IKE for Ubuntu 20.04 LTS
DISCLAIMER! This is my personal procedure that worked for me and my system. I do not take any responsibility if in your case this does not work or causes any damage. Apply this patch only under your responsibility and at your own risk.
DISCLAIMER! This is my personal procedure that worked for me and my system. I do not take any responsibility if in your case this does not work or causes any damage. Apply this patch only under your responsibility and at your own risk.
Procedure to recompile, install and run ike software for Ubuntu 20.04 LTS. Note that this procedure is only for terminal use (ikec and iked) not for gui apps (qikec and qikea).
Procedure to recompile, install and run ike software for Ubuntu 20.04 LTS. Note that this procedure is only for terminal use (ikec and iked) not for gui apps (qikec and qikea).
...open terminal and digit...
...open terminal and digit...
> wget https://www.shrew.net/download/ike/ike-2.2.1-release.tbz2
> sudo tar jxpvf ike-2.2.1-release.tbz2
> cd ike
...copy in this directory ike.patch file (copy below) ...
...copy in this directory ike.patch file (copy below) ...
> patch -p1 < ike.patch
> sudo apt-get install build-essential libssl-dev libaudio-dev libcups2-dev cmake libedit-dev g++
...now recompile with NO-GUI directive...
...now recompile with NO-GUI directive...
> cmake -DCMAKE_INSTALL_PREFIX=/usr -DQTGUI=NO -DETCDIR=/etc -DNATT=YES
> make
> sudo make install
> sudo iked
...check if yourServer.vpn file is present under your "~/.ike/sites/" directory. If no copy it without .vpn extension (like this: ~/.ike/sites/yourServer)
...check if yourServer.vpn file is present under your "~/.ike/sites/" directory. If no copy it without .vpn extension (like this: ~/.ike/sites/yourServer)
> ikec -r yourServer -a
...If all goes well, you should see at the end.....
...If all goes well, you should see at the end.....
"ii : tunnel enabled"
ike.patch
ike.patch
diff -Naur ike/source/iked/conf.parse.yy ike_20.04/source/iked/conf.parse.yy--- ike/source/iked/conf.parse.yy 2013-04-03 09:10:43.000000000 +0200+++ ike_20.04/source/iked/conf.parse.yy 2020-05-26 23:24:15.728277611 +0200@@ -41,7 +41,7 @@ %skeleton "lalr1.cc" %defines-%define "parser_class_name" "conf_parser"+%define api.parser.class {conf_parser} %{ diff -Naur ike/source/iked/crypto.cpp ike_20.04/source/iked/crypto.cpp--- ike/source/iked/crypto.cpp 2012-12-11 07:56:33.000000000 +0100+++ ike_20.04/source/iked/crypto.cpp 2020-05-27 12:56:33.371836124 +0200@@ -376,9 +376,8 @@ if( dh == NULL ) return false; - dh->p = NULL;- dh->g = NULL;- dh->length = 0;+ DH_set0_pqg(dh, NULL, NULL, NULL);+ DH_set_length(dh,0); // // set p ( prime ) value@@ -387,49 +386,51 @@ unsigned char * p_data = NULL; size_t p_size = 0; - dh->p = BN_new();- if( dh->p == NULL )+ BIGNUM * const dh_p=BN_new();+ BIGNUM * const dh_g=BN_new();+ if( dh_p == NULL ) goto dh_failed;+ DH_set0_pqg(dh, dh_p, NULL, NULL); switch( group ) { case 1:- if( !BN_bin2bn( group1, sizeof( group1 ), dh->p ) )+ if( !BN_bin2bn( group1, sizeof( group1 ), dh_p ) ) goto dh_failed; break; case 2:- if( !BN_bin2bn( group2, sizeof( group2 ), dh->p ) )+ if( !BN_bin2bn( group2, sizeof( group2 ), dh_p ) ) goto dh_failed; break; case 5:- if( !BN_bin2bn( group5, sizeof( group5 ), dh->p ) )+ if( !BN_bin2bn( group5, sizeof( group5 ), dh_p ) ) goto dh_failed; break; case 14:- if( !BN_bin2bn( group14, sizeof( group14 ), dh->p ) )+ if( !BN_bin2bn( group14, sizeof( group14 ), dh_p ) ) goto dh_failed; break; case 15:- if( !BN_bin2bn( group15, sizeof( group15 ), dh->p ) )+ if( !BN_bin2bn( group15, sizeof( group15 ), dh_p ) ) goto dh_failed; break; case 16:- if( !BN_bin2bn( group16, sizeof( group16 ), dh->p ) )+ if( !BN_bin2bn( group16, sizeof( group16 ), dh_p ) ) goto dh_failed; break; case 17:- if( !BN_bin2bn( group17, sizeof( group17 ), dh->p ) )+ if( !BN_bin2bn( group17, sizeof( group17 ), dh_p ) ) goto dh_failed; break; case 18:- if( !BN_bin2bn( group18, sizeof( group18 ), dh->p ) )+ if( !BN_bin2bn( group18, sizeof( group18 ), dh_p ) ) goto dh_failed; break; @@ -441,11 +442,11 @@ // set g ( generator ) value // - dh->g = BN_new();- if( dh->g == NULL )+ if( dh_g == NULL ) goto dh_failed;+ DH_set0_pqg(dh, dh_p, NULL, dh_g); - if( !BN_set_word( dh->g, 2 ) )+ if( !BN_set_word( dh_g, 2 ) ) goto dh_failed; //@@ -456,7 +457,7 @@ goto dh_failed; *dh_data = dh;- *dh_size = BN_num_bytes( dh->p );+ *dh_size = BN_num_bytes( dh_p ); return true; diff -Naur ike/source/iked/ike.cpp ike_20.04/source/iked/ike.cpp--- ike/source/iked/ike.cpp 2009-02-12 03:35:43.000000000 +0100+++ ike_20.04/source/iked/ike.cpp 2020-05-27 12:57:15.320422858 +0200@@ -391,11 +391,10 @@ // init cipher key and iv // - EVP_CIPHER_CTX ctx_cipher;- EVP_CIPHER_CTX_init( &ctx_cipher );+ EVP_CIPHER_CTX *ctx_cipher=EVP_CIPHER_CTX_new(); EVP_CipherInit_ex(- &ctx_cipher,+ ctx_cipher, sa->evp_cipher, NULL, NULL,@@ -403,11 +402,11 @@ 0 ); EVP_CIPHER_CTX_set_key_length(- &ctx_cipher,+ ctx_cipher, ( int ) sa->key.size() ); EVP_CipherInit_ex(- &ctx_cipher,+ ctx_cipher, NULL, NULL, sa->key.buff(),@@ -419,12 +418,12 @@ // EVP_Cipher(- &ctx_cipher,+ ctx_cipher, data + sizeof( IKE_HEADER ), data + sizeof( IKE_HEADER ), ( int ) size - sizeof( IKE_HEADER ) ); - EVP_CIPHER_CTX_cleanup( &ctx_cipher );+ EVP_CIPHER_CTX_free( ctx_cipher ); log.bin( LLOG_DEBUG,@@ -595,11 +594,10 @@ // encrypt all but header // - EVP_CIPHER_CTX ctx_cipher;- EVP_CIPHER_CTX_init( &ctx_cipher );+ EVP_CIPHER_CTX *ctx_cipher=EVP_CIPHER_CTX_new(); EVP_CipherInit_ex(- &ctx_cipher,+ ctx_cipher, sa->evp_cipher, NULL, NULL,@@ -607,11 +605,11 @@ 1 ); EVP_CIPHER_CTX_set_key_length(- &ctx_cipher,+ ctx_cipher, ( int ) sa->key.size() ); EVP_CipherInit_ex(- &ctx_cipher,+ ctx_cipher, NULL, NULL, sa->key.buff(),@@ -619,12 +617,12 @@ 1 ); EVP_Cipher(- &ctx_cipher,+ ctx_cipher, data + sizeof( IKE_HEADER ), data + sizeof( IKE_HEADER ), ( int ) size - sizeof( IKE_HEADER ) ); - EVP_CIPHER_CTX_cleanup( &ctx_cipher );+ EVP_CIPHER_CTX_free( ctx_cipher ); // // store cipher iv datadiff -Naur ike/source/iked/ike.exch.config.cpp ike_20.04/source/iked/ike.exch.config.cpp--- ike/source/iked/ike.exch.config.cpp 2013-04-07 18:28:06.000000000 +0200+++ ike_20.04/source/iked/ike.exch.config.cpp 2020-05-27 12:57:45.824849957 +0200@@ -2481,15 +2481,14 @@ BDATA hash_c; hash_c.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, ( unsigned char * ) &msgid, 4 );- HMAC_Update( &ctx_prf, cfg->hda.buff(), cfg->hda.size() );- HMAC_Final( &ctx_prf, hash_c.buff(), NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, ( unsigned char * ) &msgid, 4 );+ HMAC_Update( ctx_prf, cfg->hda.buff(), cfg->hda.size() );+ HMAC_Final( ctx_prf, hash_c.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -2543,15 +2542,14 @@ // create message authentication hash // - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, ( unsigned char * ) &cfg->msgid, sizeof( cfg->msgid ) );- HMAC_Update( &ctx_prf, packet.buff() + beg, end - beg );- HMAC_Final( &ctx_prf, hash.buff(), 0 );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, ( unsigned char * ) &cfg->msgid, sizeof( cfg->msgid ) );+ HMAC_Update( ctx_prf, packet.buff() + beg, end - beg );+ HMAC_Final( ctx_prf, hash.buff(), 0 ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); memcpy( packet.buff() + off + 4, hash.buff(), hash.size() ); diff -Naur ike/source/iked/ike.exch.inform.cpp ike_20.04/source/iked/ike.exch.inform.cpp--- ike/source/iked/ike.exch.inform.cpp 2010-12-02 17:06:10.000000000 +0100+++ ike_20.04/source/iked/ike.exch.inform.cpp 2020-05-27 12:58:10.009188816 +0200@@ -399,15 +399,14 @@ BDATA hash_c; hash_c.