diff options
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/isakmpd/Makefile | 7 | ||||
-rw-r--r-- | sbin/isakmpd/dnssec.c | 14 | ||||
-rw-r--r-- | sbin/isakmpd/dyn.c | 82 | ||||
-rw-r--r-- | sbin/isakmpd/dyn.h | 54 | ||||
-rw-r--r-- | sbin/isakmpd/exchange.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/ike_auth.c | 64 | ||||
-rw-r--r-- | sbin/isakmpd/ike_quick_mode.c | 43 | ||||
-rw-r--r-- | sbin/isakmpd/init.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/key.c | 23 | ||||
-rw-r--r-- | sbin/isakmpd/libcrypto.c | 185 | ||||
-rw-r--r-- | sbin/isakmpd/libcrypto.h | 136 | ||||
-rw-r--r-- | sbin/isakmpd/policy.c | 85 | ||||
-rw-r--r-- | sbin/isakmpd/policy.h | 34 | ||||
-rw-r--r-- | sbin/isakmpd/regress/rsakeygen/rsakeygen.c | 42 | ||||
-rw-r--r-- | sbin/isakmpd/regress/x509/x509test.c | 40 | ||||
-rw-r--r-- | sbin/isakmpd/sa.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/sysdep/bsdi/GNUmakefile.sysdep | 3 | ||||
-rw-r--r-- | sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep | 4 | ||||
-rw-r--r-- | sbin/isakmpd/sysdep/linux/Makefile.sysdep | 8 | ||||
-rw-r--r-- | sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep | 3 | ||||
-rw-r--r-- | sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep | 10 | ||||
-rw-r--r-- | sbin/isakmpd/sysdep/openbsd/Makefile.sysdep | 8 | ||||
-rw-r--r-- | sbin/isakmpd/x509.c | 154 |
23 files changed, 208 insertions, 804 deletions
diff --git a/sbin/isakmpd/Makefile b/sbin/isakmpd/Makefile index 1d0fe019263..ac9e35cf432 100644 --- a/sbin/isakmpd/Makefile +++ b/sbin/isakmpd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.45 2002/03/05 00:10:56 deraadt Exp $ +# $OpenBSD: Makefile,v 1.46 2002/06/10 18:08:58 ho Exp $ # $EOM: Makefile,v 1.78 2000/10/15 21:33:42 niklas Exp $ # @@ -154,11 +154,6 @@ DPADD+= ${LIBGMP} CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_OPENSSL .endif -.ifdef HAVE_DLOPEN -CFLAGS+= -DHAVE_DLOPEN -SRCS+= dyn.c -.endif - .ifdef USE_KEYNOTE USE_LIBCRYPTO= yes USE_LIBDES= yes diff --git a/sbin/isakmpd/dnssec.c b/sbin/isakmpd/dnssec.c index e0482300a3c..ceb5092cc9a 100644 --- a/sbin/isakmpd/dnssec.c +++ b/sbin/isakmpd/dnssec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dnssec.c,v 1.13 2002/06/09 08:13:06 todd Exp $ */ +/* $OpenBSD: dnssec.c,v 1.14 2002/06/10 18:08:58 ho Exp $ */ /* * Copyright (c) 2001 Håkan Olsson. All rights reserved. @@ -264,7 +264,7 @@ dns_RSA_dns_to_x509 (u_int8_t *key, int keylen, RSA **rsa_key) return -1; } - rsa = LC (RSA_new, ()); + rsa = RSA_new (); if (rsa == NULL) { log_error ("dns_RSA_dns_to_x509: failed to allocate new RSA struct"); @@ -279,7 +279,7 @@ dns_RSA_dns_to_x509 (u_int8_t *key, int keylen, RSA **rsa_key) if (keylen < 3) { log_print ("dns_RSA_dns_to_x509: invalid public key"); - LC (RSA_free, (rsa)); + RSA_free (rsa); return -1; } e_len = *(key + key_offset++) << 8; @@ -289,21 +289,21 @@ dns_RSA_dns_to_x509 (u_int8_t *key, int keylen, RSA **rsa_key) if (e_len > (keylen - key_offset)) { log_print ("dns_RSA_dns_to_x509: invalid public key"); - LC (RSA_free, (rsa)); + RSA_free (rsa); return -1; } - rsa->e = LC (BN_bin2bn, (key + key_offset, e_len, NULL)); + rsa->e = BN_bin2bn (key + key_offset, e_len, NULL); key_offset += e_len; /* XXX if (keylen <= key_offset) -> "invalid public key" ? */ - rsa->n = LC (BN_bin2bn, (key + key_offset, keylen - key_offset, NULL)); + rsa->n = BN_bin2bn (key + key_offset, keylen - key_offset, NULL); *rsa_key = rsa; LOG_DBG ((LOG_MISC, 30, "dns_RSA_dns_to_x509: got %d bits RSA key", - LC (BN_num_bits, (rsa->n)))); + BN_num_bits (rsa->n))); return 0; } diff --git a/sbin/isakmpd/dyn.c b/sbin/isakmpd/dyn.c deleted file mode 100644 index a189c4d138d..00000000000 --- a/sbin/isakmpd/dyn.c +++ /dev/null @@ -1,82 +0,0 @@ -/* $OpenBSD: dyn.c,v 1.1 1999/08/28 11:54:55 niklas Exp $ */ -/* $EOM: dyn.c,v 1.2 1999/08/26 11:13:36 niklas Exp $ */ - -/* - * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Ericsson Radio Systems. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code was written under funding by Ericsson Radio Systems. - */ - -#include <dlfcn.h> - -#include "sysdep.h" - -#include "dyn.h" -#include "log.h" - -int -dyn_load (struct dynload_script *scr) -{ - int i; - void **desc = 0; - - for (i = 0; scr[i].op != EOS; i++) - switch (scr[i].op) - { - case LOAD: - desc = scr[i].ptr; - *desc = dlopen (scr[i].name, DL_LAZY); - if (!*desc) - { - log_print ("dyn_load: dlopen (\"%s\", DL_LAZY) failed: %s", - scr[i].name, dlerror ()); - return 0; - } - break; - - case SYM: - if (!desc || !*desc) - continue; - *scr[i].ptr = dlsym (*desc, scr[i].name); - if (!*scr[i].ptr) - { - log_print ("dyn_load: dlsym (\"%s\") failed: %s", scr[i].name, - dlerror ()); - *desc = 0; - return 0; - } - break; - - default: - log_print ("dyn_load: bad operation (%d) on entry %d, ignoring", - scr[i].op, i); - } - return 1; -} diff --git a/sbin/isakmpd/dyn.h b/sbin/isakmpd/dyn.h deleted file mode 100644 index dbfeb70e9a4..00000000000 --- a/sbin/isakmpd/dyn.h +++ /dev/null @@ -1,54 +0,0 @@ -/* $OpenBSD: dyn.h,v 1.1 1999/08/28 11:54:55 niklas Exp $ */ -/* $EOM: dyn.h,v 1.1 1999/08/12 22:34:27 niklas Exp $ */ - -/* - * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Ericsson Radio Systems. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code was written under funding by Ericsson Radio Systems. - */ - -#ifndef _DYN_H_ -#define _DYN_H_ - -#ifdef SYMBOL_PREFIX -#define SYM(x) SYMBOL_PREFIX #x -#else -#define SYM(x) #x -#endif - -struct dynload_script { - enum { LOAD, SYM, EOS } op; - char *name; - void **ptr; -}; - -int dyn_load (struct dynload_script *); - -#endif /* _DYN_H_ */ diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c index 6da0b577059..553d7f62d4b 100644 --- a/sbin/isakmpd/exchange.c +++ b/sbin/isakmpd/exchange.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exchange.c,v 1.66 2002/06/07 19:53:19 ho Exp $ */ +/* $OpenBSD: exchange.c,v 1.67 2002/06/10 18:08:58 ho Exp $ */ /* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */ /* @@ -1268,7 +1268,7 @@ exchange_free_aux (void *v_exch) #if defined (POLICY) || defined (KEYNOTE) if (exchange->policy_id != -1) - LK (kn_close, (exchange->policy_id)); + kn_close (exchange->policy_id); #endif exchange_free_aca_list (exchange); diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c index 0bfc004c542..5fac75637d1 100644 --- a/sbin/isakmpd/ike_auth.c +++ b/sbin/isakmpd/ike_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_auth.c,v 1.64 2002/06/09 08:13:06 todd Exp $ */ +/* $OpenBSD: ike_auth.c,v 1.65 2002/06/10 18:08:58 ho Exp $ */ /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */ /* @@ -194,10 +194,6 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen) case IKE_AUTH_RSA_SIG: #if defined (USE_X509) || defined (USE_KEYNOTE) -#ifdef HAVE_DLOPEN - if (!libcrypto) - return 0; -#endif #if defined (USE_KEYNOTE) if (local_id && (keyfile = conf_get_str ("KeyNote", "Credential-directory")) != 0) @@ -262,7 +258,7 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen) buf2 = kn_get_string (buf); free (buf); - if (LK (kn_decode_key, (&dc, buf2, KEYNOTE_PRIVATE_KEY)) == -1) + if (kn_decode_key (&dc, buf2, KEYNOTE_PRIVATE_KEY) == -1) { free (buf2); log_print ("ike_auth_get_key: failed decoding key in \"%s\"", @@ -278,7 +274,7 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen) log_print ("ike_auth_get_key: wrong algorithm type %d in \"%s\"", dc.dec_algorithm, keyfile); free (keyfile); - LK (kn_free_key, (&dc)); + kn_free_key (&dc); return 0; } @@ -295,28 +291,28 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen) if (check_file_secrecy (keyfile, 0)) return 0; - keyh = LC (BIO_new, (LC (BIO_s_file, ()))); + keyh = BIO_new (BIO_s_file ()); if (keyh == NULL) { log_print ("ike_auth_get_key: " "BIO_new (BIO_s_file ()) failed"); return 0; } - if (LC (BIO_read_filename, (keyh, keyfile)) == -1) + if (BIO_read_filename (keyh, keyfile) == -1) { log_print ("ike_auth_get_key: " "BIO_read_filename (keyh, \"%s\") failed", keyfile); - LC (BIO_free, (keyh)); + BIO_free (keyh); return 0; } #if SSLEAY_VERSION_NUMBER >= 0x00904100L - rsakey = LC (PEM_read_bio_RSAPrivateKey, (keyh, NULL, NULL, NULL)); + rsakey = PEM_read_bio_RSAPrivateKey (keyh, NULL, NULL, NULL); #else - rsakey = LC (PEM_read_bio_RSAPrivateKey, (keyh, NULL, NULL)); + rsakey = PEM_read_bio_RSAPrivateKey (keyh, NULL, NULL); #endif - LC (BIO_free, (keyh)); + BIO_free (keyh); if (!rsakey) { log_print ("ike_auth_get_key: PEM_read_bio_RSAPrivateKey failed"); @@ -625,7 +621,7 @@ rsa_sig_decode_hash (struct message *msg) * We need the policy session initialized now, so we can add * credentials etc. */ - exchange->policy_id = LK (kn_init, ()); + exchange->policy_id = kn_init (); if (exchange->policy_id == -1) { log_print ("rsa_sig_decode_hash: failed to initialize policy session"); @@ -761,11 +757,11 @@ rsa_sig_decode_hash (struct message *msg) dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA; dc.dec_key = key; - pp = LK (kn_encode_key, (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX, - KEYNOTE_PUBLIC_KEY)); + pp = kn_encode_key (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX, + KEYNOTE_PUBLIC_KEY); if (pp == NULL) { - LK (kn_free_key, (&dc)); + kn_free_key (&dc); log_print ("rsa_sig_decode_hash: failed to ASCII-encode key"); return -1; } @@ -775,7 +771,7 @@ rsa_sig_decode_hash (struct message *msg) if (!exchange->keynote_key) { free (pp); - LK (kn_free_key, (&dc)); + kn_free_key (&dc); log_print ("rsa_sig_decode_hash: failed to allocate %d bytes", dclen); return -1; @@ -823,15 +819,15 @@ rsa_sig_decode_hash (struct message *msg) if (!p) { log_print ("rsa_sig_decode_hash: missing signature payload"); - LC (RSA_free, (key)); + RSA_free (key); return -1; } /* Check that the sig is of the correct size. */ len = GET_ISAKMP_GEN_LENGTH (p->p) - ISAKMP_SIG_SZ; - if (len != LC (RSA_size, (key))) + if (len != RSA_size (key)) { - LC (RSA_free, (key)); + RSA_free (key); log_print ("rsa_sig_decode_hash: " "SIG payload length does not match public key"); return -1; @@ -840,16 +836,16 @@ rsa_sig_decode_hash (struct message *msg) *hash_p = malloc (len); if (!*hash_p) { - LC (RSA_free, (key)); + RSA_free (key); log_error ("rsa_sig_decode_hash: malloc (%d) failed", len); return -1; } - len = LC (RSA_public_decrypt, (len, p->p + ISAKMP_SIG_DATA_OFF, *hash_p, key, - RSA_PKCS1_PADDING)); + len = RSA_public_decrypt (len, p->p + ISAKMP_SIG_DATA_OFF, *hash_p, key, + RSA_PKCS1_PADDING); if (len == -1) { - LC (RSA_free, (key)); + RSA_free (key); log_print ("rsa_sig_decode_hash: RSA_public_decrypt () failed"); return -1; } @@ -1113,16 +1109,16 @@ rsa_sig_encode_hash (struct message *msg) snprintf (header, 80, "rsa_sig_encode_hash: HASH_%c", initiator ? 'I' : 'R'); LOG_DBG_BUF ((LOG_MISC, 80, header, buf, hashsize)); - data = malloc (LC (RSA_size, (exchange->sent_key))); + data = malloc (RSA_size (exchange->sent_key)); if (!data) { log_error ("rsa_sig_encode_hash: malloc (%d) failed", - LC (RSA_size, (exchange->sent_key))); + RSA_size (exchange->sent_key)); return -1; } - datalen = LC (RSA_private_encrypt, (hashsize, buf, data, - exchange->sent_key, RSA_PKCS1_PADDING)); + datalen = RSA_private_encrypt (hashsize, buf, data, exchange->sent_key, + RSA_PKCS1_PADDING); if (datalen == -1) { log_print ("rsa_sig_encode_hash: RSA_private_encrypt () failed"); @@ -1230,23 +1226,23 @@ get_raw_key_from_file (int type, u_int8_t *id, size_t id_len, RSA **rsa) /* If the file does not exist, fail silently. */ if (stat (filename, &st) == 0) { - bio = LC (BIO_new, (LC (BIO_s_file, ()))); + bio = BIO_new (BIO_s_file ()); if (!bio) { log_error ("get_raw_key_from_file: could not initialize BIO"); return -1; } - if (LC (BIO_read_filename, (bio, filename)) <= 0) + if (BIO_read_filename (bio, filename) <= 0) { LOG_DBG((LOG_NEGOTIATION, 50, "get_raw_key_from_file: " "BIO_read_filename(bio, \"%s\") failed", filename)); - LC (BIO_free, (bio)); + BIO_free (bio); return -1; } LOG_DBG((LOG_NEGOTIATION, 80, "get_raw_key_from_file: reading file %s", filename)); - *rsa = LC (PEM_read_bio_RSA_PUBKEY, (bio, NULL, NULL, NULL)); - LC (BIO_free, (bio)); + *rsa = PEM_read_bio_RSA_PUBKEY (bio, NULL, NULL, NULL); + BIO_free (bio); } else LOG_DBG((LOG_NEGOTIATION, 50, "get_raw_key_from_file: file %s not found", diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index a8030e0d317..0272dec11c9 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.62 2002/06/07 21:59:22 ho Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.63 2002/06/10 18:08:58 ho Exp $ */ /* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */ /* @@ -120,7 +120,7 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) /* Initialize if necessary -- e.g., if pre-shared key auth was used */ if (isakmp_sa->policy_id < 0) { - if ((isakmp_sa->policy_id = LK (kn_init, ())) == -1) + if ((isakmp_sa->policy_id = kn_init ()) == -1) { log_print ("check_policy: failed to initialize policy session"); return 0; @@ -128,15 +128,13 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) } /* Add the callback that will handle attributes. */ - if (LK (kn_add_action, (isakmp_sa->policy_id, ".*", - (char *) policy_callback, - ENVIRONMENT_FLAG_FUNC | ENVIRONMENT_FLAG_REGEX)) - == -1) + if (kn_add_action (isakmp_sa->policy_id, ".*", (char *) policy_callback, + ENVIRONMENT_FLAG_FUNC | ENVIRONMENT_FLAG_REGEX) == -1) { log_print ("check_policy: " "kn_add_action (%d, \".*\", %p, FUNC | REGEX) failed", isakmp_sa->policy_id, policy_callback); - LK (kn_close, (isakmp_sa->policy_id)); + kn_close (isakmp_sa->policy_id); isakmp_sa->policy_id = -1; return 0; } @@ -155,10 +153,10 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) /* Add the policy assertions */ for (i = 0; i < keynote_policy_asserts_num; i++) - keynote_ids[i] = LK (kn_add_assertion, (isakmp_sa->policy_id, - keynote_policy_asserts[i], - strlen (keynote_policy_asserts[i]), - ASSERT_FLAG_LOCAL)); + keynote_ids[i] = kn_add_assertion (isakmp_sa->policy_id, + keynote_policy_asserts[i], + strlen (keynote_policy_asserts[i]), + ASSERT_FLAG_LOCAL); /* Initialize -- we'll let the callback do all the work. */ policy_exchange = exchange; @@ -275,9 +273,9 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) } dc.dec_key = isakmp_sa->recv_key; - principal[0] = LK (kn_encode_key, (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX, - KEYNOTE_PUBLIC_KEY)); - if (LKV (keynote_errno) == ERROR_MEMORY) + principal[0] = kn_encode_key (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX, + KEYNOTE_PUBLIC_KEY); + if (keynote_errno == ERROR_MEMORY) { log_print ("check_policy: failed to get memory for public key"); goto policydone; @@ -304,7 +302,7 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) principal[1] = 0; /* Generate a "DN:" principal. */ - subject = LC (X509_get_subject_name, (isakmp_sa->recv_cert)); + subject = X509_get_subject_name (isakmp_sa->recv_cert); if (subject) { principal[1] = calloc (259, sizeof (char)); @@ -315,7 +313,7 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) goto policydone; } strlcpy (principal[1], "DN:", 259); - LC (X509_NAME_oneline, (subject, principal[1] + 3, 256)); + X509_NAME_oneline (subject, principal[1] + 3, 256); nprinc = 2; } else { nprinc = 1; @@ -350,29 +348,28 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) LOG_DBG ((LOG_POLICY, 40, "check_policy: adding authorizer [%s]", principal[i])); - if (LK (kn_add_authorizer, (isakmp_sa->policy_id, principal[i])) == -1) + if (kn_add_authorizer (isakmp_sa->policy_id, principal[i]) == -1) { int j; for (j = 0; j < i; j++) - LK (kn_remove_authorizer, (isakmp_sa->policy_id, principal[j])); + kn_remove_authorizer (isakmp_sa->policy_id, principal[j]); log_print ("check_policy: kn_add_authorizer failed"); goto policydone; } } /* Ask policy */ - result = LK (kn_do_query, (isakmp_sa->policy_id, return_values, - RETVALUES_NUM)); + result = kn_do_query (isakmp_sa->policy_id, return_values, RETVALUES_NUM); LOG_DBG ((LOG_POLICY, 