aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/ntp/ntpd/ntp_crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/ntp/ntpd/ntp_crypto.c')
-rw-r--r--contrib/ntp/ntpd/ntp_crypto.c345
1 files changed, 207 insertions, 138 deletions
diff --git a/contrib/ntp/ntpd/ntp_crypto.c b/contrib/ntp/ntpd/ntp_crypto.c
index 5b87f19211b5..956875de7b44 100644
--- a/contrib/ntp/ntpd/ntp_crypto.c
+++ b/contrib/ntp/ntpd/ntp_crypto.c
@@ -22,13 +22,13 @@
#include "ntp_calendar.h"
#include "ntp_leapsec.h"
-#include "openssl/asn1_mac.h"
#include "openssl/bn.h"
#include "openssl/err.h"
#include "openssl/evp.h"
#include "openssl/pem.h"
#include "openssl/rand.h"
#include "openssl/x509v3.h"
+#include "libssl_compat.h"
#ifdef KERNEL_PLL
#include "ntp_syscall.h"
@@ -230,7 +230,7 @@ session_key(
u_long lifetime /* key lifetime */
)
{
- EVP_MD_CTX ctx; /* message digest context */
+ EVP_MD_CTX *ctx; /* message digest context */
u_char dgst[EVP_MAX_MD_SIZE]; /* message digest */
keyid_t keyid; /* key identifer */
u_int32 header[10]; /* data in network byte order */
@@ -263,9 +263,11 @@ session_key(
hdlen = 10 * sizeof(u_int32);
break;
}
- EVP_DigestInit(&ctx, EVP_get_digestbynid(crypto_nid));
- EVP_DigestUpdate(&ctx, (u_char *)header, hdlen);
- EVP_DigestFinal(&ctx, dgst, &len);
+ ctx = EVP_MD_CTX_new();
+ EVP_DigestInit(ctx, EVP_get_digestbynid(crypto_nid));
+ EVP_DigestUpdate(ctx, (u_char *)header, hdlen);
+ EVP_DigestFinal(ctx, dgst, &len);
+ EVP_MD_CTX_free(ctx);
memcpy(&keyid, dgst, 4);
keyid = ntohl(keyid);
if (lifetime != 0) {
@@ -299,7 +301,7 @@ make_keylist(
struct interface *dstadr /* interface */
)
{
- EVP_MD_CTX ctx; /* signature context */
+ EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp; /* NTP timestamp */
struct autokey *ap; /* autokey pointer */
struct value *vp; /* value pointer */
@@ -377,14 +379,16 @@ make_keylist(
if (tstamp != 0) {
if (vp->sig == NULL)
vp->sig = emalloc(sign_siglen);
- EVP_SignInit(&ctx, sign_digest);
- EVP_SignUpdate(&ctx, (u_char *)vp, 12);
- EVP_SignUpdate(&ctx, vp->ptr, sizeof(struct autokey));
- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+ ctx = EVP_MD_CTX_new();
+ EVP_SignInit(ctx, sign_digest);
+ EVP_SignUpdate(ctx, (u_char *)vp, 12);
+ EVP_SignUpdate(ctx, vp->ptr, sizeof(struct autokey));
+ if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
peer->flags |= FLAG_ASSOC;
}
+ EVP_MD_CTX_free(ctx);
}
DPRINTF(1, ("make_keys: %d %08x %08x ts %u fs %u poll %d\n",
peer->keynumber, keyid, cookie, ntohl(vp->tstamp),
@@ -820,8 +824,8 @@ crypto_recv(
* errors.
*/
if (vallen == (u_int)EVP_PKEY_size(host_pkey)) {
- u_int32 *cookiebuf = malloc(
- RSA_size(host_pkey->pkey.rsa));
+ RSA *rsa = EVP_PKEY_get0_RSA(host_pkey);
+ u_int32 *cookiebuf = malloc(RSA_size(rsa));
if (!cookiebuf) {
rval = XEVNT_CKY;
break;
@@ -830,7 +834,7 @@ crypto_recv(
if (RSA_private_decrypt(vallen,
(u_char *)ep->pkt,
(u_char *)cookiebuf,
- host_pkey->pkey.rsa,
+ rsa,
RSA_PKCS1_OAEP_PADDING) != 4) {
rval = XEVNT_CKY;
free(cookiebuf);
@@ -1421,7 +1425,7 @@ crypto_verify(
)
{
EVP_PKEY *pkey; /* server public key */
- EVP_MD_CTX ctx; /* signature context */
+ EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp, tstamp1 = 0; /* timestamp */
tstamp_t fstamp, fstamp1 = 0; /* filestamp */
u_int vallen; /* value length */
@@ -1533,12 +1537,16 @@ crypto_verify(
* signature. If the identity exchange is verified, light the
* proventic bit. What a relief.