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, ( unsigned char * ) &inform->msgid, 4 );- HMAC_Update( &ctx_prf, inform->hda.buff(), inform->hda.size() );- HMAC_Final( &ctx_prf, hash_c.buff(), NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, ( unsigned char * ) &inform->msgid, 4 );+ HMAC_Update( ctx_prf, inform->hda.buff(), inform->hda.size() );+ HMAC_Final( ctx_prf, hash_c.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -439,15 +438,14 @@ { inform->hash_l.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, ( unsigned char * ) &inform->msgid, sizeof( inform->msgid ) );- HMAC_Update( &ctx_prf, inform->hda.buff(), inform->hda.size() );- HMAC_Final( &ctx_prf, inform->hash_l.buff(), 0 );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, ( unsigned char * ) &inform->msgid, sizeof( inform->msgid ) );+ HMAC_Update( ctx_prf, inform->hda.buff(), inform->hda.size() );+ HMAC_Final( ctx_prf, inform->hash_l.buff(), 0 ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,diff -Naur ike/source/iked/ike.exch.phase1.cpp ike_20.04/source/iked/ike.exch.phase1.cpp--- ike/source/iked/ike.exch.phase1.cpp 2012-02-08 06:09:35.000000000 +0100+++ ike_20.04/source/iked/ike.exch.phase1.cpp 2020-05-27 12:59:36.458401704 +0200@@ -1044,14 +1044,13 @@ BDATA psk_hash; psk_hash.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, ph1->tunnel->peer->psk.buff(), ph1->tunnel->peer->psk.size() );- HMAC_Final( &ctx_prf, psk_hash.buff(), NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, ph1->tunnel->peer->psk.buff(), ph1->tunnel->peer->psk.size() );+ HMAC_Final( ctx_prf, psk_hash.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); // // add the notification payload@@ -1557,7 +1556,8 @@ { BDATA prv; prv.size( ph1->dh_size );- BN_bn2bin( ph1->dh->priv_key, prv.buff() );+ const BIGNUM *priv_key=DH_get0_priv_key((const DH*)ph1->dh);+ BN_bn2bin( priv_key, prv.buff() ); log.bin( LLOG_DECODE,@@ -1656,25 +1656,24 @@ case XAUTH_AUTH_INIT_PSK: case XAUTH_AUTH_RESP_PSK: {- HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->tunnel->peer->psk.buff(), ( int ) ph1->tunnel->peer->psk.size(), ph1->evp_hash, NULL );+ HMAC_Init_ex( ctx_prf, ph1->tunnel->peer->psk.buff(), ( int ) ph1->tunnel->peer->psk.size(), ph1->evp_hash, NULL ); if( ph1->initiator ) {- HMAC_Update( &ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );- HMAC_Update( &ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );+ HMAC_Update( ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );+ HMAC_Update( ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() ); } else {- HMAC_Update( &ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );- HMAC_Update( &ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );+ HMAC_Update( ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );+ HMAC_Update( ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() ); } - HMAC_Final( &ctx_prf, skeyid_data, NULL );+ HMAC_Final( ctx_prf, skeyid_data, NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); break; }@@ -1704,14 +1703,13 @@ nonce.add( ph1->nonce_l ); } - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, nonce.buff(), ( int ) nonce.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );- HMAC_Final( &ctx_prf, skeyid_data, NULL );+ HMAC_Init_ex( ctx_prf, nonce.buff(), ( int ) nonce.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );+ HMAC_Final( ctx_prf, skeyid_data, NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); break; } @@ -1730,15 +1728,14 @@ // compute SKEYID_d // - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, ( unsigned char * ) "\0", 1 );- HMAC_Final( &ctx_prf, skeyid_data, NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );+ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, ( unsigned char * ) "\0", 1 );+ HMAC_Final( ctx_prf, skeyid_data, NULL ); ph1->skeyid_d.set( skeyid_data, skeyid_size ); @@ -1753,13 +1750,13 @@ // compute SKEYID_a // - HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, skeyid_data, skeyid_size );- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, ( unsigned char * ) "\1", 1 );- HMAC_Final( &ctx_prf, skeyid_data, NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, skeyid_data, skeyid_size );+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );+ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, ( unsigned char * ) "\1", 1 );+ HMAC_Final( ctx_prf, skeyid_data, NULL ); ph1->skeyid_a.set( skeyid_data, skeyid_size ); @@ -1774,13 +1771,13 @@ // compute SKEYID_e // - HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, skeyid_data, skeyid_size );- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, ( unsigned char * ) "\2", 1 );- HMAC_Final( &ctx_prf, skeyid_data, NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, skeyid_data, skeyid_size );+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );+ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, ( unsigned char * ) "\2", 1 );+ HMAC_Final( ctx_prf, skeyid_data, NULL ); ph1->skeyid_e.set( skeyid_data, skeyid_size ); @@ -1821,15 +1818,15 @@ // create extended key data - HMAC_Init_ex( &ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, ( unsigned char * ) "\0", 1 );- HMAC_Final( &ctx_prf, key_data, NULL );+ HMAC_Init_ex( ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, ( unsigned char * ) "\0", 1 );+ HMAC_Final( ctx_prf, key_data, NULL ); for( long size = skeyid_size; size < key_size; size += skeyid_size ) {- HMAC_Init_ex( &ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, key_data + size - skeyid_size, skeyid_size );- HMAC_Final( &ctx_prf, key_data + size, NULL );+ HMAC_Init_ex( ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, key_data + size - skeyid_size, skeyid_size );+ HMAC_Final( ctx_prf, key_data + size, NULL ); } } else@@ -1839,7 +1836,7 @@ memcpy( key_data, skeyid_data, key_size ); } - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); if( proposal->ciph_kl ) key_size = ( proposal->ciph_kl + 7 ) / 8;@@ -1860,22 +1857,22 @@ unsigned char iv_data[ HMAC_MAX_MD_CBLOCK ]; unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher ); - EVP_MD_CTX ctx_hash;- EVP_DigestInit( &ctx_hash, ph1->evp_hash );+ EVP_MD_CTX *ctx_hash=EVP_MD_CTX_new();+ EVP_DigestInit( ctx_hash, ph1->evp_hash ); if( ph1->initiator ) {- EVP_DigestUpdate( &ctx_hash, ph1->xl.buff(), ph1->xl.size() );- EVP_DigestUpdate( &ctx_hash, ph1->xr.buff(), ph1->xr.size() );+ EVP_DigestUpdate( ctx_hash, ph1->xl.buff(), ph1->xl.size() );+ EVP_DigestUpdate( ctx_hash, ph1->xr.buff(), ph1->xr.size() ); } else {- EVP_DigestUpdate( &ctx_hash, ph1->xr.buff(), ph1->xr.size() );- EVP_DigestUpdate( &ctx_hash, ph1->xl.buff(), ph1->xl.size() );+ EVP_DigestUpdate( ctx_hash, ph1->xr.buff(), ph1->xr.size() );+ EVP_DigestUpdate( ctx_hash, ph1->xl.buff(), ph1->xl.size() ); } - EVP_DigestFinal( &ctx_hash, iv_data, NULL );- EVP_MD_CTX_cleanup( &ctx_hash );+ EVP_DigestFinal( ctx_hash, iv_data, NULL );+ EVP_MD_CTX_free(ctx_hash); ph1->iv.set( iv_data, iv_size ); @@ -1903,29 +1900,28 @@ hash.size( sa->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );+ HMAC_Init_ex( ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL ); if( sa->initiator ) {- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() ); } else {- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() ); } - HMAC_Update( &ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, sa->hda.buff(), sa->hda.size() );- HMAC_Update( &ctx_prf, sa->idi.buff(), sa->idi.size() );- HMAC_Final( &ctx_prf, hash.buff(), NULL );+ HMAC_Update( ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, sa->hda.buff(), sa->hda.size() );+ HMAC_Update( ctx_prf, sa->idi.buff(), sa->idi.size() );+ HMAC_Final( ctx_prf, hash.