diff -Naur ike/source/iked/conf.parse.yy ike_20.04/source/iked/conf.parse.yy--- ike/source/iked/conf.parse.yy 2013-04-03 09:10:43.000000000 +0200+++ ike_20.04/source/iked/conf.parse.yy 2020-05-26 23:24:15.728277611 +0200@@ -41,7 +41,7 @@ %skeleton "lalr1.cc" %defines-%define "parser_class_name" "conf_parser"+%define api.parser.class {conf_parser} %{ diff -Naur ike/source/iked/crypto.cpp ike_20.04/source/iked/crypto.cpp--- ike/source/iked/crypto.cpp 2012-12-11 07:56:33.000000000 +0100+++ ike_20.04/source/iked/crypto.cpp 2020-05-27 12:56:33.371836124 +0200@@ -376,9 +376,8 @@ if( dh == NULL ) return false; - dh->p = NULL;- dh->g = NULL;- dh->length = 0;+ DH_set0_pqg(dh, NULL, NULL, NULL);+ DH_set_length(dh,0); // // set p ( prime ) value@@ -387,49 +386,51 @@ unsigned char * p_data = NULL; size_t p_size = 0; - dh->p = BN_new();- if( dh->p == NULL )+ BIGNUM * const dh_p=BN_new();+ BIGNUM * const dh_g=BN_new();+ if( dh_p == NULL ) goto dh_failed;+ DH_set0_pqg(dh, dh_p, NULL, NULL); switch( group ) { case 1:- if( !BN_bin2bn( group1, sizeof( group1 ), dh->p ) )+ if( !BN_bin2bn( group1, sizeof( group1 ), dh_p ) ) goto dh_failed; break; case 2:- if( !BN_bin2bn( group2, sizeof( group2 ), dh->p ) )+ if( !BN_bin2bn( group2, sizeof( group2 ), dh_p ) ) goto dh_failed; break; case 5:- if( !BN_bin2bn( group5, sizeof( group5 ), dh->p ) )+ if( !BN_bin2bn( group5, sizeof( group5 ), dh_p ) ) goto dh_failed; break; case 14:- if( !BN_bin2bn( group14, sizeof( group14 ), dh->p ) )+ if( !BN_bin2bn( group14, sizeof( group14 ), dh_p ) ) goto dh_failed; break; case 15:- if( !BN_bin2bn( group15, sizeof( group15 ), dh->p ) )+ if( !BN_bin2bn( group15, sizeof( group15 ), dh_p ) ) goto dh_failed; break; case 16:- if( !BN_bin2bn( group16, sizeof( group16 ), dh->p ) )+ if( !BN_bin2bn( group16, sizeof( group16 ), dh_p ) ) goto dh_failed; break; case 17:- if( !BN_bin2bn( group17, sizeof( group17 ), dh->p ) )+ if( !BN_bin2bn( group17, sizeof( group17 ), dh_p ) ) goto dh_failed; break; case 18:- if( !BN_bin2bn( group18, sizeof( group18 ), dh->p ) )+ if( !BN_bin2bn( group18, sizeof( group18 ), dh_p ) ) goto dh_failed; break; @@ -441,11 +442,11 @@ // set g ( generator ) value // - dh->g = BN_new();- if( dh->g == NULL )+ if( dh_g == NULL ) goto dh_failed;+ DH_set0_pqg(dh, dh_p, NULL, dh_g); - if( !BN_set_word( dh->g, 2 ) )+ if( !BN_set_word( dh_g, 2 ) ) goto dh_failed; //@@ -456,7 +457,7 @@ goto dh_failed; *dh_data = dh;- *dh_size = BN_num_bytes( dh->p );+ *dh_size = BN_num_bytes( dh_p ); return true; diff -Naur ike/source/iked/ike.cpp ike_20.04/source/iked/ike.cpp--- ike/source/iked/ike.cpp 2009-02-12 03:35:43.000000000 +0100+++ ike_20.04/source/iked/ike.cpp 2020-05-27 12:57:15.320422858 +0200@@ -391,11 +391,10 @@ // init cipher key and iv // - EVP_CIPHER_CTX ctx_cipher;- EVP_CIPHER_CTX_init( &ctx_cipher );+ EVP_CIPHER_CTX *ctx_cipher=EVP_CIPHER_CTX_new(); EVP_CipherInit_ex(- &ctx_cipher,+ ctx_cipher, sa->evp_cipher, NULL, NULL,@@ -403,11 +402,11 @@ 0 ); EVP_CIPHER_CTX_set_key_length(- &ctx_cipher,+ ctx_cipher, ( int ) sa->key.size() ); EVP_CipherInit_ex(- &ctx_cipher,+ ctx_cipher, NULL, NULL, sa->key.buff(),@@ -419,12 +418,12 @@ // EVP_Cipher(- &ctx_cipher,+ ctx_cipher, data + sizeof( IKE_HEADER ), data + sizeof( IKE_HEADER ), ( int ) size - sizeof( IKE_HEADER ) ); - EVP_CIPHER_CTX_cleanup( &ctx_cipher );+ EVP_CIPHER_CTX_free( ctx_cipher ); log.bin( LLOG_DEBUG,@@ -595,11 +594,10 @@ // encrypt all but header // - EVP_CIPHER_CTX ctx_cipher;- EVP_CIPHER_CTX_init( &ctx_cipher );+ EVP_CIPHER_CTX *ctx_cipher=EVP_CIPHER_CTX_new(); EVP_CipherInit_ex(- &ctx_cipher,+ ctx_cipher, sa->evp_cipher, NULL, NULL,@@ -607,11 +605,11 @@ 1 ); EVP_CIPHER_CTX_set_key_length(- &ctx_cipher,+ ctx_cipher, ( int ) sa->key.size() ); EVP_CipherInit_ex(- &ctx_cipher,+ ctx_cipher, NULL, NULL, sa->key.buff(),@@ -619,12 +617,12 @@ 1 ); EVP_Cipher(- &ctx_cipher,+ ctx_cipher, data + sizeof( IKE_HEADER ), data + sizeof( IKE_HEADER ), ( int ) size - sizeof( IKE_HEADER ) ); - EVP_CIPHER_CTX_cleanup( &ctx_cipher );+ EVP_CIPHER_CTX_free( ctx_cipher ); // // store cipher iv datadiff -Naur ike/source/iked/ike.exch.config.cpp ike_20.04/source/iked/ike.exch.config.cpp--- ike/source/iked/ike.exch.config.cpp 2013-04-07 18:28:06.000000000 +0200+++ ike_20.04/source/iked/ike.exch.config.cpp 2020-05-27 12:57:45.824849957 +0200@@ -2481,15 +2481,14 @@ BDATA hash_c; hash_c.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, ( unsigned char * ) &msgid, 4 );- HMAC_Update( &ctx_prf, cfg->hda.buff(), cfg->hda.size() );- HMAC_Final( &ctx_prf, hash_c.buff(), NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, ( unsigned char * ) &msgid, 4 );+ HMAC_Update( ctx_prf, cfg->hda.buff(), cfg->hda.size() );+ HMAC_Final( ctx_prf, hash_c.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -2543,15 +2542,14 @@ // create message authentication hash // - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, ( unsigned char * ) &cfg->msgid, sizeof( cfg->msgid ) );- HMAC_Update( &ctx_prf, packet.buff() + beg, end - beg );- HMAC_Final( &ctx_prf, hash.buff(), 0 );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, ( unsigned char * ) &cfg->msgid, sizeof( cfg->msgid ) );+ HMAC_Update( ctx_prf, packet.buff() + beg, end - beg );+ HMAC_Final( ctx_prf, hash.buff(), 0 ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); memcpy( packet.buff() + off + 4, hash.buff(), hash.size() ); diff -Naur ike/source/iked/ike.exch.inform.cpp ike_20.04/source/iked/ike.exch.inform.cpp--- ike/source/iked/ike.exch.inform.cpp 2010-12-02 17:06:10.000000000 +0100+++ ike_20.04/source/iked/ike.exch.inform.cpp 2020-05-27 12:58:10.009188816 +0200@@ -399,15 +399,14 @@ BDATA hash_c; hash_c.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, ( unsigned char * ) &inform->msgid, 4 );- HMAC_Update( &ctx_prf, inform->hda.buff(), inform->hda.size() );- HMAC_Final( &ctx_prf, hash_c.buff(), NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, ( unsigned char * ) &inform->msgid, 4 );+ HMAC_Update( ctx_prf, inform->hda.buff(), inform->hda.size() );+ HMAC_Final( ctx_prf, hash_c.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -439,15 +438,14 @@ { inform->hash_l.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, ( unsigned char * ) &inform->msgid, sizeof( inform->msgid ) );- HMAC_Update( &ctx_prf, inform->hda.buff(), inform->hda.size() );- HMAC_Final( &ctx_prf, inform->hash_l.buff(), 0 );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, ( unsigned char * ) &inform->msgid, sizeof( inform->msgid ) );+ HMAC_Update( ctx_prf, inform->hda.buff(), inform->hda.size() );+ HMAC_Final( ctx_prf, inform->hash_l.buff(), 0 ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,diff -Naur ike/source/iked/ike.exch.phase1.cpp ike_20.04/source/iked/ike.exch.phase1.cpp--- ike/source/iked/ike.exch.phase1.cpp 2012-02-08 06:09:35.000000000 +0100+++ ike_20.04/source/iked/ike.exch.phase1.cpp 2020-05-27 12:59:36.458401704 +0200@@ -1044,14 +1044,13 @@ BDATA psk_hash; psk_hash.