*/
- EVP_VerifyInit(&ctx, peer->digest);
+ ctx = EVP_MD_CTX_new();
+ EVP_VerifyInit(ctx, peer->digest);
/* XXX: the "+ 12" needs to be at least documented... */
- EVP_VerifyUpdate(&ctx, (u_char *)&ep->tstamp, vallen + 12);
- if (EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen,
- pkey) <= 0)
+ EVP_VerifyUpdate(ctx, (u_char *)&ep->tstamp, vallen + 12);
+ if (EVP_VerifyFinal(ctx, (u_char *)&ep->pkt[i], siglen,
+ pkey) <= 0) {
+ EVP_MD_CTX_free(ctx);
return (XEVNT_SIG);
+ }
+ EVP_MD_CTX_free(ctx);
if (peer->crypto & CRYPTO_FLAG_VRFY)
peer->crypto |= CRYPTO_FLAG_PROV;
@@ -1564,7 +1572,7 @@ crypto_encrypt(
)
{
EVP_PKEY *pkey; /* public key */
- EVP_MD_CTX ctx; /* signature context */
+ EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp; /* NTP timestamp */
u_int32 temp32;
u_char *puch;
@@ -1592,7 +1600,7 @@ crypto_encrypt(
puch = vp->ptr;
temp32 = htonl(*cookie);
if (RSA_public_encrypt(4, (u_char *)&temp32, puch,
- pkey->pkey.rsa, RSA_PKCS1_OAEP_PADDING) <= 0) {
+ EVP_PKEY_get0_RSA(pkey), RSA_PKCS1_OAEP_PADDING) <= 0) {
msyslog(LOG_ERR, "crypto_encrypt: %s",
ERR_error_string(ERR_get_error(), NULL));
free(vp->ptr);
@@ -1604,13 +1612,15 @@ crypto_encrypt(
return (XEVNT_OK);
vp->sig = emalloc(sign_siglen);
- EVP_SignInit(&ctx, sign_digest);
- EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
- EVP_SignUpdate(&ctx, vp->ptr, vallen);
- if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey)) {
+ ctx = EVP_MD_CTX_new();
+ EVP_SignInit(ctx, sign_digest);
+ EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
+ EVP_SignUpdate(ctx, vp->ptr, vallen);
+ if (EVP_SignFinal(ctx, vp->sig, &vallen, sign_pkey)) {
INSIST(vallen <= sign_siglen);
vp->siglen = htonl(vallen);
}
+ EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@@ -1817,7 +1827,7 @@ crypto_send(
void
crypto_update(void)
{
- EVP_MD_CTX ctx; /* message digest context */
+ EVP_MD_CTX *ctx; /* message digest context */
struct cert_info *cp; /* certificate info/value */
char statstr[NTP_MAXSTRLEN]; /* statistics for filegen */
u_int32 *ptr;
@@ -1828,6 +1838,8 @@ crypto_update(void)
if (hostval.tstamp == 0)
return;
+ ctx = EVP_MD_CTX_new();
+
/*
* Sign public key and timestamps. The filestamp is derived from
* the host key file extension from wherever the file was
@@ -1838,10 +1850,10 @@ crypto_update(void)
pubkey.siglen = 0;
if (pubkey.sig == NULL)
pubkey.sig = emalloc(sign_siglen);
- EVP_SignInit(&ctx, sign_digest);
- EVP_SignUpdate(&ctx, (u_char *)&pubkey, 12);
- EVP_SignUpdate(&ctx, pubkey.ptr, ntohl(pubkey.vallen));
- if (EVP_SignFinal(&ctx, pubkey.sig, &len, sign_pkey)) {
+ EVP_SignInit(ctx, sign_digest);
+ EVP_SignUpdate(ctx, (u_char *)&pubkey, 12);
+ EVP_SignUpdate(ctx, pubkey.ptr, ntohl(pubkey.vallen));
+ if (EVP_SignFinal(ctx, pubkey.sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
pubkey.siglen = htonl(len);
}
@@ -1858,11 +1870,11 @@ crypto_update(void)
cp->cert.siglen = 0;
if (cp->cert.sig == NULL)
cp->cert.sig = emalloc(sign_siglen);
- EVP_SignInit(&ctx, sign_digest);
- EVP_SignUpdate(&ctx, (u_char *)&cp->cert, 12);
- EVP_SignUpdate(&ctx, cp->cert.ptr,
+ EVP_SignInit(ctx, sign_digest);
+ EVP_SignUpdate(ctx, (u_char *)&cp->cert, 12);
+ EVP_SignUpdate(ctx, cp->cert.ptr,
ntohl(cp->cert.vallen));
- if (EVP_SignFinal(&ctx, cp->cert.sig, &len, sign_pkey)) {
+ if (EVP_SignFinal(ctx, cp->cert.sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
cp->cert.siglen = htonl(len);
}
@@ -1909,10 +1921,10 @@ crypto_update(void)
}
if (tai_leap.sig == NULL)
tai_leap.sig = emalloc(sign_siglen);
