all_algorithms) (void);
-#endif
-int (*lc_X509_NAME_cmp) (X509_NAME *, X509_NAME *);
-void (*lc_X509_STORE_CTX_cleanup) (X509_STORE_CTX *);
-void (*lc_X509_OBJECT_free_contents) (X509_OBJECT *);
-
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
-void (*lc_X509_STORE_CTX_init) (X509_STORE_CTX *, X509_STORE *, X509 *,
- STACK_OF (X509) *);
-#else
-void (*lc_X509_STORE_CTX_init) (X509_STORE_CTX *, X509_STORE *, X509 *,
- STACK *);
-#endif
-
-int (*lc_X509_STORE_add_cert) (X509_STORE *, X509 *);
-X509_STORE *(*lc_X509_STORE_new) (void);
-void (*lc_X509_STORE_free) (X509_STORE *);
-X509 *(*lc_X509_dup) (X509 *);
-void (*lc_X509_free) (X509 *);
-X509_EXTENSION *(*lc_X509_get_ext) (X509 *, int);
-int (*lc_X509_get_ext_by_NID) (X509 *, int, int);
-X509_NAME *(*lc_X509_get_issuer_name) (X509 *);
-EVP_PKEY *(*lc_X509_get_pubkey) (X509 *);
-X509_NAME *(*lc_X509_get_subject_name) (X509 *);
-X509 *(*lc_X509_new) (void);
-int (*lc_X509_verify) (X509 *, EVP_PKEY *);
-int (*lc_X509_verify_cert) (X509_STORE_CTX *);
-char *(*lc_X509_verify_cert_error_string) (int);
-RSA *(*lc_d2i_RSAPrivateKey) (RSA **, unsigned char **, long);
-RSA *(*lc_d2i_RSAPublicKey) (RSA **, unsigned char **, long);
-X509 *(*lc_d2i_X509) (X509 **, unsigned char **, long);
-char *(*lc_X509_NAME_oneline) (X509_NAME *, char *, int);
-int (*lc_i2d_RSAPublicKey) (RSA *, unsigned char **);
-int (*lc_i2d_RSAPrivateKey) (RSA *, unsigned char **);
-int (*lc_i2d_X509) (X509 *, unsigned char **);
-int (*lc_i2d_X509_NAME) (X509_NAME *, unsigned char **);
-X509_NAME * (*lc_d2i_X509_NAME) (X509_NAME **, unsigned char **, int);
-#if (SSLEAY_VERSION_NUMBER >= 0x00904100L \
- && SSLEAY_VERSION_NUMBER < 0x0090600fL)
-void (*lc_sk_X509_free) (STACK_OF (X509) *);
-STACK_OF (X509) *(*lc_sk_X509_new_null) ();
-#else
-void (*lc_sk_free) (STACK *);
-STACK *(*lc_sk_new) (int (*) ());
-#endif
-
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
-X509 *(*lc_X509_find_by_subject) (STACK_OF (X509) *, X509_NAME *);
-#else
-X509 *(*lc_X509_find_by_subject) (STACK *, X509_NAME *);
-#endif
-
-int (*lc_X509_STORE_get_by_subject) (X509_STORE_CTX *, int, X509_NAME *,
- X509_OBJECT *);
-
-#define SYMENTRY(x) { SYM, SYM (x), (void **)&lc_ ## x }
-
-static struct dynload_script libcrypto_script[] = {
- { LOAD, "libc.so", &libcrypto },
- { LOAD, "libcrypto.so", &libcrypto },
- SYMENTRY (ASN1_d2i_bio),
- SYMENTRY (ASN1_dup),
- SYMENTRY (BIO_ctrl),
- SYMENTRY (BIO_free),
- SYMENTRY (BIO_new),
- SYMENTRY (BIO_write),
- SYMENTRY (BIO_s_file),
- SYMENTRY (BIO_s_mem),
- SYMENTRY (BN_print_fp),
- SYMENTRY (PEM_ASN1_read_bio),
- SYMENTRY (RSA_generate_key),
- SYMENTRY (RSA_free),
- SYMENTRY (RSA_private_encrypt),
- SYMENTRY (RSA_public_decrypt),
- SYMENTRY (RSA_size),
-#if OPENSSL_VERSION_NUMBER >= 0x00905100L
- SYMENTRY (OpenSSL_add_all_algorithms),
-#else
- SYMENTRY (SSLeay_add_all_algorithms),
-#endif
- SYMENTRY (X509_NAME_cmp),
- SYMENTRY (X509_STORE_CTX_cleanup),
- SYMENTRY (X509_STORE_CTX_init),
- SYMENTRY (X509_STORE_add_cert),
- SYMENTRY (X509_STORE_new),
- SYMENTRY (X509_STORE_free),
- SYMENTRY (X509_dup),
- SYMENTRY (X509_find_by_subject),
- SYMENTRY (X509_free),
- SYMENTRY (X509_get_ext),
- SYMENTRY (X509_get_ext_by_NID),
- SYMENTRY (X509_get_issuer_name),
- SYMENTRY (X509_get_pubkey),
- SYMENTRY (X509_get_subject_name),
- SYMENTRY (X509_new),
- SYMENTRY (X509_verify),
- SYMENTRY (X509_verify_cert),
- SYMENTRY (X509_verify_cert_error_string),
- SYMENTRY (X509_STORE_get_by_subject),
- SYMENTRY (X509_OBJECT_free_contents),
- SYMENTRY (X509_NAME_oneline),
- SYMENTRY (d2i_RSAPrivateKey),
- SYMENTRY (d2i_RSAPublicKey),
- SYMENTRY (d2i_X509),
- SYMENTRY (i2d_RSAPublicKey),
- SYMENTRY (i2d_RSAPrivateKey),
- SYMENTRY (i2d_X509),
- SYMENTRY (i2d_X509_NAME),
- SYMENTRY (d2i_X509_NAME),
-#if (SSLEAY_VERSION_NUMBER >= 0x00904100L \
- && SSLEAY_VERSION_NUMBER < 0x0090600fL)
- SYMENTRY (sk_X509_free),
- SYMENTRY (sk_X509_new_null),
-#else
- SYMENTRY (sk_free),
- SYMENTRY (sk_new),
-#endif
- { EOS }
-};
-#endif
-
-#endif /* USE_X509 */
-
void
libcrypto_init (void)
{
-#ifdef USE_X509
-#ifdef HAVE_DLOPEN
- dyn_load (libcrypto_script);
-#elif !defined (USE_LIBCRYPTO)
- return;
-#endif
-
- /*
- * XXX Do something imaginative with libcrypto here. The problem is if
- * the dynload fails libcrypto will be 0 which is good for the macros but
- * not the tests for support.
