diff options
| -rw-r--r-- | sbin/isakmpd/dnssec.c | 67 | ||||
| -rw-r--r-- | sbin/isakmpd/dnssec.h | 5 | ||||
| -rw-r--r-- | sbin/isakmpd/ike_auth.c | 8 | ||||
| -rw-r--r-- | sbin/isakmpd/libcrypto.c | 5 | ||||
| -rw-r--r-- | sbin/isakmpd/libcrypto.h | 5 |
5 files changed, 49 insertions, 41 deletions
diff --git a/sbin/isakmpd/dnssec.c b/sbin/isakmpd/dnssec.c index 646fc883161..2203d99ef4d 100644 --- a/sbin/isakmpd/dnssec.c +++ b/sbin/isakmpd/dnssec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dnssec.c,v 1.2 2001/01/27 12:03:32 niklas Exp $ */ +/* $OpenBSD: dnssec.c,v 1.3 2001/01/27 15:39:54 ho Exp $ */ /* * Copyright (c) 2001 Håkan Olsson. All rights reserved. @@ -26,34 +26,33 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include <stdlib.h> -#include <string.h> - +#include <sys/types.h> #include <netinet/in.h> #include <arpa/nameser.h> #include <arpa/inet.h> +#include <stdlib.h> + +#include <openssl/rsa.h> #include <dns/keyvalues.h> #include <lwres/lwres.h> #include <lwres/netdb.h> -#include <openssl/rsa.h> - #include "sysdep.h" +#include "dnssec.h" #include "exchange.h" +#include "ipsec_num.h" +#include "libcrypto.h" #include "log.h" #include "message.h" #include "transport.h" -#include "ipsec_num.h" -#include "dnssec.h" - /* adapted from <dns/rdatastruct.h> / RFC 2535 */ struct dns_rdata_key { - u_int16_t flags; - u_int8_t protocol; - u_int8_t algorithm; - u_int16_t datalen; + u_int16_t flags; + u_int8_t protocol; + u_int8_t algorithm; + u_int16_t datalen; unsigned char *data; }; @@ -76,18 +75,18 @@ dns_get_key (int type, struct message *msg, int *keylen) case IKE_AUTH_RSA_ENC: case IKE_AUTH_RSA_ENC_REV: - /* XXX Not yes. */ + /* XXX Not yet. */ /* algorithm = DNS_KEYALG_RSA; */ - return NULL; + return 0; case IKE_AUTH_DSS: /* XXX Not yet. */ /* algorithm = DNS_KEYALG_DSS; */ - return NULL; + return 0; case IKE_AUTH_PRE_SHARED: default: - return NULL; + return 0; } /* Get peer IP address */ @@ -102,7 +101,7 @@ dns_get_key (int type, struct message *msg, int *keylen) "dns_get_key: lwres_gethostbyaddr (%s) failed: %s", inet_ntoa (((struct sockaddr_in *)dst)->sin_addr), lwres_hstrerror (lwres_h_errno))); - return NULL; + return 0; } /* Try host official name */ @@ -119,7 +118,7 @@ dns_get_key (int type, struct message *msg, int *keylen) hostent->h_aliases[i])); ret = lwres_getrrsetbyname (hostent->h_aliases[i], C_IN, T_KEY, 0, &rr); - i ++; + i++; } } @@ -127,7 +126,7 @@ dns_get_key (int type, struct message *msg, int *keylen) { LOG_DBG ((LOG_MISC, 30, "dns_get_key: no DNS responses (error %d)", ret)); - return NULL; + return 0; } LOG_DBG ((LOG_MISC, 80, @@ -140,7 +139,7 @@ dns_get_key (int type, struct message *msg, int *keylen) { LOG_DBG ((LOG_MISC, 10, "dns_get_key: got unvalidated response")); lwres_freerrset (rr); - return NULL; + return 0; } /* Sanity. */ @@ -148,16 +147,16 @@ dns_get_key (int type, struct message *msg, int *keylen) { LOG_DBG ((LOG_MISC, 30, "dns_get_key: no KEY RRs