- EVP_SignInit(&ctx, sign_digest);
- EVP_SignUpdate(&ctx, (u_char *)&tai_leap, 12);
- EVP_SignUpdate(&ctx, tai_leap.ptr, len);
- if (EVP_SignFinal(&ctx, tai_leap.sig, &len, sign_pkey)) {
+ EVP_SignInit(ctx, sign_digest);
+ EVP_SignUpdate(ctx, (u_char *)&tai_leap, 12);
+ EVP_SignUpdate(ctx, tai_leap.ptr, len);
+ if (EVP_SignFinal(ctx, tai_leap.sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
tai_leap.siglen = htonl(len);
}
@@ -1922,6 +1934,7 @@ crypto_update(void)
ntohl(hostval.tstamp));
record_crypto_stats(NULL, statstr);
DPRINTF(1, ("crypto_update: %s\n", statstr));
+ EVP_MD_CTX_free(ctx);
}
/*
@@ -2061,7 +2074,7 @@ bighash(
BIGNUM *bk /* BIGNUM * to */
)
{
- EVP_MD_CTX ctx; /* message digest context */
+ EVP_MD_CTX *ctx; /* message digest context */
u_char dgst[EVP_MAX_MD_SIZE]; /* message digest */
u_char *ptr; /* a BIGNUM as binary string */
u_int len;
@@ -2069,9 +2082,11 @@ bighash(
len = BN_num_bytes(bn);
ptr = emalloc(len);
BN_bn2bin(bn, ptr);
- EVP_DigestInit(&ctx, EVP_md5());
- EVP_DigestUpdate(&ctx, ptr, len);
- EVP_DigestFinal(&ctx, dgst, &len);
+ ctx = EVP_MD_CTX_new();
+ EVP_DigestInit(ctx, EVP_md5());
+ EVP_DigestUpdate(ctx, ptr, len);
+ EVP_DigestFinal(ctx, dgst, &len);
+ EVP_MD_CTX_free(ctx);
BN_bin2bn(dgst, len, bk);
free(ptr);
}
@@ -2139,9 +2154,10 @@ crypto_alice(
{
DSA *dsa; /* IFF parameters */
BN_CTX *bctx; /* BIGNUM context */
- EVP_MD_CTX ctx; /* signature context */
+ EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp;
u_int len;
+ const BIGNUM *q;
/*
* The identity parameters must have correct format and content.
@@ -2151,7 +2167,7 @@ crypto_alice(
return (XEVNT_ID);
}
- if ((dsa = peer->ident_pkey->pkey->pkey.dsa) == NULL) {
+ if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
msyslog(LOG_NOTICE, "crypto_alice: defective key");
return (XEVNT_PUB);
}
@@ -2162,10 +2178,11 @@ crypto_alice(
if (peer->iffval != NULL)
BN_free(peer->iffval);
peer->iffval = BN_new();
- len = BN_num_bytes(dsa->q);
+ DSA_get0_pqg(dsa, NULL, &q, NULL);
+ len = BN_num_bytes(q);
BN_rand(peer->iffval, len * 8, -1, 1); /* r mod q*/
bctx = BN_CTX_new();
- BN_mod(peer->iffval, peer->iffval, dsa->q, bctx);
+ BN_mod(peer->iffval, peer->iffval, q, bctx);
BN_CTX_free(bctx);
/*
@@ -2182,13 +2199,15 @@ crypto_alice(
return (XEVNT_OK);
vp->sig = emalloc(sign_siglen);
- EVP_SignInit(&ctx, sign_digest);
- EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
- EVP_SignUpdate(&ctx, vp->ptr, len);
- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+ ctx = EVP_MD_CTX_new();
+ EVP_SignInit(ctx, sign_digest);
+ EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
+ EVP_SignUpdate(ctx, vp->ptr, len);
+ if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
+ EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@@ -2210,11 +2229,13 @@ crypto_bob(
DSA *dsa; /* IFF parameters */
DSA_SIG *sdsa; /* DSA signature context fake */
BN_CTX *bctx; /* BIGNUM context */
- EVP_MD_CTX ctx; /* signature context */
+ EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp; /* NTP timestamp */
BIGNUM *bn, *bk, *r;
u_char *ptr;
u_int len; /* extension field value length */
+ const BIGNUM *p, *q, *g;
+ const BIGNUM *priv_key;
/*
* If the IFF parameters are not valid, something awful
@@ -2224,7 +2245,9 @@ crypto_bob(
msyslog(LOG_NOTICE, "crypto_bob: scheme unavailable");
return (XEVNT_ID);
}
- dsa = iffkey_info->pkey->pkey.dsa;
+ dsa = EVP_PKEY_get0_DSA(iffkey_info->pkey);
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, NULL, &priv_key);
/*
* Extract r from the challenge.