- */
+#if defined (USE_X509) && defined (USE_LIBCRYPTO)
-#if defined (USE_LIBCRYPTO)
/* Add all algorithms known by SSL */
#if OPENSSL_VERSION_NUMBER >= 0x00905100L
- LC (OpenSSL_add_all_algorithms, ());
+ OpenSSL_add_all_algorithms ();
#else
- LC (SSLeay_add_all_algorithms, ());
+ SSLeay_add_all_algorithms ();
#endif
-#endif
-#endif /* USE_X509 */
+
+#endif /* USE_X509 && USE_LIBCRYPTO */
}
diff --git a/sbin/isakmpd/libcrypto.h b/sbin/isakmpd/libcrypto.h
index 43ffb378402..3dd13ebbb49 100644
--- a/sbin/isakmpd/libcrypto.h
+++ b/sbin/isakmpd/libcrypto.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: libcrypto.h,v 1.13 2002/06/09 08:13:06 todd Exp $ */
+/* $OpenBSD: libcrypto.h,v 1.14 2002/06/10 18:08:58 ho Exp $ */
/* $EOM: libcrypto.h,v 1.16 2000/09/28 12:53:27 niklas Exp $ */
/*
@@ -50,139 +50,7 @@
#include <openssl/x509_vfy.h>
#include <openssl/x509.h>
-extern void *libcrypto;
-
-#if defined (USE_LIBCRYPTO)
-#if defined (HAVE_DLOPEN)
-#define LC(sym, args) (libcrypto ? lc_ ## sym args : sym args)
-#else
-#define LC(sym, args) sym args
-#endif
-#elif defined (HAVE_DLOPEN)
-#define LC(sym, args) lc_ ## sym args
-#else
-#define LC(sym, args) !!libcrypto called but no USE_LIBCRYPTO nor HAVE_DLOPEN!!
-#endif
-
-#ifdef HAVE_DLOPEN
-
-/*
- * These prototypes matches SSLeay version 0.9.0b or OpenSSL 0.9.4, if you
- * try to load a different version than that, you are on your own.
- */
-extern char *(*lc_ASN1_d2i_bio) (char *(*) (), char *(*) (), BIO *bp,
- unsigned char **);
-extern char *(*lc_ASN1_dup) (int (*) (), char *(*) (), char *);
-extern long (*lc_BIO_ctrl) (BIO *bp, int, long, char *);
-extern int (*lc_BIO_free) (BIO *a);
-extern BIO *(*lc_BIO_new) (BIO_METHOD *type);
-extern int (*lc_BIO_write) (BIO *, char *, int);
-extern BIO_METHOD *(*lc_BIO_s_file) (void);
-extern BIO_METHOD *(*lc_BIO_s_mem) (void);
-extern BIGNUM *(*lc_BN_bin2bn) (const unsigned char *, int, BIGNUM *);
-extern int (*lc_BN_num_bits) (const BIGNUM *);
-extern int (*lc_BN_print_fp) (FILE *, BIGNUM *);
-extern char *(*lc_PEM_ASN1_read_bio) (char *(*) (), char *, BIO *, char **,
- int (*) ());
-extern void (*lc_RSA_free) (RSA *);
-extern RSA *(*lc_RSA_new) (void);
-extern RSA *(*lc_RSA_generate_key) (int, unsigned long,
- void (*) (int, int, char *), char *);
-extern int (*lc_RSA_private_encrypt) (int, unsigned char *, unsigned char *,
- RSA *, int);
-extern int (*lc_RSA_public_decrypt) (int, unsigned char *, unsigned char *,
- RSA *, int);
-extern int (*lc_RSA_size) (RSA *);
-#if OPENSSL_VERSION_NUMBER >= 0x00905100L
-extern void (*lc_OpenSSL_add_all_algorithms) (void);
-#else
-extern void (*lc_SSLeay_add_all_algorithms) (void);
-#endif
-extern int (*lc_X509_NAME_cmp) (X509_NAME *, X509_NAME *);
-extern void (*lc_X509_OBJECT_free_contents) (X509_OBJECT *);
-extern void (*lc_X509_STORE_CTX_cleanup) (X509_STORE_CTX *);
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
-extern void (*lc_X509_STORE_CTX_init) (X509_STORE_CTX *, X509_STORE *, X509 *,
- STACK_OF (X509) *);
-#else
-extern void (*lc_X509_STORE_CTX_init) (X509_STORE_CTX *, X509_STORE *, X509 *,
- STACK *);
-#endif
-extern int (*lc_X509_STORE_add_cert) (X509_STORE *, X509 *);
-extern void (*lc_X509_STORE_free) (X509_STORE *);
-extern X509_STORE *(*lc_X509_STORE_new) (void);
-extern X509 *(*lc_X509_dup) (X509 *);
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
-extern X509 *(*lc_X509_find_by_subject) (STACK_OF (X509) *, X509_NAME *);
-#else
-extern X509 *(*lc_X509_find_by_subject) (STACK *, X509_NAME *);
-#endif
-extern int (*lc_X509_STORE_get_by_subject) (X509_STORE_CTX *, int,
- X509_NAME *, X509_OBJECT *);
-extern void (*lc_X509_free) (X509 *);
-extern X509_EXTENSION *(*lc_X509_get_ext) (X509 *, int);
-extern int (*lc_X509_get_ext_by_NID) (X509 *, int, int);
-extern X509_NAME *(*lc_X509_get_issuer_name) (X509 *);
-extern EVP_PKEY *(*lc_X509_get_pubkey) (X509 *);
-extern X509_NAME *(*lc_X509_get_subject_name) (X509 *);
-extern X509 *(*lc_X509_new) (void);
-extern int (*lc_X509_verify) (X509 *, EVP_PKEY *);
-extern char *(*lc_X509_NAME_oneline) (X509_NAME *, char *, int);
-extern int (*lc_X509_verify_cert) (X509_STORE_CTX *);
-extern char *(*lc_X509_verify_cert_error_string) (int);
-extern RSA *(*lc_d2i_RSAPrivateKey) (RSA **, unsigned char **, long);
-extern RSA *(*lc_d2i_RSAPublicKey) (RSA **, unsigned char **, long);
-extern X509 *(*lc_d2i_X509) (X509 **, unsigned char **, long);
-extern int (*lc_i2d_RSAPublicKey) (RSA *, unsigned char **);
-extern int (*lc_i2d_RSAPrivateKey) (RSA *, unsigned char **);
-extern int (*lc_i2d_X509) (X509 *, unsigned char **);
-extern int (*lc_i2d_X509_NAME) (X509_NAME *, unsigned char **);
-extern X509_NAME * (*lc_d2i_X509_NAME) (X509_NAME **, unsigned char **, int);
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
-extern void (*lc_sk_X509_free) (STACK_OF (X509) *);
-extern STACK_OF (X509) *(*lc_sk_X509_new_null) (void);
-#else
-extern void (*lc_sk_free) (STACK *);
-extern STACK *(*lc_sk_new) (int (*) ());
-#endif
-
-#define lc_BIO_read_filename(b, name) \
- lc_BIO_ctrl (b, BIO_C_SET_FILENAME, BIO_CLOSE | BIO_FP_READ, name)
-
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
-#define lc_PEM_read_bio_RSAPrivateKey(bp, x, cb, u) \
- (RSA *)lc_PEM_ASN1_read_bio ((char *(*) ())lc_d2i_RSAPrivateKey, \
- PEM_STRING_RSA, bp, (char **)x, cb)
-#define lc_PEM_read_bio_X509(bp, x, cb, u) \
- (X509 *)lc_PEM_ASN1_read_bio ((char *(*) ())lc_d2i_X509, PEM_STRING_X509, \
- bp, (char **)x, cb)
-#else
-#define lc_PEM_read_bio_RSAPrivateKey(bp, x, cb) \
- (RSA *)lc_PEM_ASN1_read_bio ((char *(*) ())lc_d2i_RSAPrivateKey, \
- PEM_STRING_RSA, bp, (char **)x, cb)
-#define lc_PEM_read_bio_X509(bp, x, cb) \
- (X509 *)lc_PEM_ASN1_read_bio ((char *(*) ())lc_d2i_X509, PEM_STRING_X509, \
- bp, (char **)x, cb)
-#endif
-
-#define lc_RSAPublicKey_dup(rsa) \
- (RSA *)lc_ASN1_dup ((int (*) ())lc_i2d_RSAPublicKey, \
- (char *(*) ())lc_d2i_RSAPublicKey, (char *)rsa)
-
-#define lc_X509_name_cmp(a, b) lc_X509_NAME_cmp ((a), (b))
-
-#define lc_d2i_X509_bio(bp, x509) \
- (X509 *)lc_ASN1_d2i_bio ((char *(*) ())lc_X509_new, \
- (char *(*) ())lc_d2i_X509, (bp), \
- (unsigned char **)(x509))
-
-#if SSLEAY_VERSION_NUMBER < 0x00904100L
-#define lc_sk_new_null() lc_sk_new (NULL)
-#endif
-
-#endif
-
-#endif
+#endif /* USE_X509 */
extern void libcrypto_init (void);
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index ee6015fe927..0b50c6ed054 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.53 2002/06/09 08:13:06 todd Exp $ */
+/* $OpenBSD: policy.c,v 1.54 2002/06/10 18:08:58 ho Exp $ */
/* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */
/*
@@ -59,7 +59,6 @@
#include "sysdep.h"
#include "conf.h"
-#include "dyn.h"
#include "exchange.h"
#include "ipsec.h"
#include "isakmp_doi.h"
@@ -71,50 +70,6 @@
#include "policy.h"
#include "x509.h"
-#if defined (HAVE_DLOPEN) && !defined (USE_KEYNOTE) && 0
-
-void *libkeynote = 0;
-
-/*
- * These prototypes matches OpenBSD keynote.h 1.6. If you use
- * a different version than that, you are on your own.
