[src/trunk]: src/crypto/dist/ipsec-tools Add support for alrogithms with non ...

[manu <manu%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d360d41c7aa5
branches:  trunk
changeset: 582960:d360d41c7aa5
user:      manu <manu%NetBSD.org@localhost>
date:      Tue Jul 12 14:51:07 2005 +0000

description:
Add support for alrogithms with non OpenSSL default key sizes

diffstat:

 crypto/dist/ipsec-tools/ChangeLog                   |   6 ++
 crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c |  52 ++++++++++++++++++--
 2 files changed, 53 insertions(+), 5 deletions(-)

diffs (79 lines):

diff -r d299991efa1e -r d360d41c7aa5 crypto/dist/ipsec-tools/ChangeLog
--- a/crypto/dist/ipsec-tools/ChangeLog Tue Jul 12 14:15:39 2005 +0000
+++ b/crypto/dist/ipsec-tools/ChangeLog Tue Jul 12 14:51:07 2005 +0000
@@ -1,3 +1,9 @@
+2005-07-09  Yvan Vanhullebus  <vanhu%free.fr@localhost>
+
+       * src/racoon/crypto_openssl.c: Fixed evp_crypt when using crypto
+         algorithms with variable key size but not OpenSSL default key
+         size.
+
 2005-07-12  Emmanuel Dreyfus  <manu%netbsd.org@localhost>
 
        * src/racoon/pfkey.c: Set IKE ports to 0 in the SA when NAT-T is not
diff -r d299991efa1e -r d360d41c7aa5 crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c
--- a/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c       Tue Jul 12 14:15:39 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c       Tue Jul 12 14:51:07 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: crypto_openssl.c,v 1.2 2005/04/19 19:42:08 manu Exp $  */
+/* $Id: crypto_openssl.c,v 1.3 2005/07/12 14:51:07 manu Exp $ */
 
 /* Id: crypto_openssl.c,v 1.40.4.1 2005/02/22 23:56:08 manubsd Exp */
 
@@ -1159,10 +1159,52 @@
 
        EVP_CIPHER_CTX_init(&ctx);
 
-       if (!EVP_CipherInit(&ctx, e, key->v, iv->v, enc)) {
-               OpenSSL_BUG();
-               vfree(res);
-               return NULL;
+       switch(EVP_CIPHER_nid(e)){
+       case NID_bf_cbc:
+       case NID_bf_ecb:
+       case NID_bf_cfb64:
+       case NID_bf_ofb64:
+       case NID_cast5_cbc:
+       case NID_cast5_ecb:
+       case NID_cast5_cfb64:
+       case NID_cast5_ofb64:
+               /* XXX: can we do that also for algos with a fixed key size ?
+                */
+               /* init context without key/iv
+          */
+         if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
+         {
+             OpenSSL_BUG();
+             vfree(res);
+             return NULL;
+         }
+               
+         /* update key size
+          */
+         if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
+         {
+             OpenSSL_BUG();
+             vfree(res);
+             return NULL;
+         }
+ 
+         /* finalize context init with desired key size
+          */
+         if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
+                                                       (u_char *) iv->v, enc))
+         {
+             OpenSSL_BUG();
+             vfree(res);
+             return NULL;
+               }
+               break;
+       default:
+               if (!EVP_CipherInit(&ctx, e, (u_char *) key->v, 
+                               (u_char *) iv->v, enc)) {
+                       OpenSSL_BUG();
+                       vfree(res);
+                       return NULL;
+               }
        }
        
        if (!EVP_Cipher(&ctx, res->v, data->v, data->l)) {