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -1945,29 +1941,28 @@ hash.size( sa->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );+ HMAC_Init_ex( ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL ); if( sa->initiator ) {- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() ); } else {- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() ); } - HMAC_Update( &ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );- HMAC_Update( &ctx_prf, sa->hda.buff(), sa->hda.size() );- HMAC_Update( &ctx_prf, sa->idr.buff(), sa->idr.size() );- HMAC_Final( &ctx_prf, hash.buff(), NULL );+ HMAC_Update( ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );+ HMAC_Update( ctx_prf, sa->hda.buff(), sa->hda.size() );+ HMAC_Update( ctx_prf, sa->idr.buff(), sa->idr.size() );+ HMAC_Final( ctx_prf, hash.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -2569,14 +2564,14 @@ // hash for remote address // - EVP_MD_CTX ctx_hash;- EVP_DigestInit( &ctx_hash, ph1->evp_hash );- EVP_DigestUpdate( &ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );- EVP_DigestUpdate( &ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_addr.s_addr, 4 );- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_port, 2 );- EVP_DigestFinal( &ctx_hash, natd.buff(), NULL );- EVP_MD_CTX_cleanup( &ctx_hash );+ EVP_MD_CTX *ctx_hash=EVP_MD_CTX_new();+ EVP_DigestInit( ctx_hash, ph1->evp_hash );+ EVP_DigestUpdate( ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );+ EVP_DigestUpdate( ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_addr.s_addr, 4 );+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_port, 2 );+ EVP_DigestFinal( ctx_hash, natd.buff(), NULL );+ EVP_MD_CTX_free( ctx_hash ); ph1->natd_hash_l.add( natd ); @@ -2585,13 +2580,14 @@ // hash for local address // - EVP_DigestInit( &ctx_hash, ph1->evp_hash );- EVP_DigestUpdate( &ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );- EVP_DigestUpdate( &ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_addr.s_addr, 4 );- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_port, 2 );- EVP_DigestFinal( &ctx_hash, natd.buff(), NULL );- EVP_MD_CTX_cleanup( &ctx_hash );+ ctx_hash=EVP_MD_CTX_new();+ EVP_DigestInit( ctx_hash, ph1->evp_hash );+ EVP_DigestUpdate( ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );+ EVP_DigestUpdate( ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_addr.s_addr, 4 );+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_port, 2 );+ EVP_DigestFinal( ctx_hash, natd.buff(), NULL );+ EVP_MD_CTX_free( ctx_hash ); ph1->natd_hash_l.add( natd ); diff -Naur ike/source/iked/ike.exch.phase2.cpp ike_20.04/source/iked/ike.exch.phase2.cpp--- ike/source/iked/ike.exch.phase2.cpp 2010-12-22 22:35:36.000000000 +0100+++ ike_20.04/source/iked/ike.exch.phase2.cpp 2020-05-27 13:00:18.350990285 +0200@@ -1008,14 +1008,13 @@ hash.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, input.buff(), input.size() );- HMAC_Final( &ctx_prf, hash.buff(), NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, input.buff(), input.size() );+ HMAC_Final( ctx_prf, hash.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -1048,14 +1047,13 @@ hash.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, input.buff(), input.size() );- HMAC_Final( &ctx_prf, hash.buff(), NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, input.buff(), input.size() );+ HMAC_Final( ctx_prf, hash.buff(), NULL ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -1093,14 +1091,13 @@ hash.size( ph1->hash_size ); - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, input.buff(), input.size() );- HMAC_Final( &ctx_prf, hash.buff(), 0 );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, input.buff(), input.size() );+ HMAC_Final( ctx_prf, hash.buff(), 0 ); - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); log.bin( LLOG_DEBUG,@@ -1555,7 +1552,8 @@ { BDATA prv; prv.size( ph2->dh_size );- BN_bn2bin( ph2->dh->priv_key, prv.buff() );+ const