@@ -2245,15 +2268,14 @@ crypto_bob(
bctx = BN_CTX_new(); bk = BN_new(); bn = BN_new();
sdsa = DSA_SIG_new();
BN_rand(bk, len * 8, -1, 1); /* k */
- BN_mod_mul(bn, dsa->priv_key, r, dsa->q, bctx); /* b r mod q */
+ BN_mod_mul(bn, priv_key, r, q, bctx); /* b r mod q */
BN_add(bn, bn, bk);
- BN_mod(bn, bn, dsa->q, bctx); /* k + b r mod q */
- sdsa->r = BN_dup(bn);
- BN_mod_exp(bk, dsa->g, bk, dsa->p, bctx); /* g^k mod p */
+ BN_mod(bn, bn, q, bctx); /* k + b r mod q */
+ BN_mod_exp(bk, g, bk, p, bctx); /* g^k mod p */
bighash(bk, bk);
- sdsa->s = BN_dup(bk);
+ DSA_SIG_set0(sdsa, bn, bk);
BN_CTX_free(bctx);
- BN_free(r); BN_free(bn); BN_free(bk);
+ BN_free(r);
#ifdef DEBUG
if (debug > 1)
DSA_print_fp(stdout, dsa, 0);
@@ -2290,13 +2312,15 @@ crypto_bob(
/* XXX: more validation to make sure the sign fits... */
vp->sig = emalloc(sign_siglen);
- EVP_SignInit(&ctx, sign_digest);
- EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
- EVP_SignUpdate(&ctx, vp->ptr, len);
- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+ ctx = EVP_MD_CTX_new();
+ EVP_SignInit(ctx, sign_digest);
+ EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
+ EVP_SignUpdate(ctx, vp->ptr, len);
+ if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
+ EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@@ -2323,6 +2347,9 @@ crypto_iff(
u_int len;
const u_char *ptr;
int temp;
+ const BIGNUM *p, *g;
+ const BIGNUM *r, *s;
+ const BIGNUM *pub_key;
/*
* If the IFF parameters are not valid or no challenge was sent,
@@ -2337,7 +2364,7 @@ crypto_iff(
ntohl(ep->fstamp));
return (XEVNT_FSP);
}
- if ((dsa = peer->ident_pkey->pkey->pkey.dsa) == NULL) {
+ if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
msyslog(LOG_NOTICE, "crypto_iff: defective key");
return (XEVNT_PUB);
}
@@ -2362,15 +2389,18 @@ crypto_iff(
/*
* Compute g^(k + b r) g^(q - b)r mod p.
*/
- BN_mod_exp(bn, dsa->pub_key, peer->iffval, dsa->p, bctx);
- BN_mod_exp(bk, dsa->g, sdsa->r, dsa->p, bctx);
- BN_mod_mul(bn, bn, bk, dsa->p, bctx);
+ DSA_get0_key(dsa, &pub_key, NULL);
+ DSA_get0_pqg(dsa, &p, NULL, &g);
+ DSA_SIG_get0(sdsa, &r, &s);
+ BN_mod_exp(bn, pub_key, peer->iffval, p, bctx);
+ BN_mod_exp(bk, g, r, p, bctx);
+ BN_mod_mul(bn, bn, bk, p, bctx);
/*
* Verify the hash of the result matches hash(x).
*/
bighash(bn, bn);
- temp = BN_cmp(bn, sdsa->s);
+ temp = BN_cmp(bn, s);
BN_free(bn); BN_free(bk); BN_CTX_free(bctx);
BN_free(peer->iffval);
peer->iffval = NULL;
@@ -2456,9 +2486,10 @@ crypto_alice2(
{
RSA *rsa; /* GQ parameters */
BN_CTX *bctx; /* BIGNUM context */
- EVP_MD_CTX ctx; /* signature context */
+ EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp;
u_int len;
+ const BIGNUM *n;
/*
* The identity parameters must have correct format and content.