- */
-int *lk_keynote_errno;
-int (*lk_kn_add_action) (int, char *, char *, int);
-int (*lk_kn_add_assertion) (int, char *, int, int);
-int (*lk_kn_add_authorizer) (int, char *);
-int (*lk_kn_close) (int);
-int (*lk_kn_do_query) (int, char **, int);
-char *(*lk_kn_encode_key) (struct keynote_deckey *, int, int, int);
-int (*lk_kn_init) (void);
-char **(*lk_kn_read_asserts) (char *, int, int *);
-int (*lk_kn_remove_authorizer) (int, char *);
-int (*lk_kn_get_authorizer) (int, int, int *);
-void (*lk_kn_free_key) (struct keynote_deckey *);
-struct keynote_keylist *(*lk_kn_get_licensees) (int, int);
-#define SYMENTRY(x) { SYM, SYM (x), (void **)&lk_ ## x }
-
-static struct dynload_script libkeynote_script[] = {
- { LOAD, "libc.so", &libkeynote },
- { LOAD, "libcrypto.so", &libkeynote },
- { LOAD, "libm.so", &libkeynote },
- { LOAD, "libkeynote.so", &libkeynote },
- SYMENTRY (keynote_errno),
- SYMENTRY (kn_add_action),
- SYMENTRY (kn_add_assertion),
- SYMENTRY (kn_add_authorizer),
- SYMENTRY (kn_close),
- SYMENTRY (kn_do_query),
- SYMENTRY (kn_encode_key),
- SYMENTRY (kn_init),
- SYMENTRY (kn_read_asserts),
- SYMENTRY (kn_remove_authorizer),
- SYMENTRY (kn_get_licensees),
- SYMENTRY (kn_get_authorizer),
- { EOS }
-};
-#endif
-
char **keynote_policy_asserts = NULL;
int keynote_policy_asserts_num = 0;
struct exchange *policy_exchange = 0;
@@ -1811,11 +1766,6 @@ policy_init (void)
LOG_DBG ((LOG_POLICY, 30, "policy_init: initializing"));
-#if defined (HAVE_DLOPEN) && !defined (USE_KEYNOTE)
- if (!dyn_load (libkeynote_script))
- return;
-#endif
-
/* Get policy file from configuration. */
policy_file = conf_get_str ("General", "Policy-file");
if (!policy_file)
@@ -1849,7 +1799,7 @@ policy_init (void)
close (fd);
/* Parse buffer, break up into individual policies. */
- asserts = LK (kn_read_asserts, (ptr, sz, &i));
+ asserts = kn_read_asserts (ptr, sz, &i);
/* Begone! */
free (ptr);
@@ -1905,14 +1855,13 @@ keynote_cert_validate (void *scert)
if (scert == NULL)
return 0;
- foo = LK (kn_read_asserts, ((char *) scert, strlen ((char *) scert),
- &num));
+ foo = kn_read_asserts ((char *) scert, strlen ((char *) scert), &num);
if (foo == NULL)
return 0;
for (i = 0; i < num; i++)
{
- if (LK (kn_verify_assertion, (scert, strlen ((char *) scert)))
+ if (kn_verify_assertion (scert, strlen ((char *) scert))
!= SIGRESULT_TRUE)
{
for (; i < num; i++)
@@ -1938,13 +1887,12 @@ keynote_cert_insert (int sid, void *scert)
if (scert == NULL)
return 0;
- foo = LK (kn_read_asserts, ((char *) scert, strlen ((char *) scert),
- &num));
+ foo = kn_read_asserts ((char *) scert, strlen ((char *) scert), &num);
if (foo == NULL)
return 0;
while (num--)
- LK (kn_add_assertion, (sid, foo[num], strlen (foo[num]), 0));
+ kn_add_assertion (sid, foo[num], strlen (foo[num]), 0);
return 1;
}
@@ -1974,10 +1922,10 @@ keynote_certreq_validate (u_int8_t *data, u_int32_t len)
memcpy (dat, data, len);
- if (LK (kn_decode_key, (&dc, dat, KEYNOTE_PUBLIC_KEY)) != 0)
+ if (kn_decode_key (&dc, dat, KEYNOTE_PUBLIC_KEY) != 0)
err = 0;
else
- LK (kn_free_key, (&dc));
+ kn_free_key (&dc);
free (dat);
@@ -2131,14 +2079,14 @@ keynote_cert_get_key (void *scert, void *keyp)
int sid, kid, num;
char **foo;
- foo = LK (kn_read_asserts, ((char *)scert, strlen ((char *)scert), &num));
+ foo = kn_read_asserts ((char *)scert, strlen ((char *)scert), &num);
if (foo == NULL || num == 0)
{
log_print ("keynote_cert_get_key: failed to decompose credentials");
return 0;
}
- kid = LK (kn_init, ());
+ kid = kn_init ();
if (kid == -1)
{
log_print ("keynote_cert_get_key: failed to initialize new policy "
@@ -2149,8 +2097,7 @@ keynote_cert_get_key (void *scert, void *keyp)
return 0;
}
- sid = LK (kn_add_assertion, (kid, foo[num - 1],
- strlen (foo[num - 1]), 0));
+ sid = kn_add_assertion (kid, foo[num - 1], strlen (foo[num - 1]), 0);
while (num--)
free (foo[num]);
free (foo);
@@ -2158,26 +2105,26 @@ keynote_cert_get_key (void *scert, void *keyp)
if (sid == -1)
{
log_print ("keynote_cert_get_key: failed to add assertion");
- LK (kn_close, (kid));
+ kn_close (kid);
return 0;
}
*(RSA **)keyp = NULL;
- kl = LK (kn_get_licensees, (kid, sid));
+ kl = kn_get_licensees (kid, sid);
while (kl)
{
if (kl->key_alg == KEYNOTE_ALGORITHM_RSA)
{
- *(RSA **)keyp = LC (RSAPublicKey_dup, (kl->key_key));
+ *(RSA **)keyp = RSAPublicKey_dup (kl->key_key);
break;
}
kl = kl->key_next;
}
- LK (kn_remove_assertion, (kid, sid));
- LK (kn_close, (kid));
+ kn_remove_assertion (kid, sid);
+ kn_close (kid);
return *(RSA **)keyp == NULL ? 0 : 1;
}
diff --git a/sbin/isakmpd/policy.h b/sbin/isakmpd/policy.h
index 88b35aa7f36..2740e75e540 100644
--- a/sbin/isakmpd/policy.h
+++ b/sbin/isakmpd/policy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.h,v 1.9 2001/08/15 13:06:53 ho Exp $ */
+/* $OpenBSD: policy.h,v 1.10 2002/06/10 18:08:58 ho Exp $ */
/* $EOM: policy.h,v 1.12 2000/09/28 12:53:27 niklas Exp $ */
/*
@@ -45,40 +45,8 @@
#if defined (USE_KEYNOTE)
#define CREDENTIAL_FILE "credentials"
#define PRIVATE_KEY_FILE "private_key"
-
-#define LK(sym, args) sym args
-#define LKV(sym) sym
-#elif defined (HAVE_DLOPEN) && 0
-#define LK(sym, args) lk_ ## sym args
-#define LKV(sym) *lk_ ## sym
-#else
-#define LK(sym, args) !!libkeynote called but no USE_KEYNOTE nor HAVE_DLOPEN!!
