X-Git-Url: http://git.tuebingen.mpg.de/?a=blobdiff_plain;f=openssl.c;h=f696cd9e83606bc4e6bdd89d666f0885575f1d9f;hb=HEAD;hp=32891cbb012b66c0eaf5b8ca56f2c4288cd3bb1b;hpb=5d72d5880a6bd319a8ce2bf7dd2e4921938c77c2;p=paraslash.git

diff --git a/openssl.c b/openssl.c
index 32891cbb..f696cd9e 100644
--- a/openssl.c
+++ b/openssl.c
@@ -11,6 +11,7 @@
 #include <openssl/sha.h>
 #include <openssl/bn.h>
 #include <openssl/aes.h>
+#include <openssl/evp.h>
 
 #include "para.h"
 #include "error.h"
@@ -36,12 +37,8 @@ void get_random_bytes_or_die(unsigned char *buf, int num)
 }
 
 /*
- * Read 64 bytes from /dev/urandom and add them to the SSL PRNG. Seed the PRNG
- * used by random(3) with a random seed obtained from SSL. If /dev/urandom is
- * not readable, the function calls exit().
- *
- * \sa RAND_load_file(3), \ref get_random_bytes_or_die(), srandom(3),
- * random(3), \ref para_random().
+ * Read 64 bytes from /dev/urandom and add them to the SSL PRNG. Then seed the
+ * PRNG used by random(3) with a random seed obtained from SSL.
  */
 void crypt_init(void)
 {
@@ -100,7 +97,7 @@ static int read_bignum(const unsigned char *buf, size_t len, BIGNUM **result)
 	return bnsize + 4;
 }
 
-static int read_rsa_bignums(const unsigned char *blob, int blen, RSA **result)
+static int read_public_key(const unsigned char *blob, int blen, RSA **result)
 {
 	int ret;
 	RSA *rsa;
@@ -152,7 +149,7 @@ bio_free:
 	return *rsa? RSA_size(*rsa) : -E_PRIVATE_KEY;
 }
 
-static int read_private_rsa_params(const unsigned char *blob,
+static int read_openssh_private_key(const unsigned char *blob,
 		const unsigned char *end, RSA **result)
 {
 	int ret;
@@ -219,11 +216,11 @@ static int read_private_rsa_params(const unsigned char *blob,
 	rsa->n = n;
 	rsa->e = e;
 	rsa->d = d;
+	rsa->iqmp = iqmp;
 	rsa->p = p;
 	rsa->q = q;
 	rsa->dmp1 = dmp1;
 	rsa->dmq1 = dmq1;
-	rsa->iqmp = iqmp;
 #endif
 	*result = rsa;
 	ret = 1;
@@ -270,7 +267,7 @@ static int get_private_key(const char *path, RSA **rsa)
 		if (ret < 0)
 			goto free_blob;
 		PARA_INFO_LOG("reading RSA params at offset %d\n", ret);
-		ret = read_private_rsa_params(blob + ret, end, rsa);
+		ret = read_openssh_private_key(blob + ret, end, rsa);
 	} else
 		ret = read_pem_private_key(path, rsa);
 free_blob:
@@ -283,34 +280,34 @@ int apc_get_pubkey(const char *key_file, struct asymmetric_key **result)
 	unsigned char *blob;
 	size_t decoded_size;
 	int ret;
-	struct asymmetric_key *key = para_malloc(sizeof(*key));
+	struct asymmetric_key *pub = alloc(sizeof(*pub));
 
 	ret = decode_public_key(key_file, &blob, &decoded_size);
 	if (ret < 0)
 		goto out;
-	ret = read_rsa_bignums(blob + ret, decoded_size - ret, &key->rsa);
+	ret = read_public_key(blob + ret, decoded_size - ret, &pub->rsa);
 	if (ret < 0)
 		goto free_blob;
-	ret = RSA_size(key->rsa);
+	ret = RSA_size(pub->rsa);
 	assert(ret > 0);
-	*result = key;
+	*result = pub;
 free_blob:
 	free(blob);
 out:
 	if (ret < 0) {
-		free(key);
+		free(pub);
 		*result = NULL;
 		PARA_ERROR_LOG("can not load key %s\n", key_file);
 	}
 	return ret;
 }
 
-void apc_free_pubkey(struct asymmetric_key *key)
+void apc_free_pubkey(struct asymmetric_key *pub)
 {
-	if (!key)
+	if (!pub)
 		return;
-	RSA_free(key->rsa);
-	free(key);
+	RSA_free(pub->rsa);
+	free(pub);
 }
 
 int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
@@ -324,7 +321,7 @@ int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
 		return ret;
 	if (inlen < 0)
 		return -E_RSA;
-	priv = para_malloc(sizeof(*priv));
+	priv = alloc(sizeof(*priv));
 	ret = get_private_key(key_file, &priv->rsa);
 	if (ret < 0) {
 		free(priv);
@@ -366,7 +363,7 @@ struct stream_cipher {
 
 struct stream_cipher *sc_new(const unsigned char *data, int len)
 {
-	struct stream_cipher *sc = para_malloc(sizeof(*sc));
+	struct stream_cipher *sc = alloc(sizeof(*sc));
 
 	assert(len >= 2 * AES_CRT128_BLOCK_SIZE);
 	sc->aes = EVP_CIPHER_CTX_new();
@@ -390,7 +387,7 @@ static void aes_ctr128_crypt(EVP_CIPHER_CTX *ctx, struct iovec *src,
 
 	*dst = (typeof(*dst)) {
 		/* Add one for the terminating zero byte. */
-		.iov_base = para_malloc(inlen + 1),
+		.iov_base = alloc(inlen + 1),
 		.iov_len = inlen
 	};
 	ret = EVP_EncryptUpdate(ctx, dst->iov_base, &outlen, src->iov_base, inlen);
@@ -409,16 +406,24 @@ void sc_crypt(struct stream_cipher *sc, struct iovec *src, struct iovec *dst)
 
 void hash_function(const char *data, unsigned long len, unsigned char *hash)
 {
-	SHA_CTX c;
-	SHA1_Init(&c);
-	SHA1_Update(&c, data, len);
-	SHA1_Final(hash, &c);
+	EVP_MD_CTX *c = EVP_MD_CTX_new();
+	int ret = EVP_DigestInit_ex(c, EVP_sha1(), NULL);
+	assert(ret != 0);
+	ret = EVP_DigestUpdate(c, data, len);
+	assert(ret != 0);
+	ret = EVP_DigestFinal_ex(c, hash, NULL);
+	assert(ret != 0);
+	EVP_MD_CTX_free(c);
 }
 
 void hash2_function(const char *data, unsigned long len, unsigned char *hash)
 {
-	SHA256_CTX c;
-	SHA256_Init(&c);
-	SHA256_Update(&c, data, len);
-	SHA256_Final(hash, &c);
+	EVP_MD_CTX *c = EVP_MD_CTX_new();
+	int ret = EVP_DigestInit_ex(c, EVP_sha256(), NULL);
+	assert(ret != 0);
+	ret = EVP_DigestUpdate(c, data, len);
+	assert(ret != 0);
+	ret = EVP_DigestFinal_ex(c, hash, NULL);
+	assert(ret != 0);
+	EVP_MD_CTX_free(c);
 }