@@ -2466,7 +2497,7 @@ crypto_alice2(
if (peer->ident_pkey == NULL)
return (XEVNT_ID);
- if ((rsa = peer->ident_pkey->pkey->pkey.rsa) == NULL) {
+ if ((rsa = EVP_PKEY_get0_RSA(peer->ident_pkey->pkey)) == NULL) {
msyslog(LOG_NOTICE, "crypto_alice2: defective key");
return (XEVNT_PUB);
}
@@ -2477,10 +2508,11 @@ crypto_alice2(
if (peer->iffval != NULL)
BN_free(peer->iffval);
peer->iffval = BN_new();
- len = BN_num_bytes(rsa->n);
+ RSA_get0_key(rsa, &n, NULL, NULL);
+ len = BN_num_bytes(n);
BN_rand(peer->iffval, len * 8, -1, 1); /* r mod n */
bctx = BN_CTX_new();
- BN_mod(peer->iffval, peer->iffval, rsa->n, bctx);
+ BN_mod(peer->iffval, peer->iffval, n, bctx);
BN_CTX_free(bctx);
/*
@@ -2497,13 +2529,15 @@ crypto_alice2(
return (XEVNT_OK);
vp->sig = emalloc(sign_siglen);
- EVP_SignInit(&ctx, sign_digest);
- EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
- EVP_SignUpdate(&ctx, vp->ptr, len);
- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+ ctx = EVP_MD_CTX_new();
+ EVP_SignInit(ctx, sign_digest);
+ EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
+ EVP_SignUpdate(ctx, vp->ptr, len);
+ if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
+ EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@@ -2525,12 +2559,13 @@ crypto_bob2(
RSA *rsa; /* GQ parameters */
DSA_SIG *sdsa; /* DSA parameters */
BN_CTX *bctx; /* BIGNUM context */
- EVP_MD_CTX ctx; /* signature context */
+ EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp; /* NTP timestamp */
BIGNUM *r, *k, *g, *y;
u_char *ptr;
u_int len;
int s_len;
+ const BIGNUM *n, *p, *e;
/*
* If the GQ parameters are not valid, something awful
@@ -2540,7 +2575,8 @@ crypto_bob2(
msyslog(LOG_NOTICE, "crypto_bob2: scheme unavailable");
return (XEVNT_ID);
}
- rsa = gqkey_info->pkey->pkey.rsa;
+ rsa = EVP_PKEY_get0_RSA(gqkey_info->pkey);
+ RSA_get0_key(rsa, &n, &p, &e);
/*
* Extract r from the challenge.
@@ -2561,15 +2597,14 @@ crypto_bob2(
bctx = BN_CTX_new(); k = BN_new(); g = BN_new(); y = BN_new();
sdsa = DSA_SIG_new();
BN_rand(k, len * 8, -1, 1); /* k */
- BN_mod(k, k, rsa->n, bctx);
- BN_mod_exp(y, rsa->p, r, rsa->n, bctx); /* u^r mod n */
- BN_mod_mul(y, k, y, rsa->n, bctx); /* k u^r mod n */
- sdsa->r = BN_dup(y);
- BN_mod_exp(g, k, rsa->e, rsa->n, bctx); /* k^b mod n */
+ BN_mod(k, k, n, bctx);
+ BN_mod_exp(y, p, r, n, bctx); /* u^r mod n */
+ BN_mod_mul(y, k, y, n, bctx); /* k u^r mod n */
+ BN_mod_exp(g, k, e, n, bctx); /* k^b mod n */
bighash(g, g);
- sdsa->s = BN_dup(g);
+ DSA_SIG_set0(sdsa, y, g);
BN_CTX_free(bctx);
- BN_free(r); BN_free(k); BN_free(g); BN_free(y);
+ BN_free(r); BN_free(k);
#ifdef DEBUG
if (debug > 1)
RSA_print_fp(stdout, rsa, 0);
@@ -2599,13 +2634,15 @@ crypto_bob2(
return (XEVNT_OK);
vp->sig = emalloc(sign_siglen);
- EVP_SignInit(&ctx, sign_digest);
- EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
- EVP_SignUpdate(&ctx, vp->ptr, len);
- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+ ctx = EVP_MD_CTX_new();
+ EVP_SignInit(ctx, sign_digest);
+ EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
+ EVP_SignUpdate(ctx, vp->ptr, len);
+ if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
+ EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@@ -2633,6 +2670,8 @@ crypto_gq(
const u_char *ptr;
long len;
u_int temp;
+ const BIGNUM *n, *e;
+ const BIGNUM *r, *s;
/*
* If the GQ parameters are not valid or no challenge was sent,
@@ -2649,10 +2688,11 @@ crypto_gq(
ntohl(ep->fstamp));
return (XEVNT_FSP);
}
- if ((rsa = peer->ident_pkey->pkey->pkey.rsa) == NULL) {
+ if ((rsa = EVP_PKEY_get0_RSA(peer->ident_pkey->pkey)) == NULL) {
msyslog(LOG_NOTICE, "crypto_gq: defective key");
return (XEVNT_PUB);
}
+ RSA_get0_key(rsa, &n, NULL, &e);
if (peer->iffval == NULL) {
msyslog(LOG_NOTICE, "crypto_gq: missing challenge");
return (XEVNT_ID);
@@ -2671,6 +2711,7 @@ crypto_gq(
ERR_error_string(ERR_get_error(), NULL));
return (XEVNT_ERR);
}
+ DSA_SIG_get0(sdsa, &r, &s);
/*
* Compute v^r y^b mod n.