-#define LKV(sym) !!libkeynote called but no USE_KEYNOTE nor HAVE_DLOPEN!!
#endif
-#if defined (HAVE_DLOPEN) && !defined (USE_KEYNOTE) && 0
-struct keynote_deckey;
-
-extern void *libkeynote;
-
-/*
- * These prototypes matches OpenBSD keynote.h 1.6. If you use
- * a different version than that, you are on your own.
- */
-extern int *lk_keynote_errno;
-extern int (*lk_kn_add_action) (int, char *, char *, int);
-extern int (*lk_kn_add_assertion) (int, char *, int, int);
-extern int (*lk_kn_add_authorizer) (int, char *);
-extern int (*lk_kn_close) (int);
-extern int (*lk_kn_do_query) (int, char **, int);
-extern char *(*lk_kn_encode_key) (struct keynote_deckey *, int, int, int);
-extern int (*lk_kn_init) (void);
-extern char **(*lk_kn_read_asserts) (char *, int, int *);
-extern int (*lk_kn_remove_authorizer) (int, char *);
-extern void (*lk_kn_free_key) (struct keynote_deckey *);
-extern void *(*lk_kn_get_authorizer) (int, int, int*);
-#endif /* HAVE_DLOPEN && !USE_KEYNOTE */
-
extern int keynote_sessid;
extern int keynote_policy_asserts_num;
extern int x509_policy_asserts_num;
diff --git a/sbin/isakmpd/regress/rsakeygen/rsakeygen.c b/sbin/isakmpd/regress/rsakeygen/rsakeygen.c
index f9631e7eeff..70d932f7d78 100644
--- a/sbin/isakmpd/regress/rsakeygen/rsakeygen.c
+++ b/sbin/isakmpd/regress/rsakeygen/rsakeygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsakeygen.c,v 1.15 2002/06/09 08:13:07 todd Exp $ */
+/* $OpenBSD: rsakeygen.c,v 1.16 2002/06/10 18:08:59 ho Exp $ */
/* $EOM: rsakeygen.c,v 1.10 2000/12/21 15:18:53 ho Exp $ */
/*
@@ -71,19 +71,11 @@ main (void)
libcrypto_init ();
-#ifndef USE_LIBCRYPTO
- if (!libcrypto)
- {
- fprintf (stderr, "I did not find the RSA support, giving up...");
- exit (1);
- }
-#endif
-
log_debug_cmd (LOG_CRYPTO, 99);
memset (dec, '\0', sizeof dec);
strlcpy (dec, TEST_STRING, 256);
- key = LC (RSA_generate_key, (1024, RSA_F4, NULL, NULL));
+ key = RSA_generate_key (1024, RSA_F4, NULL, NULL);
if (key == NULL)
{
printf("Failed to generate key\n");
@@ -91,33 +83,33 @@ main (void)
}
printf ("n: 0x");
- LC (BN_print_fp, (stdout, key->n));
+ BN_print_fp (stdout, key->n);
printf ("\ne: 0x");
- LC (BN_print_fp, (stdout, key->e));
+ BN_print_fp (stdout, key->e);
printf ("\n");
printf ("n: 0x");
- LC (BN_print_fp, (stdout, key->n));
+ BN_print_fp (stdout, key->n);
printf ("\ne: 0x");
- LC (BN_print_fp, (stdout, key->e));
+ BN_print_fp (stdout, key->e);
printf ("\nd: 0x");
- LC (BN_print_fp, (stdout, key->d));
+ BN_print_fp (stdout, key->d);
printf ("\np: 0x");
- LC (BN_print_fp, (stdout, key->p));
+ BN_print_fp (stdout, key->p);
printf ("\nq: 0x");
- LC (BN_print_fp, (stdout, key->q));
+ BN_print_fp (stdout, key->q);
printf ("\n");
printf ("Testing Signing/Verifying: ");
/* Sign with Private Key */
- len = LC (RSA_private_encrypt, (strlen (dec) + 1, dec, enc, key,
- RSA_PKCS1_PADDING));
+ len = RSA_private_encrypt (strlen (dec) + 1, dec, enc, key,
+ RSA_PKCS1_PADDING);
if (len == -1)
printf ("SIGN FAILED ");
else
{
/* Decrypt/Verify with Public Key */
- erg = LC (RSA_public_decrypt, (len, enc, dec, key, RSA_PKCS1_PADDING));
+ erg = RSA_public_decrypt (len, enc, dec, key, RSA_PKCS1_PADDING);
if (erg == -1 || strcmp (dec, TEST_STRING))
printf ("VERIFY FAILED");
@@ -127,23 +119,23 @@ main (void)
printf ("\n");
- len = LC (i2d_RSAPublicKey, (key, NULL));
+ len = i2d_RSAPublicKey (key, NULL);
foo = asn = malloc (len);
- len = LC (i2d_RSAPublicKey, (key, &foo));
+ len = i2d_RSAPublicKey (key, &foo);
fd = fopen ("isakmpd_key.pub", "w");
fwrite (asn, len, 1, fd);
fclose (fd);
free (asn);
- len = LC (i2d_RSAPrivateKey, (key, NULL));
+ len = i2d_RSAPrivateKey (key, NULL);
foo = asn = malloc (len);
- len = LC (i2d_RSAPrivateKey, (key, &foo));
+ len = i2d_RSAPrivateKey (key, &foo);
fd = fopen ("isakmpd_key", "w");
fwrite (asn, len, 1, fd);
fclose (fd);
free (asn);
- LC (RSA_free, (key));
+ RSA_free (key);
return 1;
}
diff --git a/sbin/isakmpd/regress/x509/x509test.c b/sbin/isakmpd/regress/x509/x509test.c
index 8f7d25f0014..08b3db0c9e4 100644
--- a/sbin/isakmpd/regress/x509/x509test.c
+++ b/sbin/isakmpd/regress/x509/x509test.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509test.c,v 1.19 2002/06/09 08:13:07 todd Exp $ */
+/* $OpenBSD: x509test.c,v 1.20 2002/06/10 18:08:59 ho Exp $ */
/* $EOM: x509test.c,v 1.9 2000/12/21 15:24:25 ho Exp $ */
/*
@@ -191,27 +191,19 @@ main (int argc, char *argv[])
libcrypto_init ();
-#ifndef USE_LIBCRYPTO
- if (!libcrypto)
- {
- fprintf (stderr, "I did not find the X.509 support, giving up...");
- exit (1);
- }
-#endif
-
printf ("Reading private key %s\n", argv[1]);
- keyfile = LC (BIO_new, (LC (BIO_s_file, ())));
- if (LC (BIO_read_filename, (keyfile, argv[1])) == -1)
+ keyfile = BIO_new (BIO_s_file ());
+ if (BIO_read_filename (keyfile, argv[1]) == -1)
{
perror ("read");
exit (1);
}