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, ph1->tunnel->peer->psk.buff(), ph1->tunnel->peer->psk.size() );- HMAC_Final( &ctx_prf, psk_hash.buff(), NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, ph1->tunnel->peer->psk.buff(), ph1->tunnel->peer->psk.size() );+ HMAC_Final( ctx_prf, psk_hash.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); // // add the notification payload@@ -1557,7 +1556,8 @@ { BDATA prv; prv.size( ph1->dh_size );- BN_bn2bin( ph1->dh->priv_key, prv.buff() );+ const BIGNUM *priv_key=DH_get0_priv_key((const DH*)ph1->dh);+ BN_bn2bin( priv_key, prv.buff() ); log.bin( LLOG_DECODE,@@ -1656,25 +1656,24 @@ case XAUTH_AUTH_INIT_PSK: case XAUTH_AUTH_RESP_PSK: {- HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->tunnel->peer->psk.buff(), ( int ) ph1->tunnel->peer->psk.size(), ph1->evp_hash, NULL );+ HMAC_Init_ex( ctx_prf, ph1->tunnel->peer->psk.buff(), ( int ) ph1->tunnel->peer->psk.size(), ph1->evp_hash, NULL ); if( ph1->initiator ) {- HMAC_Update( &ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );- HMAC_Update( &ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );+ HMAC_Update( ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );+ HMAC_Update( ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() ); } else {- HMAC_Update( &ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );- HMAC_Update( &ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );+ HMAC_Update( ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );+ HMAC_Update( ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() ); } - HMAC_Final( &ctx_prf, skeyid_data, NULL );+ HMAC_Final( ctx_prf, skeyid_data, NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); break; }@@ -1704,14 +1703,13 @@ nonce.add( ph1->nonce_l ); } - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, nonce.buff(), ( int ) nonce.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );- HMAC_Final( &ctx_prf, skeyid_data, NULL );+ HMAC_Init_ex( ctx_prf, nonce.buff(), ( int ) nonce.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );+ HMAC_Final( ctx_prf, skeyid_data, NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); break; } @@ -1730,15 +1728,14 @@ // compute SKEYID_d // - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, ( unsigned char * ) "\0", 1 );- HMAC_Final( &ctx_prf, skeyid_data, NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );+ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, ( unsigned char * ) "\0", 1 );+ HMAC_Final( ctx_prf, skeyid_data, NULL ); ph1->skeyid_d.set( skeyid_data, skeyid_size ); @@ -1753,13 +1750,13 @@ // compute SKEYID_a // - HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, skeyid_data, skeyid_size );- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, ( unsigned char * ) "\1", 1 );- HMAC_Final( &ctx_prf, skeyid_data, NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, skeyid_data, skeyid_size );+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );+ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, ( unsigned char * ) "\1", 1 );+ HMAC_Final( ctx_prf, skeyid_data, NULL ); ph1->skeyid_a.set( skeyid_data, skeyid_size ); @@ -1774,13 +1771,13 @@ // compute SKEYID_e // - HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, skeyid_data, skeyid_size );- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, ( unsigned char * ) "\2", 1 );- HMAC_Final( &ctx_prf, skeyid_data, NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, skeyid_data, skeyid_size );+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );+ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, ( unsigned char * ) "\2", 1 );+ HMAC_Final( ctx_prf, skeyid_data, NULL ); ph1->skeyid_e.set( skeyid_data, skeyid_size ); @@ -1821,15 +1818,15 @@ // create extended key data - HMAC_Init_ex( &ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, ( unsigned char * ) "\0", 1 );- HMAC_Final( &ctx_prf, key_data, NULL );+ HMAC_Init_ex( ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, ( unsigned char * ) "\0", 1 );+ HMAC_Final( ctx_prf, key_data, NULL ); for( long size = skeyid_size; size < key_size; size += skeyid_size ) {- HMAC_Init_ex( &ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, key_data + size - skeyid_size, skeyid_size );- HMAC_Final( &ctx_prf, key_data + size, NULL );+ HMAC_Init_ex( ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, key_data + size - skeyid_size, skeyid_size );+ HMAC_Final( ctx_prf, key_data + size, NULL ); } } else@@ -1839,7 +1836,7 @@ memcpy( key_data, skeyid_data, key_size ); } - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); if( proposal->ciph_kl ) key_size = ( proposal->ciph_kl + 7 ) / 8;@@ -1860,22 +1857,22 @@ unsigned char iv_data[ HMAC_MAX_MD_CBLOCK ]; unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher ); - EVP_MD_CTX ctx_hash;- EVP_DigestInit( &ctx_hash, ph1->evp_hash );+ EVP_MD_CTX *ctx_hash=EVP_MD_CTX_new();+ EVP_DigestInit( ctx_hash, ph1->evp_hash ); if( ph1->initiator ) {- EVP_DigestUpdate( &ctx_hash, ph1->xl.buff(), ph1->xl.size() );- EVP_DigestUpdate( &ctx_hash, ph1->xr.buff(), ph1->xr.size() );+ EVP_DigestUpdate( ctx_hash, ph1->xl.buff(), ph1->xl.size() );+ EVP_DigestUpdate( ctx_hash, ph1->xr.buff(), ph1->xr.size() ); } else {- EVP_DigestUpdate( &ctx_hash, ph1->xr.buff(), ph1->xr.size() );- EVP_DigestUpdate( &ctx_hash, ph1->xl.buff(), ph1->xl.size() );+ EVP_DigestUpdate( ctx_hash, ph1->xr.buff(), ph1->xr.size() );+ EVP_DigestUpdate( ctx_hash, ph1->xl.buff(), ph1->xl.size() ); } - EVP_DigestFinal( &ctx_hash, iv_data, NULL );- EVP_MD_CTX_cleanup( &ctx_hash );+ EVP_DigestFinal( ctx_hash, iv_data, NULL );+ EVP_MD_CTX_free(ctx_hash); ph1->iv.set( iv_data, iv_size ); @@ -1903,29 +1900,28 @@ hash.size( sa->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );+ HMAC_Init_ex( ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL ); if( sa->initiator ) {- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() ); } else {- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() ); } - HMAC_Update( &ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, sa->hda.buff(), sa->hda.size() );- HMAC_Update( &ctx_prf, sa->idi.buff(), sa->idi.size() );- HMAC_Final( &ctx_prf, hash.buff(), NULL );+ HMAC_Update( ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, sa->hda.buff(), sa->hda.size() );+ HMAC_Update( ctx_prf, sa->idi.buff(), sa->idi.size() );+ HMAC_Final( ctx_prf, hash.