@@ -2679,16 +2720,16 @@ crypto_gq(
msyslog(LOG_NOTICE, "crypto_gq: missing group key");
return (XEVNT_ID);
}
- BN_mod_exp(v, peer->grpkey, peer->iffval, rsa->n, bctx);
+ BN_mod_exp(v, peer->grpkey, peer->iffval, n, bctx);
/* v^r mod n */
- BN_mod_exp(y, sdsa->r, rsa->e, rsa->n, bctx); /* y^b mod n */
- BN_mod_mul(y, v, y, rsa->n, bctx); /* v^r y^b mod n */
+ BN_mod_exp(y, r, e, n, bctx); /* y^b mod n */
+ BN_mod_mul(y, v, y, n, bctx); /* v^r y^b mod n */
/*
* Verify the hash of the result matches hash(x).
*/
bighash(y, y);
- temp = BN_cmp(y, sdsa->s);
+ temp = BN_cmp(y, s);
BN_CTX_free(bctx); BN_free(y); BN_free(v);
BN_free(peer->iffval);
peer->iffval = NULL;
@@ -2789,9 +2830,10 @@ crypto_alice3(
{
DSA *dsa; /* MV parameters */
BN_CTX *bctx; /* BIGNUM context */
- EVP_MD_CTX ctx; /* signature context */
+ EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp;
u_int len;
+ const BIGNUM *p;
/*
* The identity parameters must have correct format and content.
@@ -2799,10 +2841,11 @@ crypto_alice3(
if (peer->ident_pkey == NULL)
return (XEVNT_ID);
- if ((dsa = peer->ident_pkey->pkey->pkey.dsa) == NULL) {
+ if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
msyslog(LOG_NOTICE, "crypto_alice3: defective key");
return (XEVNT_PUB);
}
+ DSA_get0_pqg(dsa, &p, NULL, NULL);
/*
* Roll new random r (0 < r < q).
@@ -2810,10 +2853,10 @@ crypto_alice3(
if (peer->iffval != NULL)
BN_free(peer->iffval);
peer->iffval = BN_new();
- len = BN_num_bytes(dsa->p);
+ len = BN_num_bytes(p);
BN_rand(peer->iffval, len * 8, -1, 1); /* r mod p */
bctx = BN_CTX_new();
- BN_mod(peer->iffval, peer->iffval, dsa->p, bctx);
+ BN_mod(peer->iffval, peer->iffval, p, bctx);
BN_CTX_free(bctx);
/*
@@ -2830,13 +2873,15 @@ crypto_alice3(
return (XEVNT_OK);
vp->sig = emalloc(sign_siglen);
- EVP_SignInit(&ctx, sign_digest);
- EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
- EVP_SignUpdate(&ctx, vp->ptr, len);
- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+ ctx = EVP_MD_CTX_new();
+ EVP_SignInit(ctx, sign_digest);
+ EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
+ EVP_SignUpdate(ctx, vp->ptr, len);
+ if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
+ EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@@ -2857,11 +2902,14 @@ crypto_bob3(
DSA *dsa; /* MV parameters */
DSA *sdsa; /* DSA signature context fake */
BN_CTX *bctx; /* BIGNUM context */
- EVP_MD_CTX ctx; /* signature context */
+ EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp; /* NTP timestamp */
BIGNUM *r, *k, *u;
u_char *ptr;
u_int len;
+ const BIGNUM *p, *q, *g;
+ const BIGNUM *pub_key, *priv_key;
+ BIGNUM *sp, *sq, *sg;
/*
* If the MV parameters are not valid, something awful
@@ -2871,7 +2919,9 @@ crypto_bob3(
msyslog(LOG_NOTICE, "crypto_bob3: scheme unavailable");
return (XEVNT_ID);
}
- dsa = mvkey_info->pkey->pkey.dsa;
+ dsa = EVP_PKEY_get0_DSA(mvkey_info->pkey);
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, &priv_key);
/*
* Extract r from the challenge.