#if SSLEAY_VERSION_NUMBER >= 0x00904100L
- priv_key = LC (PEM_read_bio_RSAPrivateKey, (keyfile, NULL, NULL, NULL));
+ priv_key = PEM_read_bio_RSAPrivateKey (keyfile, NULL, NULL, NULL);
#else
- priv_key = LC (PEM_read_bio_RSAPrivateKey, (keyfile, NULL, NULL));
+ priv_key = PEM_read_bio_RSAPrivateKey (keyfile, NULL, NULL);
#endif
- LC (BIO_free, (keyfile));
+ BIO_free (keyfile);
if (priv_key == NULL)
{
printf("PEM_read_bio_RSAPrivateKey () failed\n");
@@ -220,25 +212,25 @@ main (int argc, char *argv[])
/* Use a certificate created by ssleay. */
printf ("Reading ssleay created certificate %s\n", argv[2]);
- certfile = LC (BIO_new, (LC (BIO_s_file, ())));
- if (LC (BIO_read_filename, (certfile, argv[2])) == -1)
+ certfile = BIO_new (BIO_s_file ());
+ if (BIO_read_filename (certfile, argv[2]) == -1)
{
perror ("read");
exit (1);
}
#if SSLEAY_VERSION_NUMBER >= 0x00904100L
- cert = LC (PEM_read_bio_X509, (certfile, NULL, NULL, NULL));
+ cert = PEM_read_bio_X509 (certfile, NULL, NULL, NULL);
#else
- cert = LC (PEM_read_bio_X509, (certfile, NULL, NULL));
+ cert = PEM_read_bio_X509 (certfile, NULL, NULL);
#endif
- LC (BIO_free, (certfile));
+ BIO_free (certfile);
if (cert == NULL)
{
printf("PEM_read_bio_X509 () failed\n");
exit (1);
}
- pkey_pub = LC (X509_get_pubkey, (cert));
+ pkey_pub = X509_get_pubkey (cert);
/* XXX Violation of the interface? */
pub_key = pkey_pub->pkey.rsa;
if (pub_key == NULL)
@@ -250,12 +242,12 @@ main (int argc, char *argv[])
err = 0;
strlcpy (dec, "Eine kleine Testmeldung", 256);
- if ((len = LC (RSA_private_encrypt, (strlen (dec), dec, enc, priv_key,
- RSA_PKCS1_PADDING))) == -1)
+ if ((len = RSA_private_encrypt (strlen (dec), dec, enc, priv_key,
+ RSA_PKCS1_PADDING)) == -1)
printf ("SIGN FAILED ");
else
- err = LC (RSA_public_decrypt, (len, enc, dec, pub_key, RSA_PKCS1_PADDING));
+ err = RSA_public_decrypt (len, enc, dec, pub_key, RSA_PKCS1_PADDING);
if (err == -1 || strcmp (dec, "Eine kleine Testmeldung"))
printf ("SIGN/VERIFY FAILED");
@@ -265,7 +257,7 @@ main (int argc, char *argv[])
printf ("Validate SIGNED: ");
- err = LC (X509_verify, (cert, pkey_pub));
+ err = X509_verify (cert, pkey_pub);
printf ("X509 verify: %d ", err);
if (err == -1)
printf ("FAILED ");
diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c
index 8cd9cdccae3..66e7c8ae84d 100644
--- a/sbin/isakmpd/sa.c
+++ b/sbin/isakmpd/sa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.c,v 1.62 2002/06/09 08:13:07 todd Exp $ */
+/* $OpenBSD: sa.c,v 1.63 2002/06/10 18:08:58 ho Exp $ */
/* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */
/*
@@ -779,7 +779,7 @@ sa_release (struct sa *sa)
free (sa->keynote_key); /* This is just a string */
#if defined (USE_POLICY) || defined (USE_KEYNOTE)
if (sa->policy_id != -1)
- LK (kn_close, (sa->policy_id));
+ kn_close (sa->policy_id);
#endif
if (sa->name)
free (sa->name);
diff --git a/sbin/isakmpd/sysdep/bsdi/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/bsdi/GNUmakefile.sysdep
index 35630dd1d19..40a28f07ab2 100644
--- a/sbin/isakmpd/sysdep/bsdi/GNUmakefile.sysdep
+++ b/sbin/isakmpd/sysdep/bsdi/GNUmakefile.sysdep
@@ -1,4 +1,4 @@
-# $OpenBSD: GNUmakefile.sysdep,v 1.1 2001/03/23 16:14:35 markus Exp $
+# $OpenBSD: GNUmakefile.sysdep,v 1.2 2002/06/10 18:08:59 ho Exp $
#
# XXX UNTESTED
@@ -49,7 +49,6 @@ IPSEC_SRCS= pf_key_v2.c
IPSEC_CFLAGS= -DUSE_PF_KEY_V2
USE_LIBCRYPTO= defined
-#HAVE_DLOPEN= defined
#
# hack libsysdep.a dependency
diff --git a/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep
index a8fc6594985..92c2cfb1e07 100644
--- a/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep
+++ b/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep
@@ -1,4 +1,4 @@
-# $OpenBSD: GNUmakefile.sysdep,v 1.3 2001/02/24 04:42:48 angelos Exp $
+# $OpenBSD: GNUmakefile.sysdep,v 1.4 2002/06/10 18:08:59 ho Exp $
#
# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
@@ -66,8 +66,6 @@ CFLAGS+= -I${FREESWAN}/gmp -I${FREESWAN}/libdes \
CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_GMP
CFLAGS+= -D'SALEN(x)=8'
-HAVE_DLOPEN= defined
-
${LIBSYSDEP}:
cd ${LIBSYSDEPDIR}; \
${MAKE} --no-print-directory ${MAKEFLAGS} CFLAGS="${CFLAGS}" MKDEP="${MKDEP}"
diff --git a/sbin/isakmpd/sysdep/linux/Makefile.sysdep b/sbin/isakmpd/sysdep/linux/Makefile.sysdep
index 82bc508717d..b4f6a37a319 100644
--- a/sbin/isakmpd/sysdep/linux/Makefile.sysdep
+++ b/sbin/isakmpd/sysdep/linux/Makefile.sysdep
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.sysdep,v 1.2 2001/01/28 22:38:48 niklas Exp $
+# $OpenBSD: Makefile.sysdep,v 1.3 2002/06/10 18:08:59 ho Exp $
#
# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
@@ -55,12 +55,6 @@ CFLAGS+= ${DEBUG} -I${FREESWAN}/gmp -I${FREESWAN}/libdes \
-I${FREESWAN}/klips -I${FREESWAN}/lib -DUSE_OLD_SOCKADDR \
-I${.CURDIR}/sysdep/common
-# XXX Is this test correct? Is the prefix "_" on ELF-systems too?