40, "check_policy: kn_do_query returned %d", result)); /* Cleanup environment */ - LK (kn_cleanup_action_environment, (isakmp_sa->policy_id)); + kn_cleanup_action_environment (isakmp_sa->policy_id); /* Remove authorizers from the session */ for (i = 0; i < nprinc; i++) { - LK (kn_remove_authorizer, (isakmp_sa->policy_id, principal[i])); + kn_remove_authorizer (isakmp_sa->policy_id, principal[i]); free (principal[i]); } @@ -400,7 +397,7 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) for (i = 0; i < keynote_policy_asserts_num; i++) { if (keynote_ids[i] != -1) - LK (kn_remove_assertion, (isakmp_sa->policy_id, keynote_ids[i])); + kn_remove_assertion (isakmp_sa->policy_id, keynote_ids[i]); } if (keynote_ids) diff --git a/sbin/isakmpd/init.c b/sbin/isakmpd/init.c index a9dd80a78f1..9516740f697 100644 --- a/sbin/isakmpd/init.c +++ b/sbin/isakmpd/init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: init.c,v 1.18 2001/12/10 03:34:51 ho Exp $ */ +/* $OpenBSD: init.c,v 1.19 2002/06/10 18:08:58 ho Exp $ */ /* $EOM: init.c,v 1.25 2000/03/30 14:27:24 ho Exp $ */ /* @@ -117,9 +117,6 @@ reinit (void) /* Reread config file. */ conf_reinit (); - /* Try again to link in libcrypto (good if we started without /usr). */ - libcrypto_init (); - /* Set timezone */ tzset (); diff --git a/sbin/isakmpd/key.c b/sbin/isakmpd/key.c index 3e00f2142d1..eb717907be6 100644 --- a/sbin/isakmpd/key.c +++ b/sbin/isakmpd/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.10 2002/06/01 07:44:21 deraadt Exp $ */ +/* $OpenBSD: key.c,v 1.11 2002/06/10 18:08:58 ho Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -24,7 +24,6 @@ #include "sysdep.h" -#include "dyn.h" #include "key.h" #include "libcrypto.h" #include "log.h" @@ -40,7 +39,7 @@ key_free (int type, int private, void *key) free (key); break; case ISAKMP_KEY_RSA: - LC (RSA_free, (key)); + RSA_free (key); break; case ISAKMP_KEY_NONE: default: @@ -65,7 +64,7 @@ key_serialize (int type, int private, void *key, u_int8_t **data, size_t *datale switch (private) { case ISAKMP_KEYTYPE_PUBLIC: - *datalen = LC (i2d_RSAPublicKey, ((RSA *)key, NULL)); + *datalen = i2d_RSAPublicKey ((RSA *)key, NULL); *data = p = malloc (*datalen); if (!p) { @@ -73,11 +72,11 @@ key_serialize (int type, int private, void *key, u_int8_t **data, size_t *datale (unsigned long)*datalen); return; } - *datalen = LC (i2d_RSAPublicKey, ((RSA *)key, &p)); + *datalen = i2d_RSAPublicKey ((RSA *)key, &p); break; case ISAKMP_KEYTYPE_PRIVATE: - *datalen = LC (i2d_RSAPrivateKey, ((RSA *)key, NULL)); + *datalen = i2d_RSAPrivateKey ((RSA *)key, NULL); *data = p = malloc (*datalen); if (!p) { @@ -85,7 +84,7 @@ key_serialize (int type, int private, void *key, u_int8_t **data, size_t *datale (unsigned long)*datalen); return; } - *datalen = LC (i2d_RSAPrivateKey, ((RSA *)key, &p)); + *datalen = i2d_RSAPrivateKey ((RSA *)key, &p); break; } break; @@ -137,16 +136,14 @@ key_internalize (int type, int private, u_int8_t *data, int datalen) { #if OPENSSL_VERSION_NUMBER >= 0x00907000L case ISAKMP_KEYTYPE_PUBLIC: - return LC (d2i_RSAPublicKey, (NULL, (const u_int8_t **)&data, - datalen)); + return d2i_RSAPublicKey (NULL, (const u_int8_t **)&data, datalen); case ISAKMP_KEYTYPE_PRIVATE: - return LC (d2i_RSAPrivateKey, (NULL, (const u_int8_t **)&data, - datalen)); + return d2i_RSAPrivateKey (NULL, (const u_int8_t **)&data, datalen); #else case ISAKMP_KEYTYPE_PUBLIC: - return LC (d2i_RSAPublicKey, (NULL, &data, datalen)); + return d2i_RSAPublicKey (NULL, &data, datalen); case ISAKMP_KEYTYPE_PRIVATE: - return LC (d2i_RSAPrivateKey, (NULL, &data, datalen)); + return d2i_RSAPrivateKey (NULL, &data, datalen); #endif default: log_error ("key_internalize: not public or private RSA key passed"); diff --git a/sbin/isakmpd/libcrypto.c b/sbin/isakmpd/libcrypto.c index 9529ac3f070..ad1822b8a12 100644 --- a/sbin/isakmpd/libcrypto.c +++ b/sbin/isakmpd/libcrypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: libcrypto.c,v 1.13 2001/07/13 14:13:38 ho Exp $ */ +/* $OpenBSD: libcrypto.c,v 1.14 2002/06/10 18:08:58 ho Exp $ */ /* $EOM: libcrypto.c,v 1.14 2000/09/28 12:53:27 niklas Exp $ */ /* @@ -36,193 +36,20 @@ */ #include "sysdep.h" - -#include "dyn.h" #include "libcrypto.h" -void *libcrypto = 0; - -#ifdef USE_X509 - -#ifdef HAVE_DLOPEN - -/* - * These prototypes matches SSLeay version 0.9.0b or OpenSSL 0.9.4, if - * you try to load a different version than that, you are on your own. - */ -char *(*lc_ASN1_d2i_bio) (char *(*) (), char *(*) (), BIO *bp, - unsigned char **); -char *(*lc_ASN1_dup) (int (*) (), char *(*) (), char *); -long (*lc_BIO_ctrl) (BIO *bp, int, long, char *); -int (*lc_BIO_free) (BIO *a); -BIO *(*lc_BIO_new) (BIO_METHOD *type); -int (*lc_BIO_write) (BIO *, char *, int); -BIO_METHOD *(*lc_BIO_s_file) (void); -BIO_METHOD *(*lc_BIO_s_mem) (void); -BIGNUM *(*lc_BN_bin2bn) (const unsigned char *, int, BIGNUM *); -int (*lc_BN_num_bits) (const BIGNUM *); -int (*lc_BN_print_fp) (FILE *, BIGNUM *); -char *(*lc_PEM_ASN1_read_bio) (char *(*) (), char *, BIO *, char **, - int (*) ()); -void (*lc_RSA_free) (RSA *); -RSA *(*lc_RSA_new) (void); -RSA *(*lc_RSA_generate_key) (int, unsigned long, void (*) (int, int, char *), - char *); -int (*lc_RSA_private_encrypt) (int, unsigned char *, unsigned char *, RSA *, - int); -int (*lc_RSA_public_decrypt) (int, unsigned char *, unsigned char *, RSA *, - int); -int (*lc_RSA_size) (RSA *); -#if OPENSSL_VERSION_NUMBER >= 0x00905100L -void (*lc_OpenSSL_add_all_algorithms) (void); -#else -void (*lc_SSLeay_add_all_algorithms) (void); -#endif -int (*lc_X509_NAME_cmp) (X509_NAME *, X509_NAME *); -void (*lc_X509_STORE_CTX_cleanup) (X509_STORE_CTX *); -void (*lc_X509_OBJECT_free_contents) (X509_OBJECT *); - -#if SSLEAY_VERSION_NUMBER >= 0x00904100L -void (*lc_X509_STORE_CTX_init) (X509_STORE_CTX *, X509_STORE *, X509 *, - STACK_OF (X509) *); -#else -void (*lc_X509_STORE_CTX_init) (X509_STORE_CTX *, X509_STORE *, X509 *, - STACK *); -#endif - -int (*lc_X509_STORE_add_cert) (X509_STORE *, X509 *); -X509_STORE *(*lc_X509_STORE_new) (void); -void (*lc_X509_STORE_free) (X509_STORE *); -X509 *(*lc_X509_dup) (X509 *); -void (*lc_X509_free) (X509 *); -X509_EXTENSION *(*lc_X509_get_ext) (X509 *, int); -int (*lc_X509_get_ext_by_NID) (X509 *, int, int); -X509_NAME *(*lc_X509_get_issuer_name) (X509 *); -EVP_PKEY *(*lc_X509_get_pubkey) (X509 *); -X509_NAME *(*lc_X509_get_subject_name) (X509 *); -X509 *(*lc_X509_new) (void); -int (*lc_X509_verify) (X509 *, EVP_PKEY *); -int (*lc_X509_verify_cert) (X509_STORE_CTX *); -char *(*lc_X509_verify_cert_error_string) (int); -RSA *(*lc_d2i_RSAPrivateKey) (RSA **, unsigned char **, long); -RSA *(*lc_d2i_RSAPublicKey) (RSA **, unsigned char **, long); -X509 *(*lc_d2i_X509) (X509 **, unsigned char **, long); -char *(*lc_X509_NAME_oneline) (X509_NAME *, char *, int); -int (*lc_i2d_RSAPublicKey) (RSA *, unsigned char **); -int (*lc_i2d_RSAPrivateKey) (RSA *, unsigned char **); -int (*lc_i2d_X509) (X509 *, unsigned char **); -int (*lc_i2d_X509_NAME) (X509_NAME *, unsigned char **); -X509_NAME * (*lc_d2i_X509_NAME) (X509_NAME **, unsigned char **, int); -#if (SSLEAY_VERSION_NUMBER >= 0x00904100L \ - && SSLEAY_VERSION_NUMBER < 0x0090600fL) -void (*lc_sk_X509_free) (STACK_OF (X509) *); -STACK_OF (X509) *(*lc_sk_X509_new_null) (); -#else -void (*lc_sk_free) (STACK *); -STACK *(*lc_sk_new) (int (*) ()); -#endif - -#if SSLEAY_VERSION_NUMBER >= 0x00904100L -X509 *(*lc_X509_find_by_subject) (STACK_OF (X509) *, X509_NAME *); -#else -X509 *(*lc_X509_find_by_subject) (STACK *, X509_NAME *); -#endif - -int (*lc_X509_STORE_get_by_subject) (X509_STORE_CTX *, int, X509_NAME *, - X509_OBJECT *); - -#define SYMENTRY(x) { SYM, SYM (x), (void **)&lc_ ## x } - -static struct dynload_script libcrypto_script[] = { - { LOAD, "libc.so", &libcrypto }, - { LOAD, "libcrypto.so", &libcrypto }, - SYMENTRY (ASN1_d2i_bio), - SYMENTRY (ASN1_dup), - SYMENTRY (BIO_ctrl), - SYMENTRY (BIO_free), - SYMENTRY (BIO_new), - SYMENTRY (BIO_write), - SYMENTRY (BIO_s_file), - SYMENTRY (BIO_s_mem), - SYMENTRY (BN_print_fp), - SYMENTRY (PEM_ASN1_read_bio), - SYMENTRY (RSA_generate_key), - SYMENTRY (RSA_free), - SYMENTRY (RSA_private_encrypt), - SYMENTRY (RSA_public_decrypt), - SYMENTRY (RSA_size), -#if OPENSSL_VERSION_NUMBER >= 0x00905100L - SYMENTRY (OpenSSL_add_all_algorithms), -#else - SYMENTRY (SSLeay_add_all_algorithms), -#endif - SYMENTRY (X509_NAME_cmp), - SYMENTRY (X509_STORE_CTX_cleanup), - SYMENTRY (X509_STORE_CTX_init), - SYMENTRY (X509_STORE_add_cert), - SYMENTRY (X509_STORE_new), - SYMENTRY (X509_STORE_free), - SYMENTRY (X509_dup), - SYMENTRY (X509_find_by_subject), - SYMENTRY (X509_free), - SYMENTRY (X509_get_ext), - SYMENTRY (X509_get_ext_by_NID), - SYMENTRY (X509_get_issuer_name), - SYMENTRY (X509_get_pubkey), - SYMENTRY (X509_get_subject_name), - SYMENTRY (X509_new), - SYMENTRY (X509_verify), - SYMENTRY (X509_verify_cert), - SYMENTRY (X509_verify_cert_error_string), - SYMENTRY (X509_STORE_get_by_subject), - SYMENTRY (X509_OBJECT_free_contents), - SYMENTRY (X509_NAME_oneline), - SYMENTRY (d2i_RSAPrivateKey), - SYMENTRY (d2i_RSAPublicKey), - SYMENTRY (d2i_X509), - SYMENTRY (i2d_RSAPublicKey), - SYMENTRY (i2d_RSAPrivateKey), - SYMENTRY (i2d_X509), - SYMENTRY (i2d_X509_NAME), - SYMENTRY (d2i_X509_NAME), -#if (SSLEAY_VERSION_NUMBER >= 0x00904100L \ - && SSLEAY_VERSION_NUMBER < 0x0090600fL) - SYMENTRY (sk_X509_free), - SYMENTRY (sk_X509_new_null), -#else - SYMENTRY (sk_free), - SYMENTRY (sk_new), -#endif - { EOS } -}; -#endif - -#endif /* USE_X509 */ - void libcrypto_init (void) { -#ifdef USE_X509 -#ifdef HAVE_DLOPEN - dyn_load (libcrypto_script); -#elif !defined (USE_LIBCRYPTO) - return; -#endif - - /* - * XXX Do something imaginative with libcrypto here. The problem is if - * the dynload fails libcrypto will be 0 which is good for the macros but - * not the tests for support. - */ +#if defined (USE_X509) && defined (USE_LIBCRYPTO) -#if defined (USE_LIBCRYPTO) /* Add all algorithms known by SSL */ #if OPENSSL_VERSION_NUMBER >= 0x00905100L - LC (OpenSSL_add_all_algorithms, ()); + OpenSSL_add_all_algorithms (); #else - LC (SSLeay_add_all_algorithms, ()); + SSLeay_add_all_algorithms (); #endif -#endif -#endif /* USE_X509 */ + +#endif /* USE_X509 && USE_LIBCRYPTO */ } diff --git a/sbin/isakmpd/libcrypto.h b/sbin/isakmpd/libcrypto.h index 43ffb378402..3dd13ebbb49 100644 --- a/sbin/isakmpd/libcrypto.h +++ b/sbin/isakmpd/libcrypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: libcrypto.h,v 1.13 2002/06/09 08:13:06 todd Exp $ */ +/* $OpenBSD: libcrypto.h,v 1.14 2002/06/10 18:08:58 ho Exp $ */ /* $EOM: libcrypto.h,v 1.16 2000/09/28 12:53:27 niklas Exp $ */ /* @@ -50,139 +50,7 @@ #include <openssl/x509_vfy.h> #include <openssl/x509.h> -extern void *libcrypto; - -#if defined (USE_LIBCRYPTO) -#if defined (HAVE_DLOPEN) -#define LC(sym, args) (libcrypto ? lc_ ## sym args : sym args) -#else -#define LC(sym, args) sym args -#endif -#elif defined (HAVE_DLOPEN) -#define LC(sym, args) lc_ ## sym args -#else -#define LC(sym, args) !!libcrypto called but no USE_LIBCRYPTO nor HAVE_DLOPEN!! -#endif - -#ifdef HAVE_DLOPEN - -/* - * These prototypes matches SSLeay version 0.9.0b or OpenSSL 0.9.4, if you - * try to load a different version than that, you are on your own. - */ -extern char *(*lc_ASN1_d2i_bio) (char *(*) (), char *(*) (), BIO *bp, - unsigned char **); -extern char *(*lc_ASN1_dup) (int (*) (), char *(*) (), char *); -extern long (*lc_BIO_ctrl) (BIO *bp, int, long, char *); -extern int (*lc_BIO_free) (BIO *a); -extern BIO *(*lc_BIO_new) (BIO_METHOD *type); -extern int (*lc_BIO_write) (BIO *, char *, int); -extern BIO_METHOD *(*lc_BIO_s_file) (void); -extern BIO_METHOD *(*lc_BIO_s_mem) (void); -extern BIGNUM *(*lc_BN_bin2bn) (const unsigned char *, int, BIGNUM *); -extern int (*lc_BN_num_bits) (const BIGNUM *); -extern int (*lc_BN_print_fp) (FILE *, BIGNUM *); -extern char *(*lc_PEM_ASN1_read_bio) (char *(*) (), char *, BIO *, char **, - int (*) ()); -extern void (*lc_RSA_free) (RSA *); -extern RSA *(*lc_RSA_new) (void); -extern RSA *(*lc_RSA_generate_key) (int, unsigned long, - void (*) (int, int, char *), char *); -extern int (*lc_RSA_private_encrypt) (int, unsigned char *, unsigned char *, - RSA *, int); -extern int (*lc_RSA_public_decrypt) (int, unsigned char *, unsigned char *, - RSA *, int); -extern int (*lc_RSA_size) (RSA *); -#if OPENSSL_VERSION_NUMBER >= 0x00905100L -extern void (*lc_OpenSSL_add_all_algorithms) (void); -#else -extern void (*lc_SSLeay_add_all_algorithms) (void); -#endif -extern int (*lc_X509_NAME_cmp) (X509_NAME *, X509_NAME *); -extern void (*lc_X509_OBJECT_free_contents) (X509_OBJECT *); -extern void (*lc_X509_STORE_CTX_cleanup) (X509_STORE_CTX *); -#if SSLEAY_VERSION_NUMBER >= 0x00904100L -extern void (*lc_X509_STORE_CTX_init) (X509_STORE_CTX *, X509_STORE *, X509 *, - STACK_OF (X509) *); -#else -extern void (*lc_X509_STORE_CTX_init) (X509_STORE_CTX *, X509_STORE *, X509 *, - STACK *); -#endif -extern int (*lc_X509_STORE_add_cert) (X509_STORE *, X509 *); -extern void (*lc_X509_STORE_free) (X509_STORE *); -extern X509_STORE *(*lc_X509_STORE_new) (void); -extern X509 *(*lc_X509_dup) (X509 *); -#if SSLEAY_VERSION_NUMBER >= 0x00904100L -extern X509 *(*lc_X509_find_by_subject) (STACK_OF (X509) *, X509_NAME *); -#else -extern X509 *(*lc_X509_find_by_subject) (STACK *, X509_NAME *); -#endif -extern int (*lc_X509_STORE_get_by_subject) (X509_STORE_CTX *, int, - X509_NAME *, X509_OBJECT *); -extern void (*lc_X509_free) (X509 *); -extern X509_EXTENSION *(*lc_X509_get_ext) (X509 *, int); -extern int (*lc_X509_get_ext_by_NID) (X509 *, int, int); -extern X509_NAME *(*lc_X509_get_issuer_name) (X509 *); -extern EVP_PKEY *(*lc_X509_get_pubkey) (X509 *); -extern X509_NAME *(*lc_X509_get_subject_name) (X509 *); -extern X509 *(*lc_X509_new) (void); -extern int (*lc_X509_verify) (X509 *, EVP_PKEY *); -extern char *(*lc_X509_NAME_oneline) (X509_NAME *, char *, int); -extern int (*lc_X509_verify_cert) (X509_STORE_CTX *); -extern char *(*lc_X509_verify_cert_error_string) (int); -extern RSA *(*lc_d2i_RSAPrivateKey) (RSA **, unsigned char **, long); -extern RSA *(*lc_d2i_RSAPublicKey) (RSA **, unsigned char **, long); -extern X509 *(*lc_d2i_X509) (X509 **, unsigned char **, long); -extern int (*lc_i2d_RSAPublicKey) (RSA *, unsigned char **); -extern int (*lc_i2d_RSAPrivateKey) (RSA *, unsigned char **); -extern int (*lc_i2d_X509) (X509 *, unsigned char **); -extern int (*lc_i2d_X509_NAME) (X509_NAME *, unsigned char **); -extern X509_NAME * (*lc_d2i_X509_NAME) (X509_NAME **, unsigned char **, int); -#if SSLEAY_VERSION_NUMBER >= 0x00904100L -extern void (*lc_sk_X509_free) (STACK_OF (X509) *); -extern STACK_OF (X509) *(*lc_sk_X509_new_null) (void); -#else -extern void (*lc_sk_free) (STACK *); -extern STACK *(*lc_sk_new) (int (*) ()); -#endif - -#define lc_BIO_read_filename(b, name) \ - lc_BIO_ctrl (b, BIO_C_SET_FILENAME, BIO_CLOSE | BIO_FP_READ, name) - -#if SSLEAY_VERSION_NUMBER >= 0x00904100L -#define lc_PEM_read_bio_RSAPrivateKey(bp, x, cb, u) \ - (RSA *)lc_PEM_ASN1_read_bio ((char *(*) ())lc_d2i_RSAPrivateKey, \ - PEM_STRING_RSA, bp, (char **)x, cb) -#define lc_PEM_read_bio_X509(bp, x, cb, u) \ - (X509 *)lc_PEM_ASN1_read_bio ((char *(*) ())lc_d2i_X509, PEM_STRING_X509, \ - bp, (char **)x, cb) -#else -#define lc_PEM_read_bio_RSAPrivateKey(bp, x, cb) \ - (RSA *)lc_PEM_ASN1_read_bio ((char *(*) ())lc_d2i_RSAPrivateKey, \ - PEM_STRING_RSA, bp, (char **)x, cb) -#define lc_PEM_read_bio_X509(bp, x, cb) \ - (X509 *)lc_PEM_ASN1_read_bio ((char *(*) ())lc_d2i_X509, PEM_STRING_X509, \ - bp, (char **)x, cb) -#endif - -#define lc_RSAPublicKey_dup(rsa) \ - (RSA *)lc_ASN1_dup ((int (*) ())lc_i2d_RSAPublicKey, \ - (char *(*) ())lc_d2i_RSAPublicKey, (char *)rsa) - -#define lc_X509_name_cmp(a, b) lc_X509_NAME_cmp ((a), (b)) - -#define lc_d2i_X509_bio(bp, x509) \ - (X509 *)lc_ASN1_d2i_bio ((char *(*) ())lc_X509_new, \ - (char *(*) ())lc_d2i_X509, (bp), \ - (unsigned