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -1945,29 +1941,28 @@ hash.size( sa->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );+ HMAC_Init_ex( ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL ); if( sa->initiator ) {- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() ); } else {- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() ); } - HMAC_Update( &ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, sa->hda.buff(), sa->hda.size() );- HMAC_Update( &ctx_prf, sa->idr.buff(), sa->idr.size() );- HMAC_Final( &ctx_prf, hash.buff(), NULL );+ HMAC_Update( ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, sa->hda.buff(), sa->hda.size() );+ HMAC_Update( ctx_prf, sa->idr.buff(), sa->idr.size() );+ HMAC_Final( ctx_prf, hash.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -2569,14 +2564,14 @@ // hash for remote address // - EVP_MD_CTX ctx_hash;- EVP_DigestInit( &ctx_hash, ph1->evp_hash );- EVP_DigestUpdate( &ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );- EVP_DigestUpdate( &ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_addr.s_addr, 4 );- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_port, 2 );- EVP_DigestFinal( &ctx_hash, natd.buff(), NULL );- EVP_MD_CTX_cleanup( &ctx_hash );+ EVP_MD_CTX *ctx_hash=EVP_MD_CTX_new();+ EVP_DigestInit( ctx_hash, ph1->evp_hash );+ EVP_DigestUpdate( ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );+ EVP_DigestUpdate( ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_addr.s_addr, 4 );+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_port, 2 );+ EVP_DigestFinal( ctx_hash, natd.buff(), NULL );+ EVP_MD_CTX_free( ctx_hash ); ph1->natd_hash_l.add( natd ); @@ -2585,13 +2580,14 @@ // hash for local address // - EVP_DigestInit( &ctx_hash, ph1->evp_hash );- EVP_DigestUpdate( &ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );- EVP_DigestUpdate( &ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_addr.s_addr, 4 );- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_port, 2 );- EVP_DigestFinal( &ctx_hash, natd.buff(), NULL );- EVP_MD_CTX_cleanup( &ctx_hash );+ ctx_hash=EVP_MD_CTX_new();+ EVP_DigestInit( ctx_hash, ph1->evp_hash );+ EVP_DigestUpdate( ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );+ EVP_DigestUpdate( ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_addr.s_addr, 4 );+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_port, 2 );+ EVP_DigestFinal( ctx_hash, natd.buff(), NULL );+ EVP_MD_CTX_free( ctx_hash ); ph1->natd_hash_l.add( natd ); diff -Naur ike/source/iked/ike.exch.phase2.cpp ike_20.04/source/iked/ike.exch.phase2.cpp--- ike/source/iked/ike.exch.phase2.cpp 2010-12-22 22:35:36.000000000 +0100+++ ike_20.04/source/iked/ike.exch.phase2.cpp 2020-05-27 13:00:18.350990285 +0200@@ -1008,14 +1008,13 @@ hash.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, input.buff(), input.size() );- HMAC_Final( &ctx_prf, hash.buff(), NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, input.buff(), input.size() );+ HMAC_Final( ctx_prf, hash.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -1048,14 +1047,13 @@ hash.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, input.buff(), input.size() );- HMAC_Final( &ctx_prf, hash.buff(), NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, input.buff(), input.size() );+ HMAC_Final( ctx_prf, hash.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -1093,14 +1091,13 @@ hash.