-HAVE_DLOPEN= defined
-LDADD+= -ldl
-DPADD+= /usr/lib/libdl.a
-CFLAGS+= -DSYMBOL_PREFIX='"_"'
-
#USE_LIBCRYPTO= defined
#USE_KEYNOTE= defined
diff --git a/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep
index d8f089bcd5e..81b1a5ff22b 100644
--- a/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep
+++ b/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep
@@ -1,4 +1,4 @@
-# $OpenBSD: GNUmakefile.sysdep,v 1.5 2001/06/29 22:18:59 itojun Exp $
+# $OpenBSD: GNUmakefile.sysdep,v 1.6 2002/06/10 18:08:59 ho Exp $
#
# Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
@@ -48,7 +48,6 @@ IPSEC_SRCS= pf_key_v2.c
IPSEC_CFLAGS= -DUSE_PF_KEY_V2
USE_LIBCRYPTO= defined
-#HAVE_DLOPEN= defined
#
# hack libsysdep.a dependency
diff --git a/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep
index 04a8b781f2b..af5e7846d9d 100644
--- a/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep
+++ b/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep
@@ -1,4 +1,4 @@
-# $OpenBSD: GNUmakefile.sysdep,v 1.2 2001/01/28 22:38:49 niklas Exp $
+# $OpenBSD: GNUmakefile.sysdep,v 1.3 2002/06/10 18:08:59 ho Exp $
#
# Copyright (c) 1999 Håkan Olsson. All rights reserved.
@@ -43,14 +43,6 @@ IPSEC_CFLAGS= -DUSE_PF_KEY_V2
CFLAGS+= -DHAVE_GETNAMEINFO
-# XXX This test does not work as MACHINE_ARCH does not get defined by GNU make.
-# Furthermore these defines should not happen for neither mips, powerpc nor vax
-# just like alpha.
-ifneq (${MACHINE_ARCH},alpha)
-HAVE_DLOPEN= defined
-CFLAGS+= -DSYMBOL_PREFIX='"_"'
-endif
-
USE_LIBCRYPTO= defined
ifneq (${MACHINE_ARCH},alpha)
ifneq (${MACHINE_ARCH},vax)
diff --git a/sbin/isakmpd/sysdep/openbsd/Makefile.sysdep b/sbin/isakmpd/sysdep/openbsd/Makefile.sysdep
index 5e3d982b658..d9c3da400e8 100644
--- a/sbin/isakmpd/sysdep/openbsd/Makefile.sysdep
+++ b/sbin/isakmpd/sysdep/openbsd/Makefile.sysdep
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.sysdep,v 1.20 2002/03/05 00:11:23 deraadt Exp $
+# $OpenBSD: Makefile.sysdep,v 1.21 2002/06/10 18:08:59 ho Exp $
# $EOM: Makefile.sysdep,v 1.18 2001/01/26 10:55:22 niklas Exp $
#
@@ -39,12 +39,6 @@ IPSEC_CFLAGS= -DUSE_PF_KEY_V2
CFLAGS+= -DHAVE_GETNAMEINFO -DHAVE_GETIFADDRS -DHAVE_PCAP
-# Some OpenBSD systems do not provide dlopen(3).
-#.if ${MACHINE_ARCH} != "alpha" && ${MACHINE_ARCH} != "mips" && ${MACHINE_ARCH} != "powerpc" && ${MACHINE_ARCH} != "vax" && ${MACHINE_ARCH} != "m88k"
-#HAVE_DLOPEN= defined
-#CFLAGS+= -DSYMBOL_PREFIX='"_"'
-#.endif
-
USE_LIBCRYPTO= defined
.ifdef FEATURES
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index 70551287ae5..8a8ba584fa0 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.70 2002/06/01 07:44:22 deraadt Exp $ */
+/* $OpenBSD: x509.c,v 1.71 2002/06/10 18:08:59 ho Exp $ */
/* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */
/*
@@ -57,7 +57,6 @@
#include "cert.h"
#include "conf.h"
-#include "dyn.h"
#include "exchange.h"
#include "hash.h"
#include "ike_auth.h"
@@ -131,11 +130,11 @@ x509_generate_kn (int id, X509 *cert)
"x509_generate_kn: generating KeyNote policy for certificate %p",
cert));
- issuer = LC (X509_get_issuer_name, (cert));
- subject = LC (X509_get_subject_name, (cert));
+ issuer = X509_get_issuer_name (cert);
+ subject = X509_get_subject_name (cert);
/* Missing or self-signed, ignore cert but don't report failure. */
- if (!issuer || !subject || !LC (X509_name_cmp, (issuer, subject)))
+ if (!issuer || !subject || !X509_name_cmp (issuer, subject))
return 1;
if (!x509_cert_get_key (cert, &key))
@@ -147,41 +146,41 @@ x509_generate_kn (int id, X509 *cert)
dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA;
dc.dec_key = key;
- ikey = LK (kn_encode_key, (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
- KEYNOTE_PUBLIC_KEY));
- if (LKV (keynote_errno) == ERROR_MEMORY)
+ ikey = kn_encode_key (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
+ KEYNOTE_PUBLIC_KEY);
+ if (keynote_errno == ERROR_MEMORY)
{
log_print ("x509_generate_kn: failed to get memory for public key");
- LC (RSA_free, (key));
+ RSA_free (key);
LOG_DBG ((LOG_POLICY, 30, "x509_generate_kn: cannot get subject key"));
return 0;
}
if (!ikey)
{
- LC (RSA_free, (key));
+ RSA_free (key);
LOG_DBG ((LOG_POLICY, 30, "x509_generate_kn: cannot get subject key"));
return 0;
}
- LC (RSA_free, (key));
+ RSA_free (key);
/* Now find issuer's certificate so we can get the public key. */
- LC (X509_STORE_CTX_init, (&csc, x509_cas, cert, NULL));
- if (LC (X509_STORE_get_by_subject, (&csc, X509_LU_X509, issuer, &obj)) !=
+ X509_STORE_CTX_init (&csc, x509_cas, cert, NULL);
+ if (X509_STORE_get_by_subject (&csc, X509_LU_X509, issuer, &obj) !=
X509_LU_X509)
{
- LC (X509_STORE_CTX_cleanup, (&csc));
- LC (X509_STORE_CTX_init, (&csc, x509_certs, cert, NULL));
- if (LC (X509_STORE_get_by_subject, (&csc, X509_LU_X509, issuer, &obj)) !=
+ X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_CTX_init (&csc, x509_certs, cert, NULL);
+ if (X509_STORE_get_by_subject (&csc, X509_LU_X509, issuer, &obj) !=