recieved")); lwres_freerrset (rr); - return NULL; + return 0; } - memset (&key_rr, 0, sizeof (key_rr)); + memset (&key_rr, 0, sizeof key_rr); /* * Find a key with the wanted algorithm, if any. * XXX If there are several keys present, we currently only find the first. */ - for (i = 0; i < rr->rri_nrdatas && key_rr.datalen == 0; i ++) + for (i = 0; i < rr->rri_nrdatas && key_rr.datalen == 0; i++) { key_rr.flags = ntohs ((u_int16_t) *rr->rri_rdatas[i].rdi_data); key_rr.protocol = *(rr->rri_rdatas[i].rdi_data + 2); @@ -175,7 +174,7 @@ dns_get_key (int type, struct message *msg, int *keylen) continue; } - key_rr.datalen = rr->rri_rdatas[i].rdi_length - 4; + key_rr.datalen = rr->rri_rdatas[i].rdi_length - 4; if (key_rr.datalen <= 0) { LOG_DBG ((LOG_MISC, 50, "dns_get_key: ignored bad key")); @@ -189,7 +188,7 @@ dns_get_key (int type, struct message *msg, int *keylen) { log_error ("dns_get_key: malloc (%d) failed", key_rr.datalen); lwres_freerrset (rr); - return NULL; + return 0; } memcpy (key_rr.data, rr->rri_rdatas[i].rdi_data + 4, key_rr.datalen); *keylen = key_rr.datalen; @@ -200,7 +199,7 @@ dns_get_key (int type, struct message *msg, int *keylen) if (key_rr.datalen) return key_rr.data; else - return NULL; + return 0; } int @@ -216,8 +215,8 @@ dns_RSA_dns_to_x509 (u_int8_t *key, int keylen, RSA **rsa_key) return -1; } - rsa = RSA_new (); - if (!rsa) + rsa = LC (RSA_new, ()); + if (rsa == NULL) { log_error ("dns_RSA_dns_to_x509: failed to allocate new RSA struct"); return -1; @@ -231,7 +230,7 @@ dns_RSA_dns_to_x509 (u_int8_t *key, int keylen, RSA **rsa_key) if (keylen < 3) { log_print ("dns_RSA_dns_to_x509: invalid public key"); - RSA_free (rsa); + LC (RSA_free, (rsa)); return -1; } e_len = *(key + key_offset++) << 8; @@ -241,21 +240,21 @@ dns_RSA_dns_to_x509 (u_int8_t *key, int keylen, RSA **rsa_key) if (e_len > (keylen - key_offset)) { log_print ("dns_RSA_dns_to_x509: invalid public key"); - RSA_free (rsa); + LC (RSA_free, (rsa)); return -1; } - rsa->e = BN_bin2bn (key + key_offset, e_len, NULL); + rsa->e = LC (BN_bin2bn, (key + key_offset, e_len, NULL)); key_offset += e_len; /* XXX if (keylen <= key_offset) -> "invalid public key" ? */ - rsa->n = BN_bin2bn (key + key_offset, keylen - key_offset, NULL); + rsa->n = LC (BN_bin2bn, (key + key_offset, keylen - key_offset, NULL)); *rsa_key = rsa; LOG_DBG ((LOG_MISC, 30, "dns_RSA_dns_to_x509: got %d bits RSA key", - BN_num_bits (rsa->n))); + LC (BN_num_bits, (rsa->n)))); return 0; } diff --git a/sbin/isakmpd/dnssec.h b/sbin/isakmpd/dnssec.h index 21377aea40c..561fade546a 100644 --- a/sbin/isakmpd/dnssec.h +++ b/sbin/isakmpd/dnssec.