@@ -2892,18 +2942,20 @@ crypto_bob3(
*/
bctx = BN_CTX_new(); k = BN_new(); u = BN_new();
sdsa = DSA_new();
- sdsa->p = BN_new(); sdsa->q = BN_new(); sdsa->g = BN_new();
+ sp = BN_new(); sq = BN_new(); sg = BN_new();
while (1) {
- BN_rand(k, BN_num_bits(dsa->q), 0, 0);
- BN_mod(k, k, dsa->q, bctx);
- BN_gcd(u, k, dsa->q, bctx);
+ BN_rand(k, BN_num_bits(q), 0, 0);
+ BN_mod(k, k, q, bctx);
+ BN_gcd(u, k, q, bctx);
if (BN_is_one(u))
break;
}
- BN_mod_exp(u, dsa->g, k, dsa->p, bctx); /* A^k r */
- BN_mod_mul(sdsa->p, u, r, dsa->p, bctx);
- BN_mod_exp(sdsa->q, dsa->priv_key, k, dsa->p, bctx); /* gbar */
- BN_mod_exp(sdsa->g, dsa->pub_key, k, dsa->p, bctx); /* ghat */
+ BN_mod_exp(u, g, k, p, bctx); /* A^k r */
+ BN_mod_mul(sp, u, r, p, bctx);
+ BN_mod_exp(sq, priv_key, k, p, bctx); /* gbar */
+ BN_mod_exp(sg, pub_key, k, p, bctx); /* ghat */
+ DSA_set0_key(sdsa, BN_dup(pub_key), NULL);
+ DSA_set0_pqg(sdsa, sp, sq, sg);
BN_CTX_free(bctx); BN_free(k); BN_free(r); BN_free(u);
#ifdef DEBUG
if (debug > 1)
@@ -2934,13 +2986,15 @@ crypto_bob3(
return (XEVNT_OK);
vp->sig = emalloc(sign_siglen);
- EVP_SignInit(&ctx, sign_digest);
- EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
- EVP_SignUpdate(&ctx, vp->ptr, len);
- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+ ctx = EVP_MD_CTX_new();
+ EVP_SignInit(ctx, sign_digest);
+ EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12);
+ EVP_SignUpdate(ctx, vp->ptr, len);
+ if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
+ EVP_MD_CTX_free(ctx);
return (XEVNT_OK);
}
@@ -2968,6 +3022,9 @@ crypto_mv(
u_int len;
const u_char *ptr;
int temp;
+ const BIGNUM *p;
+ const BIGNUM *pub_key, *priv_key;
+ const BIGNUM *sp, *sq, *sg;
/*
* If the MV parameters are not valid or no challenge was sent,
@@ -2982,10 +3039,12 @@ crypto_mv(
ntohl(ep->fstamp));
return (XEVNT_FSP);
}
- if ((dsa = peer->ident_pkey->pkey->pkey.dsa) == NULL) {
+ if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
msyslog(LOG_NOTICE, "crypto_mv: defective key");
return (XEVNT_PUB);
}
+ DSA_get0_pqg(dsa, &p, NULL, NULL);
+ DSA_get0_key(dsa, &pub_key, &priv_key);
if (peer->iffval == NULL) {
msyslog(LOG_NOTICE, "crypto_mv: missing challenge");
return (XEVNT_ID);
@@ -3002,14 +3061,15 @@ crypto_mv(
ERR_error_string(ERR_get_error(), NULL));
return (XEVNT_ERR);
}
+ DSA_get0_pqg(sdsa, &sp, &sq, &sg);
/*
* Compute (gbar^xhat ghat^xbar) mod p.
*/
- BN_mod_exp(u, sdsa->q, dsa->pub_key, dsa->p, bctx);
- BN_mod_exp(v, sdsa->g, dsa->priv_key, dsa->p, bctx);
- BN_mod_mul(u, u, v, dsa->p, bctx);
- BN_mod_mul(u, u, sdsa->p, dsa->p, bctx);
+ BN_mod_exp(u, sq, pub_key, p, bctx);
+ BN_mod_exp(v, sg, priv_key, p, bctx);
+ BN_mod_mul(u, u, v, p, bctx);
+ BN_mod_mul(u, u, sp, p, bctx);
/*
* The result should match r.