X509_LU_X509)
{
- LC (X509_STORE_CTX_cleanup, (&csc));
+ X509_STORE_CTX_cleanup (&csc);
LOG_DBG ((LOG_POLICY, 30,
"x509_generate_kn: no certificate found for issuer"));
return 0;
}
}
- LC (X509_STORE_CTX_cleanup, (&csc));
+ X509_STORE_CTX_cleanup (&csc);
icert = obj.data.x509;
if (icert == NULL)
@@ -200,17 +199,17 @@ x509_generate_kn (int id, X509 *cert)
return 0;
}
- LC (X509_OBJECT_free_contents, (&obj));
+ X509_OBJECT_free_contents (&obj);
dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA;
dc.dec_key = key;
- skey = LK (kn_encode_key, (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
- KEYNOTE_PUBLIC_KEY));
- if (LKV (keynote_errno) == ERROR_MEMORY)
+ skey = kn_encode_key (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
+ KEYNOTE_PUBLIC_KEY);
+ if (keynote_errno == ERROR_MEMORY)
{
log_error ("x509_generate_kn: failed to get memory for public key");
free (ikey);
- LC (RSA_free, (key));
+ RSA_free (key);
LOG_DBG ((LOG_POLICY, 30, "x509_generate_kn: cannot get issuer key"));
return 0;
}
@@ -218,11 +217,11 @@ x509_generate_kn (int id, X509 *cert)
if (!skey)
{
free (ikey);
- LC (RSA_free, (key));
+ RSA_free (key);
LOG_DBG ((LOG_POLICY, 30, "x509_generate_kn: cannot get issuer key"));
return 0;
}
- LC (RSA_free, (key));
+ RSA_free (key);
buf_len = strlen (fmt) + strlen (ikey) + strlen (skey) + 56;
buf = calloc (buf_len, sizeof (char));
@@ -470,8 +469,7 @@ x509_generate_kn (int id, X509 *cert)
free (ikey);
free (skey);
- if (LK (kn_add_assertion, (id, buf, strlen (buf),
- ASSERT_FLAG_LOCAL)) == -1)
+ if (kn_add_assertion (id, buf, strlen (buf), ASSERT_FLAG_LOCAL) == -1)
{
LOG_DBG ((LOG_POLICY, 30,
"x509_generate_kn: failed to add new KeyNote credential"));
@@ -484,14 +482,14 @@ x509_generate_kn (int id, X509 *cert)
free (buf);
- if (!LC (X509_NAME_oneline, (issuer, isname, 256)))
+ if (!X509_NAME_oneline (issuer, isname, 256))
{
LOG_DBG ((LOG_POLICY, 50,
"x509_generate_kn: X509_NAME_oneline (issuer, ...) failed"));
return 0;
}
- if (!LC (X509_NAME_oneline, (subject, subname, 256)))
+ if (!X509_NAME_oneline (subject, subname, 256))
{
LOG_DBG ((LOG_POLICY, 50,
"x509_generate_kn: X509_NAME_oneline (subject, ...) failed"));
@@ -509,8 +507,7 @@ x509_generate_kn (int id, X509 *cert)
snprintf (buf, buf_len, fmt2, isname, subname, timecomp, before, timecomp2,
after);
- if (LK (kn_add_assertion, (id, buf, strlen (buf),
- ASSERT_FLAG_LOCAL)) == -1)
+ if (kn_add_assertion (id, buf, strlen (buf), ASSERT_FLAG_LOCAL) == -1)
{
LOG_DBG ((LOG_POLICY, 30,
"x509_generate_kn: failed to add new KeyNote credential"));
@@ -713,16 +710,16 @@ x509_read_from_dir (X509_STORE *ctx, char *name, int hash)
LOG_DBG ((LOG_CRYPTO, 60, "x509_read_from_dir: reading certificate %s",
file->d_name));
- certh = LC (BIO_new, (LC (BIO_s_file, ())));
+ certh = BIO_new (BIO_s_file ());
if (!certh)
{
log_error ("x509_read_from_dir: BIO_new (BIO_s_file ()) failed");
continue;
}
- if (LC (BIO_read_filename, (certh, fullname)) == -1)
+ if (BIO_read_filename (certh, fullname) == -1)
{
- LC (BIO_free, (certh));
+ BIO_free (certh);
log_error ("x509_read_from_dir: "
"BIO_read_filename (certh, \"%s\") failed",
fullname);
@@ -730,11 +727,11 @@ x509_read_from_dir (X509_STORE *ctx, char *name, int hash)
}
#if SSLEAY_VERSION_NUMBER >= 0x00904100L
- cert = LC (PEM_read_bio_X509, (certh, NULL, NULL, NULL));
+ cert = PEM_read_bio_X509 (certh, NULL, NULL, NULL);
#else
- cert = LC (PEM_read_bio_X509, (certh, NULL, NULL));
+ cert = PEM_read_bio_X509 (certh, NULL, NULL);
#endif
- LC (BIO_free, (certh));
+ BIO_free (certh);
if (cert == NULL)
{
log_print ("x509_read_from_dir: PEM_read_bio_X509 failed for %s",
@@ -742,7 +739,7 @@ x509_read_from_dir (X509_STORE *ctx, char *name, int hash)
continue;
}
- if (!LC (X509_STORE_add_cert, (ctx, cert)))
+ if (!X509_STORE_add_cert (ctx, cert))
{
/*
* This is actually expected if we have several certificates only
@@ -783,9 +780,9 @@ x509_cert_init (void)
/* Free if already initialized. */
if (x509_cas)
- LC (X509_STORE_free, (x509_cas));
+ X509_STORE_free (x509_cas);
- x509_cas = LC (X509_STORE_new, ());
+ x509_cas = X509_STORE_new ();
if (!x509_cas)
{
log_print ("x509_cert_init: creating new X509_STORE failed");
@@ -808,9 +805,9 @@ x509_cert_init (void)
/* Free if already initialized. */
if (x509_certs)
- LC (X509_STORE_free, (x509_certs));
+ X509_STORE_free (x509_certs);
- x509_certs = LC (X509_STORE_new, ());
+ x509_certs = X509_STORE_new ();
if (!x509_certs)
{
log_print ("x509_cert_init: creating new X509_STORE failed");
@@ -829,15 +826,6 @@ x509_cert_init (void)
void *
x509_cert_get (u_int8_t *asn, u_int32_t len)
{
-#ifndef USE_LIBCRYPTO
- /*
- * If we don't have a statically linked libcrypto, the dlopen must have
- * succeeded for X.509 to be usable.
- */
- if (!libcrypto)
- return 0;
-#endif
-
return x509_from_asn (asn, len);
}
@@ -854,10 +842,10 @@ x509_cert_validate (void *scert)
* Validate the peer certificate by checking with the CA certificates we
* trust.
