[src/netbsd-3]: src/crypto/dist/ipsec-tools Pull up revision 1.22 (requested ...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/f41d0ca99842
branches:  netbsd-3
changeset: 576613:f41d0ca99842
user:      tron <tron%NetBSD.org@localhost>
date:      Tue Jul 12 17:42:26 2005 +0000

description:
Pull up revision 1.22 (requested by manu in ticket #584):
Add support for algorithms with non OpenSSL default key sizes.

diffstat:

 crypto/dist/ipsec-tools/ChangeLog                   |   6 ++
 crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c |  52 ++++++++++++++++++--
 2 files changed, 53 insertions(+), 5 deletions(-)

diffs (79 lines):

diff -r aa60406b61fa -r f41d0ca99842 crypto/dist/ipsec-tools/ChangeLog
--- a/crypto/dist/ipsec-tools/ChangeLog Tue Jul 12 17:41:07 2005 +0000
+++ b/crypto/dist/ipsec-tools/ChangeLog Tue Jul 12 17:42:26 2005 +0000
@@ -1,3 +1,9 @@
+2005-07-09  Yvan Vanhullebus  <vanhu%free.fr@localhost>
+
+       * src/racoon/crypto_openssl.c: Fixed evp_crypt when using crypto
+         algorithms with variable key size but not OpenSSL default key
+         size.
+
 2005-07-12  Emmanuel Dreyfus  <manu%netbsd.org@localhost>
 
        * src/racoon/samples/roadwarrior/client/{pahse1-up.sh|phase1-down.sh}:
diff -r aa60406b61fa -r f41d0ca99842 crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c
--- a/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c       Tue Jul 12 17:41:07 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c       Tue Jul 12 17:42:26 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: crypto_openssl.c,v 1.1.1.2.2.1 2005/04/21 16:51:40 tron Exp $  */
+/* $Id: crypto_openssl.c,v 1.1.1.2.2.2 2005/07/12 17:42:26 tron Exp $ */
 
 /* Id: crypto_openssl.c,v 1.40.4.1 2005/02/22 23:56:08 manubsd Exp */
 
@@ -1159,10 +1159,52 @@
 
        EVP_CIPHER_CTX_init(&ctx);
 
-       if (!EVP_CipherInit(&ctx, e, key->v, iv->v, enc)) {
-               OpenSSL_BUG();
-               vfree(res);
-               return NULL;
+       switch(EVP_CIPHER_nid(e)){
+       case NID_bf_cbc:
+       case NID_bf_ecb:
+       case NID_bf_cfb64:
+       case NID_bf_ofb64:
+       case NID_cast5_cbc:
+       case NID_cast5_ecb:
+       case NID_cast5_cfb64:
+       case NID_cast5_ofb64:
+               /* XXX: can we do that also for algos with a fixed key size ?
+                */
+               /* init context without key/iv
+          */
+         if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
+         {
+             OpenSSL_BUG();
+             vfree(res);
+             return NULL;
+         }
+               
+         /* update key size
+          */
+         if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
+         {
+             OpenSSL_BUG();
+             vfree(res);
+             return NULL;
+         }
+ 
+         /* finalize context init with desired key size
+          */
+         if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
+                                                       (u_char *) iv->v, enc))
+         {
+             OpenSSL_BUG();
+             vfree(res);
+             return NULL;
+               }
+               break;
+       default:
+               if (!EVP_CipherInit(&ctx, e, (u_char *) key->v, 
+                               (u_char *) iv->v, enc)) {
+                       OpenSSL_BUG();
+                       vfree(res);
+                       return NULL;
+               }
        }
        
        if (!EVP_Cipher(&ctx, res->v, data->v, data->l)) {