@@ -3080,7 +3140,7 @@ cert_sign(
ASN1_INTEGER *serial; /* serial number */
X509_NAME *subj; /* distinguished (common) name */
EVP_PKEY *pkey; /* public key */
- EVP_MD_CTX ctx; /* message digest context */
+ EVP_MD_CTX *ctx; /* message digest context */
tstamp_t tstamp; /* NTP timestamp */
struct calendar tscal;
u_int len;
@@ -3176,13 +3236,15 @@ cert_sign(
vp->siglen = 0;
if (tstamp != 0) {
vp->sig = emalloc(sign_siglen);
- EVP_SignInit(&ctx, sign_digest);
- EVP_SignUpdate(&ctx, (u_char *)vp, 12);
- EVP_SignUpdate(&ctx, vp->ptr, len);
- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+ ctx = EVP_MD_CTX_new();
+ EVP_SignInit(ctx, sign_digest);
+ EVP_SignUpdate(ctx, (u_char *)vp, 12);
+ EVP_SignUpdate(ctx, vp->ptr, len);
+ if (EVP_SignFinal(ctx, vp->sig, &len, sign_pkey)) {
INSIST(len <= sign_siglen);
vp->siglen = htonl(len);
}
+ EVP_MD_CTX_free(ctx);
}
#ifdef DEBUG
if (debug > 1)
@@ -3368,13 +3430,12 @@ cert_parse(
)
{
X509 *cert; /* X509 certificate */
- X509_EXTENSION *ext; /* X509v3 extension */
struct cert_info *ret; /* certificate info/value */
BIO *bp;
char pathbuf[MAXFILENAME];
const u_char *ptr;
char *pch;
- int temp, cnt, i;
+ int cnt, i;
struct calendar fscal;
/*
@@ -3422,7 +3483,7 @@ cert_parse(
* objects at this time, since the real crunch can happen only
* when the time is valid but not yet certificated.
*/
- ret->nid = OBJ_obj2nid(cert->cert_info->signature->algorithm);
+ ret->nid = X509_get_signature_nid(cert);
ret->digest = (const EVP_MD *)EVP_get_digestbynid(ret->nid);
ret->serial =
(u_long)ASN1_INTEGER_get(X509_get_serialNumber(cert));
@@ -3446,9 +3507,16 @@ cert_parse(
*/
cnt = X509_get_ext_count(cert);
for (i = 0; i < cnt; i++) {
+ X509_EXTENSION *ext;
+ ASN1_OBJECT *obj;
+ int nid;
+ ASN1_OCTET_STRING *data;
+
ext = X509_get_ext(cert, i);
- temp = OBJ_obj2nid(ext->object);
- switch (temp) {
+ obj = X509_EXTENSION_get_object(ext);
+ nid = OBJ_obj2nid(obj);
+
+ switch (nid) {
/*
* If a key_usage field is present, we decode whether
@@ -3466,7 +3534,7 @@ cert_parse(
else if (strcmp(pathbuf, "Private") == 0)
ret->flags |= CERT_PRIV;
DPRINTF(1, ("cert_parse: %s: %s\n",
- OBJ_nid2ln(temp), pathbuf));
+ OBJ_nid2ln(nid), pathbuf));
break;
/*
@@ -3474,12 +3542,13 @@ cert_parse(
* contains the GQ public key.
*/
case NID_subject_key_identifier:
- ret->grpkey = BN_bin2bn(&ext->value->data[2],
- ext->value->length - 2, NULL);
+ data = X509_EXTENSION_get_data(ext);
+ ret->grpkey = BN_bin2bn(&data->data[2],
+ data->length - 2, NULL);
/* fall through */
default:
DPRINTF(1, ("cert_parse: %s\n",
- OBJ_nid2ln(temp)));
+ OBJ_nid2ln(nid)));
break;
}
}
@@ -3669,10 +3738,10 @@ crypto_key(
DPRINTF(1, ("crypto_key: %s\n", statstr));
#ifdef DEBUG
if (debug > 1) {
- if (pkey->type == EVP_PKEY_DSA)
- DSA_print_fp(stdout, pkey->pkey.dsa, 0);
- else if (pkey->type == EVP_PKEY_RSA)
- RSA_print_fp(stdout, pkey->pkey.rsa, 0);
+ if (EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA)
+ DSA_print_fp(stdout, EVP_PKEY_get0_DSA(pkey), 0);
+ else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA)
+ RSA_print_fp(stdout, EVP_PKEY_get0_RSA(pkey), 0);
}
#endif
return (pkp);
@@ -3882,7 +3951,7 @@ crypto_setup(void)
filename);
exit (-1);
}
- if (pinfo->pkey->type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pinfo->pkey) != EVP_PKEY_RSA) {
msyslog(LOG_ERR,
"crypto_setup: host key is not RSA key type");
exit (-1);