*/
- LC (X509_STORE_CTX_init, (&csc, x509_cas, cert, NULL));
- res = LC (X509_verify_cert, (&csc));
+ X509_STORE_CTX_init (&csc, x509_cas, cert, NULL);
+ res = X509_verify_cert (&csc);
err = csc.error;
- LC (X509_STORE_CTX_cleanup, (&csc));
+ X509_STORE_CTX_cleanup (&csc);
/* Return if validation succeeded or self-signed certs are not accepted. */
if (res)
@@ -866,17 +854,17 @@ x509_cert_validate (void *scert)
{
if (err)
log_print ("x509_cert_validate: %.100s",
- LC (X509_verify_cert_error_string, (err)));
+ X509_verify_cert_error_string (err));
return res;
}
- issuer = LC (X509_get_issuer_name, (cert));
- subject = LC (X509_get_subject_name, (cert));
+ issuer = X509_get_issuer_name (cert);
+ subject = X509_get_subject_name (cert);
- if (!issuer || !subject || LC (X509_name_cmp, (issuer, subject)))
+ if (!issuer || !subject || X509_name_cmp (issuer, subject))
return 0;
- key = LC (X509_get_pubkey, (cert));
+ key = X509_get_pubkey (cert);
if (!key)
{
log_print ("x509_cert_validate: could not get public key from "
@@ -884,7 +872,7 @@ x509_cert_validate (void *scert)
return 0;
}
- if (LC (X509_verify, (cert, key)) == -1)
+ if (X509_verify (cert, key) == -1)
{
log_print ("x509_cert_validate: self-signed cert is bad");
return 0;
@@ -899,7 +887,7 @@ x509_cert_insert (int id, void *scert)
X509 *cert;
int res;
- cert = LC (X509_dup, ((X509 *)scert));
+ cert = X509_dup ((X509 *)scert);
if (!cert)
{
log_print ("x509_cert_insert: X509_dup failed");
@@ -915,14 +903,14 @@ x509_cert_insert (int id, void *scert)
{
LOG_DBG ((LOG_POLICY, 50,
"x509_cert_insert: x509_generate_kn failed"));
- LC (X509_free, (cert));
+ X509_free (cert);
return 0;
}
#endif /* USE_POLICY */
res = x509_hash_enter (cert);
if (!res)
- LC (X509_free, (cert));
+ X509_free (cert);
return res;
}
@@ -948,7 +936,7 @@ x509_cert_free (void *cert)
if (certh)
LIST_REMOVE (certh, link);
- LC (X509_free, ((X509 *)cert));
+ X509_free ((X509 *)cert);
}
/* Validate the BER Encoding of a RDNSequence in the CERT_REQ payload. */
@@ -1044,20 +1032,20 @@ x509_from_asn (u_char *asn, u_int len)
BIO *certh;
X509 *scert = 0;
- certh = LC (BIO_new, (LC (BIO_s_mem, ())));
+ certh = BIO_new (BIO_s_mem ());
if (!certh)
{
log_error ("x509_from_asn: BIO_new (BIO_s_mem ()) failed");
return 0;
}
- if (LC (BIO_write, (certh, asn, len)) == -1)
+ if (BIO_write (certh, asn, len) == -1)
{
log_error ("x509_from_asn: BIO_write failed\n");
goto end;
}
- scert = LC (d2i_X509_bio, (certh, NULL));
+ scert = d2i_X509_bio (certh, NULL);
if (!scert)
{
log_print ("x509_from_asn: d2i_X509_bio failed\n");
@@ -1065,7 +1053,7 @@ x509_from_asn (u_char *asn, u_int len)
}
end:
- LC (BIO_free, (certh));
+ BIO_free (certh);
return scert;
}
@@ -1110,7 +1098,7 @@ x509_cert_subjectaltname (X509 *scert, u_int8_t **altname, u_int32_t *len)
int extpos;
int santype, sanlen;
- extpos = LC (X509_get_ext_by_NID, (scert, NID_subject_alt_name, -1));
+ extpos = X509_get_ext_by_NID (scert, NID_subject_alt_name, -1);
if (extpos == -1)
{
log_print ("x509_cert_subjectaltname: "
@@ -1118,7 +1106,7 @@ x509_cert_subjectaltname (X509 *scert, u_int8_t **altname, u_int32_t *len)
return 0;
}
- subjectaltname = LC (X509_get_ext, (scert, extpos));
+ subjectaltname = X509_get_ext (scert, extpos);
if (!subjectaltname || !subjectaltname->value
|| !subjectaltname->value->data || subjectaltname->value->length < 4)
@@ -1184,13 +1172,13 @@ x509_cert_get_subjects (void *scert, int *cnt, u_int8_t ***id,
}
/* Stash the subjectName into the first slot. */
- subject = LC (X509_get_subject_name, (cert));
+ subject = X509_get_subject_name (cert);
if (!subject)
goto fail;
(*id_len)[0] =
- ISAKMP_ID_DATA_OFF + LC (i2d_X509_NAME, (subject, NULL)) - ISAKMP_GEN_SZ;
+ ISAKMP_ID_DATA_OFF + i2d_X509_NAME (subject, NULL) - ISAKMP_GEN_SZ;
(*id)[0] = malloc ((*id_len)[0]);
if (!(*id)[0])
{
@@ -1199,7 +1187,7 @@ x509_cert_get_subjects (void *scert, int *cnt, u_int8_t ***id,
}
SET_ISAKMP_ID_TYPE ((*id)[0] - ISAKMP_GEN_SZ, IPSEC_ID_DER_ASN1_DN);
ubuf = (*id)[0] + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ;
- LC (i2d_X509_NAME, (subject, &ubuf));
+ i2d_X509_NAME (subject, &ubuf);
/* Stash the subjectAltName into the second slot. */
type = x509_cert_subjectaltname (cert, &altname, &altlen);
@@ -1283,17 +1271,17 @@ x509_cert_get_key (void *scert, void *keyp)
X509 *cert = scert;
EVP_PKEY *key;
- key = LC (X509_get_pubkey, (cert));
+ key = X509_get_pubkey (cert);
/* Check if we got the right key type. */
if (key->type != EVP_PKEY_RSA)
{
log_print ("x509_cert_get_key: public key is not a RSA key");
- LC (X509_free, (cert));
+ X509_free (cert);
return 0;
}
- *(RSA **)keyp = LC (RSAPublicKey_dup, (key->pkey.rsa));
+ *(RSA **)keyp = RSAPublicKey_dup (key->pkey.rsa);
return *(RSA **)keyp == NULL ? 0 : 1;
}
@@ -1301,7 +1289,7 @@ x509_cert_get_key (void *scert, void *keyp)
void *
x509_cert_dup (void *scert)
{
- return LC (X509_dup, (scert));
+ return X509_dup (scert);
}
void
@@ -1309,7 +1297,7 @@ x509_serialize (void *scert, u_int8_t **data, u_int32_t *datalen)
{
u_int8_t *p;
- *datalen = LC (i2d_X509, ((X509 *) scert, NULL));
+ *datalen = i2d_X509 ((X509 *) scert, NULL);
*data = p = malloc (*datalen);
if (!p)
{
@@ -1317,7 +1305,7 @@ x509_serialize (void *scert, u_int8_t **data, u_int32_t *datalen)
return;
}
- *datalen = LC (i2d_X509, ((X509 *)scert, &p));
+ *datalen = i2d_X509 ((X509 *)scert, &p);
}
/* From cert to printable */
@@ -1386,19 +1374,19 @@ x509_DN_string (u_int8_t *asn1, size_t sz)
/* XXX Just a guess at a maximum length. */
char buf[256];
- name = LC (d2i_X509_NAME, (NULL, &p, sz));
+ name = d2i_X509_NAME (NULL, &p, sz);
if (!name)
{
log_print ("x509_DN_string: d2i_X509_NAME failed");
return 0;
}
- if (!LC (X509_NAME_oneline, (name, buf, sizeof buf - 1)))
+ if (!X509_NAME_oneline (name, buf, sizeof buf - 1))
{
log_print ("x509_DN_string: X509_NAME_oneline failed");
- LC (X509_NAME_free, (name));
+ X509_NAME_free (name);
return 0;
}
- LC (X509_NAME_free, (name));
+ X509_NAME_free (name);
buf[sizeof buf - 1] = '\0';
return strdup (buf);
}