diff options
author | Chia-chi Yeh <chiachi@android.com> | 2011-07-07 03:20:34 -0700 |
---|---|---|
committer | Chia-chi Yeh <chiachi@android.com> | 2011-07-07 03:42:05 -0700 |
commit | e9fc376dc7e9ee22358b872c3eb2808fa42160f0 (patch) | |
tree | 3834c809e43ab43c8dd7d21d84d7e9b5a111cfec /src | |
parent | f8a6a7636d53a5730c58ae041e4e09ae12e1657c (diff) | |
download | ipsec-tools-e9fc376dc7e9ee22358b872c3eb2808fa42160f0.tar.gz |
ipsec-tools: Support IPSec RSA sessions again.
This change supports command-line usage and android service at
the same time. It also removes the access to native keystore.
Change-Id: Ia3d931b0ba8f83624d668de97c9dfc10280bef3b
Diffstat (limited to 'src')
-rw-r--r-- | src/racoon/crypto_openssl.c | 86 |
1 files changed, 48 insertions, 38 deletions
diff --git a/src/racoon/crypto_openssl.c b/src/racoon/crypto_openssl.c index f8a4db9..789b7b1 100644 --- a/src/racoon/crypto_openssl.c +++ b/src/racoon/crypto_openssl.c @@ -69,7 +69,6 @@ #else #define EVP_bf_cbc() NULL #define EVP_cast5_cbc() NULL -#include "keystore_get.h" #endif #include <openssl/err.h> #ifdef HAVE_OPENSSL_RC5_H @@ -461,18 +460,18 @@ eay_cmp_asn1dn(n1, n2) } #ifdef ANDROID_CHANGES -static BIO *BIO_from_keystore(char *key) + +#include "localconf.h" +static BIO *BIO_from_android(char *path) { - BIO *bio = NULL; - char value[KEYSTORE_MESSAGE_SIZE]; - int length = keystore_get(key, strlen(key), value); - if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL) { - BIO_write(bio, value, length); + void *data; + if (sscanf(path, lcconf->chroot, &data) == 1) { + return BIO_new_mem_buf(data, -1); } - return bio; + return NULL; } -#endif +#endif /* * this functions is derived from apps/verify.c in OpenSSL0.9.5 @@ -499,26 +498,9 @@ eay_check_x509cert(cert, CApath, CAfile, local) else X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote); -#ifndef ANDROID_CHANGES - lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); - if (lookup == NULL) - goto end; - - X509_LOOKUP_load_file(lookup, CAfile, - (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM); - - lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); - if (lookup == NULL) - goto end; - error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM); - if(!error) { - error = -1; - goto end; - } - error = -1; /* initialized */ -#else - if (CAfile) { - BIO *bio = BIO_from_keystore(CAfile); +#ifdef ANDROID_CHANGES + if (lcconf->chroot) { + BIO *bio = BIO_from_android(CApath); STACK_OF(X509_INFO) *stack; X509_INFO *info; int i; @@ -541,6 +523,25 @@ eay_check_x509cert(cert, CApath, CAfile, local) } } sk_X509_INFO_pop_free(stack, X509_INFO_free); + } else { +#endif + lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); + if (lookup == NULL) + goto end; + + X509_LOOKUP_load_file(lookup, CAfile, + (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM); + + lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); + if (lookup == NULL) + goto end; + error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM); + if(!error) { + error = -1; + goto end; + } + error = -1; /* initialized */ +#ifdef ANDROID_CHANGES } #endif @@ -955,19 +956,23 @@ eay_get_x509cert(path) int error; #ifdef ANDROID_CHANGES - BIO *bio = BIO_from_keystore(path); - x509 = NULL; - if (bio) { + if (lcconf->chroot) { + BIO *bio = BIO_from_android(path); + if (!bio) { + return NULL; + } x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); BIO_free(bio); - } -#else + } else { +#endif /* Read private key */ fp = fopen(path, "r"); if (fp == NULL) return NULL; x509 = PEM_read_X509(fp, NULL, NULL, NULL); fclose (fp); +#ifdef ANDROID_CHANGES + } #endif if (x509 == NULL) @@ -1057,12 +1062,15 @@ eay_get_pkcs1privkey(path) int error = -1; #ifdef ANDROID_CHANGES - BIO *bio = BIO_from_keystore(path); - if (bio) { + if (lcconf->chroot) { + BIO *bio = BIO_from_android(path); + if (!bio) { + return NULL; + } evp = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); BIO_free(bio); - } -#else + } else { +#endif /* Read private key */ fp = fopen(path, "r"); if (fp == NULL) @@ -1071,6 +1079,8 @@ eay_get_pkcs1privkey(path) evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL); fclose (fp); +#ifdef ANDROID_CHANGES + } #endif if (evp == NULL) |