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dnssec.h,v 1.2 2001/01/27 12:03:32 niklas Exp $ */ +/* $OpenBSD: dnssec.h,v 1.3 2001/01/27 15:39:54 ho Exp $ */ /* * Copyright (c) 2001 Håkan Olsson. All rights reserved. @@ -26,6 +26,9 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "libcrypto.h" +#include "message.h" + void *dns_get_key (int, struct message *, int *); int dns_RSA_dns_to_x509 (u_int8_t *, int, RSA **); diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c index 95042e9f0fc..cc3b07c9e8b 100644 --- a/sbin/isakmpd/ike_auth.c +++ b/sbin/isakmpd/ike_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_auth.c,v 1.36 2001/01/27 12:03:32 niklas Exp $ */ +/* $OpenBSD: ike_auth.c,v 1.37 2001/01/27 15:39:54 ho Exp $ */ /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */ /* @@ -56,6 +56,9 @@ #include "cert.h" #include "conf.h" #include "constants.h" +#if defined(USE_DNSSEC) +#include "dnssec.h" +#endif #include "exchange.h" #include "gmp_util.h" #include "hash.h" @@ -68,9 +71,6 @@ #include "prf.h" #include "transport.h" #include "util.h" -#ifdef USE_DNSSEC -#include "dnssec.h" -#endif #ifdef notyet static u_int8_t *enc_gen_skeyid (struct exchange *, size_t *); diff --git a/sbin/isakmpd/libcrypto.c b/sbin/isakmpd/libcrypto.c index d03eb2b5b07..a438f763172 100644 --- a/sbin/isakmpd/libcrypto.c +++ b/sbin/isakmpd/libcrypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: libcrypto.c,v 1.10 2001/01/27 12:03:33 niklas Exp $ */ +/* $OpenBSD: libcrypto.c,v 1.11 2001/01/27 15:39:55 ho Exp $ */ /* $EOM: libcrypto.c,v 1.14 2000/09/28 12:53:27 niklas Exp $ */ /* @@ -59,10 +59,13 @@ BIO *(*lc_BIO_new) (BIO_METHOD *type); int (*lc_BIO_write) (BIO *, char *, int); BIO_METHOD *(*lc_BIO_s_file) (void); BIO_METHOD *(*lc_BIO_s_mem) (void); +BIGNUM *(*lc_BN_bin2bn) (const unsigned char *, int, BIGNUM *); +int (*lc_BN_num_bits) (const BIGNUM *); int (*lc_BN_print_fp) (FILE *, BIGNUM *); char *(*lc_PEM_ASN1_read_bio) (char *(*) (), char *, BIO *, char **, int (*) ()); void (*lc_RSA_free) (RSA *); +RSA *(*lc_RSA_new) (void); RSA *(*lc_RSA_generate_key) (int, unsigned long, void (*) (int, int, char *), char *); int (*lc_RSA_private_encrypt) (int, unsigned char *, unsigned char *, RSA *, diff --git a/sbin/isakmpd/libcrypto.h b/sbin/isakmpd/libcrypto.h index 7f6841ddb3c..5d667fd2b6b 100644 --- a/sbin/isakmpd/libcrypto.h +++ b/sbin/isakmpd/libcrypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: libcrypto.h,v 1.8 2000/10/07 06:59:16 niklas Exp $ */ +/* $OpenBSD: libcrypto.h,v 1.9 2001/01/27 15:39:55 ho Exp $ */ /* $EOM: libcrypto.h,v 1.16 2000/09/28 12:53:27 niklas Exp $ */ /* @@ -78,10 +78,13 @@ extern BIO *(*lc_BIO_new) (BIO_METHOD *type); extern int (*lc_BIO_write) (BIO *, char *, int); extern BIO_METHOD *(*lc_BIO_s_file) (void); extern BIO_METHOD *(*lc_BIO_s_mem) (void); +extern BIGNUM *(*lc_BN_bin2bn) (const unsigned char *, int, BIGNUM *); +extern int (*lc_BN_num_bits) (const BIGNUM *); extern int (*lc_BN_print_fp) (FILE *, BIGNUM *); extern char *(*lc_PEM_ASN1_read_bio) (char *(*) (), char *, BIO *, char **, int (*) ()); extern void (*lc_RSA_free) (RSA *); +extern RSA *(*lc_RSA_new) (void); extern RSA *(*lc_RSA_generate_key) (int, unsigned long, void (*) (int, int, char *), char *); extern int (*lc_RSA_private_encrypt) (int, unsigned char *, unsigned char *, |