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, input.buff(), input.size() );- HMAC_Final( &ctx_prf, hash.buff(), 0 );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, input.buff(), input.size() );+ HMAC_Final( ctx_prf, hash.buff(), 0 ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -1555,7 +1552,8 @@ { BDATA prv; prv.size( ph2->dh_size );- BN_bn2bin( ph2->dh->priv_key, prv.buff() );+ const BIGNUM *priv_key=DH_get0_priv_key((const DH*)ph2->dh);+ BN_bn2bin( priv_key, prv.buff() ); log.bin( LLOG_DECODE,@@ -1817,56 +1815,55 @@ // K3 = prf( SKEYID_d, K2 | [ g(qm)^xy | ] protocol | SPI | Ni_b | Nr_b ) // - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL ); if( ph2->dhgr_id )- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );+ HMAC_Update( ctx_prf, shared.buff(), shared.size() ); - HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->proto, 1 );- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->spi, 4 );+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->proto, 1 );+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->spi, 4 ); if( ph2->initiator ) {- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() ); } else {- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() ); } - HMAC_Final( &ctx_prf, key_data, NULL );+ HMAC_Final( ctx_prf, key_data, NULL ); for( long size = skeyid_size; size < key_size; size += skeyid_size ) {- HMAC_Init_ex( &ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, key_data + size - skeyid_size, skeyid_size );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, key_data + size - skeyid_size, skeyid_size ); if( ph2->dhgr_id )- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );+ HMAC_Update( ctx_prf, shared.buff(), shared.size() ); - HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->proto, 1 );- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->spi, 4 );+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->proto, 1 );+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->spi, 4 ); if( ph2->initiator ) {- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() ); } else {- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() ); } - HMAC_Final( &ctx_prf, key_data + size, 0 );+ HMAC_Final( ctx_prf, key_data + size, 0 ); } - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); // // separate encrypt and auth key datadiff -Naur ike/source/iked/ike.idb.exch.cpp ike_20.04/source/iked/ike.idb.exch.cpp--- ike/source/iked/ike.idb.exch.cpp 2011-01-15 23:09:32.000000000 +0100+++ ike_20.04/source/iked/ike.idb.exch.cpp 2020-05-27 13:00:32.111183721 +0200@@ -134,12 +134,12 @@ unsigned char iv_data[ EVP_MAX_MD_SIZE ]; unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher ); - EVP_MD_CTX ctx_hash;- EVP_DigestInit( &ctx_hash, ph1->evp_hash );- EVP_DigestUpdate( &ctx_hash, ph1->iv.buff(), ph1->iv.size() );- EVP_DigestUpdate( &ctx_hash, &msgid, 4 );- EVP_DigestFinal( &ctx_hash, iv_data, NULL );- EVP_MD_CTX_cleanup( &ctx_hash );+ EVP_MD_CTX *ctx_hash=EVP_MD_CTX_new();+ EVP_DigestInit( ctx_hash, ph1->evp_hash );+ EVP_DigestUpdate( ctx_hash, ph1->iv.buff(), ph1->iv.size() );+ EVP_DigestUpdate( ctx_hash, &msgid, 4 );+ EVP_DigestFinal( ctx_hash, iv_data, NULL );+ EVP_MD_CTX_free( ctx_hash ); iv.set( iv_data, iv_size ); diff -Naur ike/source/iked/ike.idb.phase1.cpp ike_20.04/source/iked/ike.idb.phase1.cpp--- ike/source/iked/ike.idb.phase1.cpp 2011-02-01 08:21:32.000000000 +0100+++ ike_20.04/source/iked/ike.idb.phase1.cpp 2020-05-27 13:01:15.195789694 +0200@@ -676,7 +676,8 @@ } xl.size( dh_size );- long result = BN_bn2bin( dh->pub_key, xl.buff() );+ const BIGNUM *pub_key=DH_get0_pub_key(dh);+ long result = BN_bn2bin( pub_key, xl.buff() ); // // fixup public