char **)(x509)) - -#if SSLEAY_VERSION_NUMBER < 0x00904100L -#define lc_sk_new_null() lc_sk_new (NULL) -#endif - -#endif - -#endif +#endif /* USE_X509 */ extern void libcrypto_init (void); diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index ee6015fe927..0b50c6ed054 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.53 2002/06/09 08:13:06 todd Exp $ */ +/* $OpenBSD: policy.c,v 1.54 2002/06/10 18:08:58 ho Exp $ */ /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -59,7 +59,6 @@ #include "sysdep.h" #include "conf.h" -#include "dyn.h" #include "exchange.h" #include "ipsec.h" #include "isakmp_doi.h" @@ -71,50 +70,6 @@ #include "policy.h" #include "x509.h" -#if defined (HAVE_DLOPEN) && !defined (USE_KEYNOTE) && 0 - -void *libkeynote = 0; - -/* - * These prototypes matches OpenBSD keynote.h 1.6. If you use - * a different version than that, you are on your own. - */ -int *lk_keynote_errno; -int (*lk_kn_add_action) (int, char *, char *, int); -int (*lk_kn_add_assertion) (int, char *, int, int); -int (*lk_kn_add_authorizer) (int, char *); -int (*lk_kn_close) (int); -int (*lk_kn_do_query) (int, char **, int); -char *(*lk_kn_encode_key) (struct keynote_deckey *, int, int, int); -int (*lk_kn_init) (void); -char **(*lk_kn_read_asserts) (char *, int, int *); -int (*lk_kn_remove_authorizer) (int, char *); -int (*lk_kn_get_authorizer) (int, int, int *); -void (*lk_kn_free_key) (struct keynote_deckey *); -struct keynote_keylist *(*lk_kn_get_licensees) (int, int); -#define SYMENTRY(x) { SYM, SYM (x), (void **)&lk_ ## x } - -static struct dynload_script libkeynote_script[] = { - { LOAD, "libc.so", &libkeynote }, - { LOAD, "libcrypto.so", &libkeynote }, - { LOAD, "libm.so", &libkeynote }, - { LOAD, "libkeynote.so", &libkeynote }, - SYMENTRY (keynote_errno), - SYMENTRY (kn_add_action), - SYMENTRY (kn_add_assertion), - SYMENTRY (kn_add_authorizer), - SYMENTRY (kn_close), - SYMENTRY (kn_do_query), - SYMENTRY (kn_encode_key), - SYMENTRY (kn_init), - SYMENTRY (kn_read_asserts), - SYMENTRY (kn_remove_authorizer), - SYMENTRY (kn_get_licensees), - SYMENTRY (kn_get_authorizer), - { EOS } -}; -#endif - char **keynote_policy_asserts = NULL; int keynote_policy_asserts_num = 0; struct exchange *policy_exchange = 0; @@ -1811,11 +1766,6 @@ policy_init (void) LOG_DBG ((LOG_POLICY, 30, "policy_init: initializing")); -#if defined (HAVE_DLOPEN) && !defined (USE_KEYNOTE) - if (!dyn_load (libkeynote_script)) - return; -#endif - /* Get policy file from configuration. */ policy_file = conf_get_str ("General", "Policy-file"); if (!policy_file) @@ -1849,7 +1799,7 @@ policy_init (void) close (fd); /* Parse buffer, break up into individual policies. */ - asserts = LK (kn_read_asserts, (ptr, sz, &i)); + asserts = kn_read_asserts (ptr, sz, &i); /* Begone! */ free (ptr); @@ -1905,14 +1855,13 @@ keynote_cert_validate (void *scert) if (scert == NULL) return 0; - foo = LK (kn_read_asserts, ((char *) scert, strlen ((char *) scert), - &num)); + foo = kn_read_asserts ((char *) scert, strlen ((char *) scert), &num); if (foo == NULL) return 0; for (i = 0; i < num; i++) { - if (LK (kn_verify_assertion, (scert, strlen ((char *) scert))) + if (kn_verify_assertion (scert, strlen ((char *) scert)) != SIGRESULT_TRUE) { for (; i < num; i++) @@ -1938,13 +1887,12 @@ keynote_cert_insert (int sid, void *scert) if (scert == NULL) return 0; - foo = LK (kn_read_asserts, ((char *) scert, strlen ((char *) scert), - &num)); + foo = kn_read_asserts ((char *) scert, strlen ((char *) scert), &num); if (foo == NULL) return 0; while (num--) - LK (kn_add_assertion, (sid, foo[num], strlen (foo[num]), 0)); + kn_add_assertion (sid, foo[num], strlen (foo[num]), 0); return 1; } @@ -1974,10 +1922,10 @@ keynote_certreq_validate (u_int8_t *data, u_int32_t len) memcpy (dat, data, len); - if (LK (kn_decode_key, (&dc, dat, KEYNOTE_PUBLIC_KEY)) != 0) + if (kn_decode_key (&dc, dat, KEYNOTE_PUBLIC_KEY) != 0) err = 0; else - LK (kn_free_key, (&dc)); + kn_free_key (&dc); free (dat); @@ -2131,14 +2079,14 @@ keynote_cert_get_key (void *scert, void *keyp) int sid, kid, num; char **foo; - foo = LK (kn_read_asserts, ((char *)scert, strlen ((char *)scert), &num)); + foo = kn_read_asserts ((char *)scert, strlen ((char *)scert), &num); if (foo == NULL || num == 0) { log_print ("keynote_cert_get_key: failed to decompose credentials"); return 0; } - kid = LK (kn_init, ()); + kid = kn_init (); if (kid == -1) { log_print ("keynote_cert_get_key: failed to initialize new policy " @@ -2149,8 +2097,7 @@ keynote_cert_get_key (void *scert, void *keyp) return 0; } - sid = LK (kn_add_assertion, (kid, foo[num - 1], - strlen (foo[num - 1]), 0)); + sid = kn_add_assertion (kid, foo[num - 1], strlen (foo[num - 1]), 0); while (num--) free (foo[num]); free (foo); @@ -2158,26 +2105,26 @@ keynote_cert_get_key (void *scert, void *keyp) if (sid == -1) { log_print ("keynote_cert_get_key: failed to add assertion"); - LK (kn_close, (kid)); + kn_close (kid); return 0; } *(RSA **)keyp = NULL; - kl = LK (kn_get_licensees, (kid, sid)); + kl = kn_get_licensees (kid, sid); while (kl) { if (kl->key_alg == KEYNOTE_ALGORITHM_RSA) { - *(RSA **)keyp = LC (RSAPublicKey_dup, (kl->key_key)); + *(RSA **)keyp = RSAPublicKey_dup (kl->key_key); break; } kl = kl->key_next; } - LK (kn_remove_assertion, (kid, sid)); - LK (kn_close, (kid)); + kn_remove_assertion (kid, sid); + kn_close (kid); return *(RSA **)keyp == NULL ? 0 : 1; } diff --git a/sbin/isakmpd/policy.h b/sbin/isakmpd/policy.h index 88b35aa7f36..2740e75e540 100644 --- a/sbin/isakmpd/policy.h +++ b/sbin/isakmpd/policy.h @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.h,v 1.9 2001/08/15 13:06:53 ho Exp $ */ +/* $OpenBSD: policy.h,v 1.10 2002/06/10 18:08:58 ho Exp $ */ /* $EOM: policy.h,v 1.12 2000/09/28 12:53:27 niklas Exp $ */ /* @@ -45,40 +45,8 @@ #if defined (USE_KEYNOTE) #define CREDENTIAL_FILE "credentials" #define PRIVATE_KEY_FILE "private_key" - -#define LK(sym, args) sym args -#define LKV(sym) sym -#elif defined (HAVE_DLOPEN) && 0 -#define LK(sym, args) lk_ ## sym args -#define LKV(sym) *lk_ ## sym -#else -#define LK(sym, args) !!libkeynote called but no USE_KEYNOTE nor HAVE_DLOPEN!! -#define LKV(sym) !!libkeynote called but no USE_KEYNOTE nor HAVE_DLOPEN!! #endif -#if defined (HAVE_DLOPEN) && !defined (USE_KEYNOTE) && 0 -struct keynote_deckey; - -extern void *libkeynote; - -/* - * These prototypes matches OpenBSD keynote.h 1.6. If you use - * a different version than that, you are on your own. - */ -extern int *lk_keynote_errno; -extern int (*lk_kn_add_action) (int, char *, char *, int); -extern int (*lk_kn_add_assertion) (int, char *, int, int); -extern int (*lk_kn_add_authorizer) (int, char *); -extern int (*lk_kn_close) (int); -extern int (*lk_kn_do_query) (int, char **, int); -extern char *(*lk_kn_encode_key) (struct keynote_deckey *, int, int, int); -extern int (*lk_kn_init) (void); -extern char **(*lk_kn_read_asserts) (char *, int, int *); -extern int (*lk_kn_remove_authorizer) (int, char *); -extern void (*lk_kn_free_key) (struct keynote_deckey *); -extern void *(*lk_kn_get_authorizer) (int, int, int*); -#endif /* HAVE_DLOPEN && !USE_KEYNOTE */ - extern int keynote_sessid; extern int keynote_policy_asserts_num; extern int x509_policy_asserts_num; diff --git a/sbin/isakmpd/regress/rsakeygen/rsakeygen.c b/sbin/isakmpd/regress/rsakeygen/rsakeygen.c index f9631e7eeff..70d932f7d78 100644 --- a/sbin/isakmpd/regress/rsakeygen/rsakeygen.c +++ b/sbin/isakmpd/regress/rsakeygen/rsakeygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsakeygen.c,v 1.15 2002/06/09 08:13:07 todd Exp $ */ +/* $OpenBSD: rsakeygen.c,v 1.16 2002/06/10 18:08:59 ho Exp $ */ /* $EOM: rsakeygen.c,v 1.10 2000/12/21 15:18:53 ho Exp $ */ /* @@ -71,19 +71,11 @@ main (void) libcrypto_init (); -#ifndef USE_LIBCRYPTO - if (!libcrypto) - { - fprintf (stderr, "I did not find the RSA support, giving up..."); - exit (1); - } -#endif - log_debug_cmd (LOG_CRYPTO, 99); memset (dec, '\0', sizeof dec); strlcpy (dec, TEST_STRING, 256); - key = LC (RSA_generate_key, (1024, RSA_F4, NULL, NULL)); + key = RSA_generate_key (1024, RSA_F4, NULL, NULL); if (key == NULL) { printf("Failed to generate key\n"); @@ -91,33 +83,33 @@ main (void) } printf ("n: 0x"); - LC (BN_print_fp, (stdout, key->n)); + BN_print_fp (stdout, key->n); printf ("\ne: 0x"); - LC (BN_print_fp, (stdout, key->e)); + BN_print_fp (stdout, key->e); printf ("\n"); printf ("n: 0x"); - LC (BN_print_fp, (stdout, key->n)); + BN_print_fp (stdout, key->n); printf ("\ne: 0x"); - LC (BN_print_fp, (stdout, key->e)); + BN_print_fp (stdout, key->e); printf ("\nd: 0x"); - LC (BN_print_fp, (stdout, key->d)); + BN_print_fp (stdout, key->d); printf ("\np: 0x"); - LC (BN_print_fp, (stdout, key->p)); + BN_print_fp (stdout, key->p); printf ("\nq: 0x"); - LC (BN_print_fp, (stdout, key->q)); + BN_print_fp (stdout, key->q); printf ("\n"); printf ("Testing Signing/Verifying: "); /* Sign with Private Key */ - len = LC (RSA_private_encrypt, (strlen (dec) + 1, dec, enc, key, - RSA_PKCS1_PADDING)); + len = RSA_private_encrypt (strlen (dec) + 1, dec, enc, key, + RSA_PKCS1_PADDING); if (len == -1) printf ("SIGN FAILED "); else { /* Decrypt/Verify with Public Key */ - erg = LC (RSA_public_decrypt, (len, enc, dec, key, RSA_PKCS1_PADDING)); + erg = RSA_public_decrypt (len, enc, dec, key, RSA_PKCS1_PADDING); if (erg == -1 || strcmp (dec, TEST_STRING)) printf ("VERIFY FAILED"); @@ -127,23 +119,23 @@ main (void) printf ("\n"); - len = LC (i2d_RSAPublicKey, (key, NULL)); + len = i2d_RSAPublicKey (key, NULL); foo = asn = malloc (len); - len = LC (i2d_RSAPublicKey, (key, &foo)); + len = i2d_RSAPublicKey (key, &foo); fd = fopen ("isakmpd_key.pub", "w"); fwrite (asn, len, 1, fd); fclose (fd); free (asn); - len = LC (i2d_RSAPrivateKey, (key, NULL)); + len = i2d_RSAPrivateKey (key, NULL); foo = asn = malloc (len); - len = LC (i2d_RSAPrivateKey, (key, &foo)); + len = i2d_RSAPrivateKey (key, &foo); fd = fopen ("isakmpd_key", "w"); fwrite (asn, len, 1, fd); fclose (fd); free (asn); - LC (RSA_free, (key)); + RSA_free (key); return 1; } diff --git a/sbin/isakmpd/regress/x509/x509test.c b/sbin/isakmpd/regress/x509/x509test.c index 8f7d25f0014..08b3db0c9e4 100644 --- a/sbin/isakmpd/regress/x509/x509test.c +++ b/sbin/isakmpd/regress/x509/x509test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509test.c,v 1.19 2002/06/09 08:13:07 todd Exp $ */ +/* $OpenBSD: x509test.c,v 1.20 2002/06/10 18:08:59 ho Exp $ */ /* $EOM: x509test.c,v 1.9 2000/12/21 15:24:25 ho Exp $ */ /* @@ -191,27 +191,19 @@ main (int argc, char *argv[]) libcrypto_init (); -#ifndef USE_LIBCRYPTO - if (!libcrypto) - { - fprintf (stderr, "I did not find the X.509 support, giving up..."); - exit (1); - } -#endif - printf ("Reading private key %s\n", argv[1]); - keyfile = LC (BIO_new, (LC (BIO_s_file, ()))); - if (LC (BIO_read_filename, (keyfile, argv[1])) == -1) + keyfile = BIO_new (BIO_s_file ()); + if (BIO_read_filename (keyfile, argv[1]) == -1) { perror ("read"); exit (1); } #if SSLEAY_VERSION_NUMBER >= 0x00904100L - priv_key = LC (PEM_read_bio_RSAPrivateKey, (keyfile, NULL, NULL, NULL)); + priv_key = PEM_read_bio_RSAPrivateKey (keyfile, NULL, NULL, NULL); #else - priv_key = LC (PEM_read_bio_RSAPrivateKey, (keyfile, NULL, NULL)); + priv_key = PEM_read_bio_RSAPrivateKey (keyfile, NULL, NULL); #endif - LC (BIO_free, (keyfile)); + BIO_free (keyfile); if (priv_key == NULL) { printf("PEM_read_bio_RSAPrivateKey () failed\n"); @@ -220,25 +212,25 @@ main (int argc, char *argv[]) /* Use a certificate created by ssleay. */ printf ("Reading ssleay created certificate %s\n", argv[2]); - certfile = LC (BIO_new, (LC (BIO_s_file, ()))); - if (LC (BIO_read_filename, (certfile, argv[2])) == -1) + certfile = BIO_new (BIO_s_file ()); + if (BIO_read_filename (certfile, argv[2]) == -1) { perror ("read"); exit (1); } #if SSLEAY_VERSION_NUMBER >= 0x00904100L - cert = LC (PEM_read_bio_X509, (certfile, NULL, NULL, NULL)); + cert = PEM_read_bio_X509 (certfile, NULL, NULL, NULL); #else - cert = LC (PEM_read_bio_X509, (certfile, NULL, NULL)); + cert = PEM_read_bio_X509 (certfile, NULL, NULL); #endif - LC (BIO_free, (certfile)); + BIO_free (certfile); if (cert == NULL) { printf("PEM_read_bio_X509 () failed\n"); exit (1); } - pkey_pub = LC (X509_get_pubkey, (cert)); + pkey_pub = X509_get_pubkey (cert); /* XXX Violation of the interface? */ pub_key = pkey_pub->pkey.rsa; if (pub_key == NULL) @@ -250,12 +242,12 @@ main (int argc, char *argv[]) err = 0; strlcpy (dec, "Eine kleine Testmeldung", 256); - if ((len = LC (RSA_private_encrypt, (strlen (dec), dec, enc, priv_key, - RSA_PKCS1_PADDING))) == -1) + if ((len = RSA_private_encrypt (strlen (dec), dec, enc, priv_key, + RSA_PKCS1_PADDING)) == -1) printf ("SIGN FAILED "); else - err = LC (RSA_public_decrypt, (len, enc, dec, pub_key, RSA_PKCS1_PADDING)); + err = RSA_public_decrypt (len, enc, dec, pub_key, RSA_PKCS1_PADDING); if (err == -1 || strcmp (dec, "Eine kleine Testmeldung")) printf ("SIGN/VERIFY FAILED"); @@ -265,7 +257,7 @@ main (int argc, char *argv[]) printf ("Validate SIGNED: "); - err = LC (X509_verify, (cert, pkey_pub)); + err = X509_verify (cert, pkey_pub); printf ("X509 verify: %d ", err); if (err == -1) printf ("FAILED "); diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c index 8cd9cdccae3..66e7c8ae84d 100644 --- a/sbin/isakmpd/sa.c +++ b/sbin/isakmpd/sa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sa.c,v 1.62 2002/06/09 08:13:07 todd Exp $ */ +/* $OpenBSD: sa.c,v 1.63 2002/06/10 18:08:58 ho Exp $ */ /* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */ /* @@ -779,7 +779,7 @@ sa_release (struct sa *sa) free (sa->keynote_key); /* This is just a string */ #if defined (USE_POLICY) || defined (USE_KEYNOTE) if (sa->policy_id != -1) - LK (kn_close, (sa->policy_id)); + kn_close (sa->policy_id); #endif if (sa->name) free (sa->name); diff --git a/sbin/isakmpd/sysdep/bsdi/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/bsdi/GNUmakefile.sysdep index 35630dd1d19..40a28f07ab2 100644 --- a/sbin/isakmpd/sysdep/bsdi/GNUmakefile.sysdep +++ b/sbin/isakmpd/sysdep/bsdi/GNUmakefile.sysdep @@ -1,4 +1,4 @@ -# $OpenBSD: GNUmakefile.sysdep,v 1.1 2001/03/23 16:14:35 markus Exp $ +# $OpenBSD: GNUmakefile.sysdep,v 1.2 2002/06/10 18:08:59 ho Exp $ # # XXX UNTESTED @@ -49,7 +49,6 @@ IPSEC_SRCS= pf_key_v2.c IPSEC_CFLAGS= -DUSE_PF_KEY_V2 USE_LIBCRYPTO= defined -#HAVE_DLOPEN= defined # # hack libsysdep.a dependency diff --git a/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep index a8fc6594985..92c2cfb1e07 100644 --- a/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep +++ b/sbin/isakmpd/sysdep/linux/GNUmakefile.sysdep @@ -1,4 +1,4 @@ -# $OpenBSD: GNUmakefile.sysdep,v 1.3 2001/02/24 04:42:48 angelos Exp $ +# $OpenBSD: GNUmakefile.sysdep,v 1.4 2002/06/10 18:08:59 ho Exp $ # # Copyright (c) 1999 Niklas Hallqvist. All rights reserved. @@ -66,8 +66,6 @@ CFLAGS+= -I${FREESWAN}/gmp -I${FREESWAN}/libdes \ CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_GMP CFLAGS+= -D'SALEN(x)=8' -HAVE_DLOPEN= defined - ${LIBSYSDEP}: cd ${LIBSYSDEPDIR}; \ ${MAKE} --no-print-directory ${MAKEFLAGS} CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" diff --git a/sbin/isakmpd/sysdep/linux/Makefile.sysdep b/sbin/isakmpd/sysdep/linux/Makefile.sysdep index 82bc508717d..b4f6a37a319 100644 --- a/sbin/isakmpd/sysdep/linux/Makefile.sysdep +++ b/sbin/isakmpd/sysdep/linux/Makefile.sysdep @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.sysdep,v 1.2 2001/01/28 22:38:48 niklas Exp $ +# $OpenBSD: Makefile.sysdep,v 1.3 2002/06/10 18:08:59 ho Exp $ # # Copyright (c) 1999 Niklas Hallqvist. All rights reserved. @@ -55,12 +55,6 @@ CFLAGS+= ${DEBUG} -I${FREESWAN}/gmp -I${FREESWAN}/libdes \ -I${FREESWAN}/klips -I${FREESWAN}/lib -DUSE_OLD_SOCKADDR \ -I${.CURDIR}/sysdep/common -# XXX Is this test correct? Is the prefix "_" on ELF-systems too? -HAVE_DLOPEN= defined -LDADD+= -ldl -DPADD+= /usr/lib/libdl.a -CFLAGS+= -DSYMBOL_PREFIX='"_"' - #USE_LIBCRYPTO= defined #USE_KEYNOTE= defined diff --git a/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep index d8f089bcd5e..81b1a5ff22b 100644 --- a/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep +++ b/sbin/isakmpd/sysdep/netbsd/GNUmakefile.sysdep @@ -1,4 +1,4 @@ -# $OpenBSD: GNUmakefile.sysdep,v 1.5 2001/06/29 22:18:59 itojun Exp $ +# $OpenBSD: GNUmakefile.sysdep,v 1.6 2002/06/10 18:08:59 ho Exp $ # # Copyright (c) 1999 Niklas Hallqvist. All rights reserved. @@ -48,7 +48,6 @@ IPSEC_SRCS= pf_key_v2.c IPSEC_CFLAGS= -DUSE_PF_KEY_V2 USE_LIBCRYPTO= defined -#HAVE_DLOPEN= defined # # hack libsysdep.a dependency diff --git a/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep b/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep index 04a8b781f2b..af5e7846d9d 100644 --- a/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep +++ b/sbin/isakmpd/sysdep/openbsd/GNUmakefile.sysdep @@ -1,4 +1,4 @@ -# $OpenBSD: GNUmakefile.sysdep,v 1.2 2001/01/28 22:38:49 niklas Exp $ +# $OpenBSD: GNUmakefile.sysdep,v 1.3 2002/06/10 18:08:59 ho Exp $ # # Copyright (c) 1999 Håkan Olsson. All rights reserved. @@ -43,14 +43,6 @@ IPSEC_CFLAGS= -DUSE_PF_KEY_V2 CFLAGS+= -DHAVE_GETNAMEINFO -# XXX This test does not work as MACHINE_ARCH does not get defined by GNU make. -# Furthermore these defines should not happen for neither mips, powerpc nor vax -# just like alpha. -ifneq (${MACHINE_ARCH},alpha) -HAVE_DLOPEN= defined -CFLAGS+= -DSYMBOL_PREFIX='"_"' -endif - USE_LIBCRYPTO= defined ifneq (${MACHINE_ARCH},alpha) ifneq (${MACHINE_ARCH},vax) diff --git a/sbin/isakmpd/sysdep/openbsd/Makefile.sysdep b/sbin/isakmpd/sysdep/openbsd/Makefile.sysdep index 5e3d982b658..d9c3da400e8 100644 --- a/sbin/isakmpd/sysdep/openbsd/Makefile.sysdep +++ b/sbin/isakmpd/sysdep/openbsd/Makefile.sysdep @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.sysdep,v 1.20 2002/03/05 00:11:23 deraadt Exp $ +# $OpenBSD: Makefile.sysdep,v 1.21 2002/06/10 18:08:59 ho Exp $ # $EOM: Makefile.sysdep,v 1.18 2001/01/26 10:55:22 niklas Exp $ # @@ -39,12 +39,6 @@ IPSEC_CFLAGS= -DUSE_PF_KEY_V2 CFLAGS+= -DHAVE_GETNAMEINFO -DHAVE_GETIFADDRS -DHAVE_PCAP -# Some OpenBSD systems do not provide dlopen(3). -#.if ${MACHINE_ARCH} != "alpha" && ${MACHINE_ARCH} != "mips" && ${MACHINE_ARCH} != "powerpc" && ${MACHINE_ARCH} != "vax" && ${MACHINE_ARCH} != "m88k" -#HAVE_DLOPEN= defined -#CFLAGS+= -DSYMBOL_PREFIX='"_"' -#.endif - USE_LIBCRYPTO= defined .ifdef FEATURES diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c index 70551287ae5..8a8ba584fa0 100644 --- a/sbin/isakmpd/x509.c +++ b/sbin/isakmpd/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.70 2002/06/01 07:44:22 deraadt Exp $ */ +/* $OpenBSD: x509.c,v 1.71 2002/06/10 18:08:59 ho Exp $ */ /* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */ /* @@ -57,7 +57,6 @@ #include "cert.h" #include "conf.h" -#include "dyn.h" #include "exchange.h" #include "hash.h" #include "ike_auth.h" @@ -131,11 +130,11 @@ x509_generate_kn (int id, X509 *cert) "x509_generate_kn: generating KeyNote policy for certificate %p", cert)); - issuer = LC (X509_get_issuer_name, (cert)); - subject = LC (X509_get_subject_name, (cert)); + issuer = X509_get_issuer_name (cert); + subject = X509_get_subject_name (cert); /* Missing or self-signed, ignore cert but don't report failure. */ - if (!issuer || !subject || !LC (X509_name_cmp, (issuer, subject))) + if (!issuer || !subject || !X509_name_cmp (issuer, subject)) return 1; if (!x509_cert_get_key (cert, &key)) @@ -147,41 +146,41 @@ x509_generate_kn (int id, X509 *cert) dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA; dc.dec_key = key; - ikey = LK (kn_encode_key, (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX, - KEYNOTE_PUBLIC_KEY)); - if (LKV (keynote_errno) == ERROR_MEMORY) + ikey = kn_encode_key (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX, + KEYNOTE_PUBLIC_KEY); + if (keynote_errno == ERROR_MEMORY) { log_print ("x509_generate_kn: failed to get memory for public key"); - LC (RSA_free, (key)); + RSA_free (key); LOG_DBG ((LOG_POLICY, 30, "x509_generate_kn: cannot get subject key")); return 0; } if (!ikey) { - LC (RSA_free, (key)); + RSA_free (key); LOG_DBG ((LOG_POLICY, 30, "x509_generate_kn: cannot get subject key")); return 0; } - LC (RSA_free, (key)); + RSA_free (key); /* Now find issuer's certificate so we can get the public key. */ - LC (X509_STORE_CTX_init, (&csc, x509_cas, cert, NULL)); - if (LC (X509_STORE_get_by_subject, (&csc, X509_LU_X509, issuer, &obj)) != + X509_STORE_CTX_init (&csc, x509_cas, cert, NULL); + if (X509_STORE_get_by_subject (&csc, X509_LU_X509, issuer, &obj) != X509_LU_X509) { - LC (X509_STORE_CTX_cleanup, (&csc)); - LC (X509_STORE_CTX_init, (&csc, x509_certs, cert, NULL)); - if (LC (X509_STORE_get_by_subject, (&csc, X509_LU_X509, issuer, &obj)) != + X509_STORE_CTX_cleanup (&csc); + X509_STORE_CTX_init (&csc, x509_certs, cert, NULL); + if (X509_STORE_get_by_subject (&csc, X509_LU_X509, issuer, &obj) != X509_LU_X509) { - LC (X509_STORE_CTX_cleanup, (&csc)); + X509_STORE_CTX_cleanup (&csc); LOG_DBG ((LOG_POLICY, 30, "x509_generate_kn: no certificate found for issuer")); return 0; } } - LC (X509_STORE_CTX_cleanup, (&csc)); + X509_STORE_CTX_cleanup (&csc); icert = obj.data.x509; if (icert == NULL) @@ -200,17 +199,17 @@ x509_generate_kn (int id, X509 *cert) return 0; } - LC (X509_OBJECT_free_contents, (&obj)); + X509_OBJECT_free_contents (&obj); dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA; dc.dec_key = key; - skey = LK (kn_encode_key, (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX, - KEYNOTE_PUBLIC_KEY)); - if (LKV (keynote_errno) == ERROR_MEMORY) + skey = kn_encode_key (&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX, + KEYNOTE_PUBLIC_KEY); + if (keynote_errno == ERROR_MEMORY) { log_error ("x509_generate_kn: failed to get memory for public key"); free (ikey); - LC (RSA_free, (key)); + RSA_free (key); LOG_DBG ((LOG_POLICY, 30, "x509_generate_kn: cannot get issuer key")); return 0; } @@ -218,11 +217,11 @@ x509_generate_kn (int id, X509 *cert) if (!skey) { free (ikey); - LC (RSA_free, (key)); + RSA_free (key); LOG_DBG ((LOG_POLICY, 30, "x509_generate_kn: cannot get issuer key")); return 0; } - LC (RSA_free, (key)); + RSA_free (key); buf_len = strlen (fmt) + strlen (ikey) + strlen (skey) + 56; buf = calloc (buf_len, sizeof (char)); @@ -470,8 +469,7 @@ x509_generate_kn (int id, X509 *cert) free (ikey); free (skey); - if (LK (kn_add_assertion, (id, buf, strlen (buf), - ASSERT_FLAG_LOCAL)) == -1) + if (kn_add_assertion (id, buf, strlen (buf), ASSERT_FLAG_LOCAL) == -1) { LOG_DBG ((LOG_POLICY, 30, "x509_generate_kn: failed to add new KeyNote credential")); @@ -484,14 +482,14 @@ x509_generate_kn (int id, X509 *cert) free (buf); - if (!LC (X509_NAME_oneline, (issuer, isname, 256))) + if (!X509_NAME_oneline (issuer, isname, 256)) { LOG_DBG ((LOG_POLICY, 50, "x509_generate_kn: X509_NAME_oneline (issuer, ...) failed")); return 0; } - if (!LC (X509_NAME_oneline, (subject, subname, 256))) + if (!X509_NAME_oneline (subject, subname, 256)) { LOG_DBG ((LOG_POLICY, 50, "x509_generate_kn: X509_NAME_oneline (subject, ...) failed")); @@ -509,8 +507,7 @@ x509_generate_kn (int id, X509 *cert) snprintf (buf, buf_len, fmt2, isname, subname, timecomp, before, timecomp2, after); - if (LK (kn_add_assertion, (id, buf, strlen (buf), - ASSERT_FLAG_LOCAL)) == -1) + if (kn_add_assertion (id, buf, strlen (buf), ASSERT_FLAG_LOCAL) == -1) { LOG_DBG ((LOG_POLICY, 30, "x509_generate_kn: failed to add new KeyNote credential")); @@ -713,16 +710,16 @@ x509_read_from_dir (X509_STORE *ctx, char *name, int hash) LOG_DBG ((LOG_CRYPTO, 60, "x509_read_from_dir: reading certificate %s", file->d_name)); - certh = LC (BIO_new, (LC (BIO_s_file, ()))); + certh = BIO_new (BIO_s_file ()); if (!certh) { log_error ("x509_read_from_dir: BIO_new (BIO_s_file ()) failed"); continue; } - if (LC (BIO_read_filename, (certh, fullname)) == -1) + if (BIO_read_filename (certh, fullname) == -1) { - LC (BIO_free, (certh)); + BIO_free (certh); log_error ("x509_read_from_dir: " "BIO_read_filename (certh, \"%s\") failed", fullname); @@ -730,11 +727,11 @@ x509_read_from_dir (X509_STORE *ctx, char *name, int hash) } #if SSLEAY_VERSION_NUMBER >= 0x00904100L - cert = LC (PEM_read_bio_X509, (certh, NULL, NULL, NULL)); + cert = PEM_read_bio_X509 (certh, NULL, NULL, NULL); #else - cert = LC (PEM_read_bio_X509, (certh, NULL, NULL)); + cert = PEM_read_bio_X509 (certh, NULL, NULL); #endif - LC (BIO_free, (certh)); + BIO_free (certh); if (cert == NULL) { log_print ("x509_read_from_dir: PEM_read_bio_X509 failed for %s", @@ -742,7 +739,7 @@ x509_read_from_dir (X509_STORE *ctx, char *name, int hash) continue; } - if (!LC (X509_STORE_add_cert, (ctx, cert))) + if (!X509_STORE_add_cert (ctx, cert)) { /* * This is actually expected if we have several certificates only @@ -783,9 +780,9 @@ x509_cert_init (void) /* Free if already initialized. */ if (x509_cas) - LC (X509_STORE_free, (x509_cas)); + X509_STORE_free (x509_cas); - x509_cas = LC (X509_STORE_new, ()); + x509_cas = X509_STORE_new (); if (!x509_cas) { log_print ("x509_cert_init: creating new X509_STORE failed"); @@ -808,9 +805,9 @@ x509_cert_init (void) /* Free if already initialized. */ if (x509_certs) - LC (X509_STORE_free, (x509_certs)); + X509_STORE_free (x509_certs); - x509_certs = LC (X509_STORE_new, ()); + x509_certs = X509_STORE_new (); if (!x509_certs) { log_print ("x509_cert_init: creating new X509_STORE failed"); @@ -829,15 +826,6 @@ x509_cert_init (void) void * x509_cert_get (u_int8_t *asn, u_int32_t len) { -#ifndef USE_LIBCRYPTO - /* - * If we don't have a statically linked libcrypto, the dlopen must have - * succeeded for X.509 to be usable. - */ - if (!libcrypto) - return 0; -#endif - return x509_from_asn (asn, len); } @@ -854,10 +842,10 @@ x509_cert_validate (void *scert) * Validate the peer certificate by checking with the CA certificates we * trust. */ - LC (X509_STORE_CTX_init, (&csc, x509_cas, cert, NULL)); - res = LC (X509_verify_cert, (&csc)); + X509_STORE_CTX_init (&csc, x509_cas, cert, NULL); + res = X509_verify_cert (&csc); err = csc.error; - LC (X509_STORE_CTX_cleanup, (&csc)); + X509_STORE_CTX_cleanup (&csc); /* Return if validation succeeded or self-signed certs are not accepted. */ if (res) @@ -866,17 +854,17 @@ x509_cert_validate (void *scert) { if (err) log_print ("x509_cert_validate: %.100s", - LC (X509_verify_cert_error_string, (err))); + X509_verify_cert_error_string (err)); return res; } - issuer = LC (X509_get_issuer_name, (cert)); - subject = LC (X509_get_subject_name, (cert)); + issuer = X509_get_issuer_name (cert); + subject = X509_get_subject_name (cert); - if (!issuer || !subject || LC (X509_name_cmp, (issuer, subject))) + if (!issuer || !subject || X509_name_cmp (issuer, subject)) return 0; - key = LC (X509_get_pubkey, (cert)); + key = X509_get_pubkey (cert); if (!key) { log_print ("x509_cert_validate: could not get public key from " @@ -884,7 +872,7 @@ x509_cert_validate (void *scert) return 0; } - if (LC (X509_verify, (cert, key)) == -1) + if (X509_verify (cert, key) == -1) { log_print ("x509_cert_validate: self-signed cert is bad"); return 0; @@ -899,7 +887,7 @@ x509_cert_insert (int id, void *scert) X509 *cert; int res; - cert = LC (X509_dup, ((X509 *)scert)); + cert = X509_dup ((X509 *)scert); if (!cert) { log_print ("x509_cert_insert: X509_dup failed"); @@ -915,14 +903,14 @@ x509_cert_insert (int id, void *scert) { LOG_DBG ((LOG_POLICY, 50, "x509_cert_insert: x509_generate_kn failed")); - LC (X509_free, (cert)); + X509_free (cert); return 0; } #endif /* USE_POLICY */ res = x509_hash_enter (cert); if (!res) - LC (X509_free, (cert)); + X509_free (cert); return res; } @@ -948,7 +936,7 @@ x509_cert_free (void *cert) if (certh) LIST_REMOVE (certh, link); - LC (X509_free, ((X509 *)cert)); + X509_free ((X509 *)cert); } /* Validate the BER Encoding of a RDNSequence in the CERT_REQ payload. */ @@ -1044,20 +1032,20 @@ x509_from_asn (u_char *asn, u_int len) BIO *certh; X509 *scert = 0; - certh = LC (BIO_new, (LC (BIO_s_mem, ()))); + certh = BIO_new (BIO_s_mem ()); if (!certh) { log_error ("x509_from_asn: BIO_new (BIO_s_mem ()) failed"); return 0; } - if (LC (BIO_write, (certh, asn, len)) == -1) + if (BIO_write (certh, asn, len) == -1) { log_error ("x509_from_asn: BIO_write failed\n"); goto end; } - scert = LC (d2i_X509_bio, (certh, NULL)); + scert = d2i_X509_bio (certh, NULL); if (!scert) { log_print ("x509_from_asn: d2i_X509_bio failed\n"); @@ -1065,7 +1053,7 @@ x509_from_asn (u_char *asn, u_int len) } end: - LC (BIO_free, (certh)); + BIO_free (certh); return scert; } @@ -1110,7 +1098,7 @@ x509_cert_subjectaltname (X509 *scert, u_int8_t **altname, u_int32_t *len) int extpos; int santype, sanlen; - extpos = LC (X509_get_ext_by_NID, (scert, NID_subject_alt_name, -1)); + extpos = X509_get_ext_by_NID (scert, NID_subject_alt_name, -1); if (extpos == -1) { log_print ("x509_cert_subjectaltname: " @@ -1118,7 +1106,7 @@ x509_cert_subjectaltname (X509 *scert, u_int8_t **altname, u_int32_t *len) return 0; } - subjectaltname = LC (X509_get_ext, (scert, extpos)); + subjectaltname = X509_get_ext (scert, extpos); if (!subjectaltname || !subjectaltname->value || !subjectaltname->value->data || subjectaltname->value->length < 4) @@ -1184,13 +1172,13 @@ x509_cert_get_subjects (void *scert, int *cnt, u_int8_t ***id, } /* Stash the subjectName into the first slot. */ - subject = LC (X509_get_subject_name, (cert)); + subject = X509_get_subject_name (cert); if (!subject) goto fail; (*id_len)[0] = - ISAKMP_ID_DATA_OFF + LC (i2d_X509_NAME, (subject, NULL)) - ISAKMP_GEN_SZ; + ISAKMP_ID_DATA_OFF + i2d_X509_NAME (subject, NULL) - ISAKMP_GEN_SZ; (*id)[0] = malloc ((*id_len)[0]); if (!(*id)[0]) { @@ -1199,7 +1187,7 @@ x509_cert_get_subjects (void *scert, int *cnt, u_int8_t ***id, } SET_ISAKMP_ID_TYPE ((*id)[0] - ISAKMP_GEN_SZ, IPSEC_ID_DER_ASN1_DN); ubuf = (*id)[0] + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ; - LC (i2d_X509_NAME, (subject, &ubuf)); + i2d_X509_NAME (subject, &ubuf); /* Stash the subjectAltName into the second slot. */ type = x509_cert_subjectaltname (cert, &altname, &altlen); @@ -1283,17 +1271,17 @@ x509_cert_get_key (void *scert, void *keyp) X509 *cert = scert; EVP_PKEY *key; - key = LC (X509_get_pubkey, (cert)); + key = X509_get_pubkey (cert); /* Check if we got the right key type. */ if (key->type != EVP_PKEY_RSA) { log_print ("x509_cert_get_key: public key is not a RSA key"); - LC (X509_free, (cert)); + X509_free (cert); return 0; } - *(RSA **)keyp = LC (RSAPublicKey_dup, (key->pkey.rsa)); + *(RSA **)keyp = RSAPublicKey_dup (key->pkey.rsa); return *(RSA **)keyp == NULL ? 0 : 1; } @@ -1301,7 +1289,7 @@ x509_cert_get_key (void *scert, void *keyp) void * x509_cert_dup (void *scert) { - return LC (X509_dup, (scert)); + return X509_dup (scert); } void @@ -1309,7 +1297,7 @@ x509_serialize (void *scert, u_int8_t **data, u_int32_t *datalen) { u_int8_t *p; - *datalen = LC (i2d_X509, ((X509 *) scert, NULL)); + *datalen = i2d_X509 ((X509 *) scert, NULL); *data = p = malloc (*datalen); if (!p) { @@ -1317,7 +1305,7 @@ x509_serialize (void *scert, u_int8_t **data, u_int32_t *datalen) return; } - *datalen = LC (i2d_X509, ((X509 *)scert, &p)); + *datalen = i2d_X509 ((X509 *)scert, &p); } /* From cert to printable */ @@ -1386,19 +1374,19 @@ x509_DN_string (u_int8_t *asn1, size_t sz) /* XXX Just a guess at a maximum length. */ char buf[256]; - name = LC (d2i_X509_NAME, (NULL, &p, sz)); + name = d2i_X509_NAME (NULL, &p, sz); if (!name) { log_print ("x509_DN_string: d2i_X509_NAME failed"); return 0; } - if (!LC (X509_NAME_oneline, (name, buf, sizeof buf - 1))) + if (!X509_NAME_oneline (name, buf, sizeof buf - 1)) { log_print ("x509_DN_string: X509_NAME_oneline failed"); - LC (X509_NAME_free, (name)); + X509_NAME_free (name); return 0; } - LC (X509_NAME_free, (name)); + X509_NAME_free (name); buf[sizeof buf - 1] = '\0'; return strdup (buf); } |