buffer alignmentdiff -Naur ike/source/iked/ike.idb.phase2.cpp ike_20.04/source/iked/ike.idb.phase2.cpp--- ike/source/iked/ike.idb.phase2.cpp 2012-11-20 00:28:52.000000000 +0100+++ ike_20.04/source/iked/ike.idb.phase2.cpp 2020-05-27 13:01:39.992138660 +0200@@ -438,7 +438,8 @@ } xl.size( dh_size );- long result = BN_bn2bin( dh->pub_key, xl.buff() );+ const BIGNUM *pub_key=DH_get0_pub_key(dh);+ long result = BN_bn2bin( pub_key, xl.buff() ); // // fixup public buffer alignmentdiff -Naur ike/source/iked/ike.keyfile.cpp ike_20.04/source/iked/ike.keyfile.cpp--- ike/source/iked/ike.keyfile.cpp 2012-12-15 23:14:32.000000000 +0100+++ ike_20.04/source/iked/ike.keyfile.cpp 2020-05-27 13:02:20.288706071 +0200@@ -664,14 +664,17 @@ long ll = LLOG_ERROR; char name[ 512 ]; - X509_NAME * x509_name = X509_get_subject_name( store_ctx->current_cert );+ X509 *current_cert=X509_STORE_CTX_get_current_cert(store_ctx);+ X509_NAME * x509_name = X509_get_subject_name( current_cert ); X509_NAME_oneline( x509_name, name, 512 ); - switch( store_ctx->error )+ int error=X509_STORE_CTX_get_error(store_ctx);+ int error_depth=X509_STORE_CTX_get_error_depth(store_ctx);+ switch( error ) { case X509_V_ERR_UNABLE_TO_GET_CRL: ok = 1;@@ -683,9 +686,9 @@ ll, "ii : %s(%d) at depth:%d\n" "ii : subject :%s\n",- X509_verify_cert_error_string( store_ctx->error ),- store_ctx->error,- store_ctx->error_depth,+ X509_verify_cert_error_string( error ),+ error,+ error_depth, name ); } @@ -857,7 +860,8 @@ if( evp_pkey == NULL ) return false; - bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );+ RSA *pkr=EVP_PKEY_get0_RSA(evp_pkey);+ bool converted = prvkey_rsa_2_bdata( prvkey, pkr ); EVP_PKEY_free( evp_pkey ); return converted;@@ -883,7 +887,8 @@ if( evp_pkey == NULL ) return false; - bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );+ RSA *pkr=EVP_PKEY_get0_RSA(evp_pkey);+ bool converted = prvkey_rsa_2_bdata( prvkey, pkr ); EVP_PKEY_free( evp_pkey ); return converted;@@ -939,7 +944,8 @@ if( evp_pkey == NULL ) return false; - bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );+ RSA *pkr=EVP_PKEY_get0_RSA(evp_pkey);+ bool converted = prvkey_rsa_2_bdata( prvkey, pkr ); EVP_PKEY_free( evp_pkey ); return converted;@@ -976,7 +982,8 @@ if( evp_pkey == NULL ) return false; - bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );+ RSA *pkr=EVP_PKEY_get0_RSA(evp_pkey);+ bool converted = prvkey_rsa_2_bdata( prvkey, pkr ); EVP_PKEY_free( evp_pkey ); return converted;@@ -1010,7 +1017,8 @@ if( evp_pkey == NULL ) return false; - bool result = pubkey_rsa_2_bdata( pubkey, evp_pkey->pkey.rsa );+ RSA *pkr=EVP_PKEY_get0_RSA(evp_pkey);+ bool result = pubkey_rsa_2_bdata( pubkey, pkr ); EVP_PKEY_free( evp_pkey ); diff -Naur ike/source/libike/manager.file.cpp ike_20.04/source/libike/manager.file.cpp--- ike/source/libike/manager.file.cpp 2011-02-06 17:40:00.000000000 +0100+++ ike_20.04/source/libike/manager.file.cpp 2020-05-27 13:03:49.197959204 +0200@@ -679,11 +679,10 @@ BDATA pwd; data.get( pwd ); - EVP_CIPHER_CTX ctx_cipher;- EVP_CIPHER_CTX_init( &ctx_cipher );+ EVP_CIPHER_CTX *ctx_cipher=EVP_CIPHER_CTX_new(); EVP_CipherInit_ex(- &ctx_cipher,+ ctx_cipher, EVP_des_ede3_cbc(), NULL, key,@@ -691,11 +690,13 @@ 0 ); EVP_Cipher(- &ctx_cipher,+ ctx_cipher, pwd.buff(), pwd.buff(), ( unsigned int ) pwd.size() ); + EVP_CIPHER_CTX_free(ctx_cipher);+ pwlen -= pwd.buff()[ pwd.size() - 1 ]; pwd.size( pwlen );