BIGNUM *priv_key=DH_get0_priv_key((const DH*)ph2->dh);+ BN_bn2bin( priv_key, prv.buff() ); log.bin( LLOG_DECODE,@@ -1817,56 +1815,55 @@ // K3 = prf( SKEYID_d, K2 | [ g(qm)^xy | ] protocol | SPI | Ni_b | Nr_b ) // - HMAC_CTX ctx_prf;- HMAC_CTX_init( &ctx_prf );+ HMAC_CTX *ctx_prf=HMAC_CTX_new(); - HMAC_Init_ex( &ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL ); if( ph2->dhgr_id )- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );+ HMAC_Update( ctx_prf, shared.buff(), shared.size() ); - HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->proto, 1 );- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->spi, 4 );+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->proto, 1 );+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->spi, 4 ); if( ph2->initiator ) {- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() ); } else {- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() ); } - HMAC_Final( &ctx_prf, key_data, NULL );+ HMAC_Final( ctx_prf, key_data, NULL ); for( long size = skeyid_size; size < key_size; size += skeyid_size ) {- HMAC_Init_ex( &ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );- HMAC_Update( &ctx_prf, key_data + size - skeyid_size, skeyid_size );+ HMAC_Init_ex( ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );+ HMAC_Update( ctx_prf, key_data + size - skeyid_size, skeyid_size ); if( ph2->dhgr_id )- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );+ HMAC_Update( ctx_prf, shared.buff(), shared.size() ); - HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->proto, 1 );- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->spi, 4 );+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->proto, 1 );+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->spi, 4 ); if( ph2->initiator ) {- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() ); } else {- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() ); } - HMAC_Final( &ctx_prf, key_data + size, 0 );+ HMAC_Final( ctx_prf, key_data + size, 0 ); } - HMAC_CTX_cleanup( &ctx_prf );+ HMAC_CTX_free(ctx_prf); // // separate encrypt and auth key datadiff -Naur ike/source/iked/ike.idb.exch.cpp ike_20.04/source/iked/ike.idb.exch.cpp--- ike/source/iked/ike.idb.exch.cpp 2011-01-15 23:09:32.000000000 +0100+++ ike_20.04/source/iked/ike.idb.exch.cpp 2020-05-27 13:00:32.111183721 +0200@@ -134,12 +134,12 @@ unsigned char iv_data[ EVP_MAX_MD_SIZE ]; unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher ); - EVP_MD_CTX ctx_hash;- EVP_DigestInit( &ctx_hash, ph1->evp_hash );- EVP_DigestUpdate( &ctx_hash, ph1->iv.buff(), ph1->iv.size() );- EVP_DigestUpdate( &ctx_hash, &msgid, 4 );- EVP_DigestFinal( &ctx_hash, iv_data, NULL );- EVP_MD_CTX_cleanup( &ctx_hash );+ EVP_MD_CTX *ctx_hash=EVP_MD_CTX_new();+ EVP_DigestInit( ctx_hash, ph1->evp_hash );+ EVP_DigestUpdate( ctx_hash, ph1->iv.buff(), ph1->iv.size() );+ EVP_DigestUpdate( ctx_hash, &msgid, 4 );+ EVP_DigestFinal( ctx_hash, iv_data, NULL );+ EVP_MD_CTX_free( ctx_hash ); iv.set( iv_data, iv_size ); diff -Naur ike/source/iked/ike.idb.phase1.cpp ike_20.04/source/iked/ike.idb.phase1.cpp--- ike/source/iked/ike.idb.phase1.cpp 2011-02-01 08:21:32.000000000 +0100+++ ike_20.04/source/iked/ike.idb.phase1.cpp 2020-05-27 13:01:15.195789694 +0200@@ -676,7 +676,8 @@ } xl.size( dh_size );- long result = BN_bn2bin( dh->pub_key, xl.buff() );+ const BIGNUM *pub_key=DH_get0_pub_key(dh);+ long result = BN_bn2bin( pub_key, xl.buff() ); // // fixup public buffer alignmentdiff -Naur ike/source/iked/ike.idb.phase2.cpp ike_20.04/source/iked/ike.idb.phase2.cpp--- ike/source/iked/ike.idb.phase2.cpp 2012-11-20 00:28:52.000000000 +0100+++ ike_20.04/source/iked/ike.idb.phase2.cpp 2020-05-27 13:01:39.992138660 +0200@@ -438,7 +438,8 @@ } xl.size( dh_size );- long result = BN_bn2bin( dh->pub_key, xl.buff() );+ const BIGNUM *pub_key=DH_get0_pub_key(dh);+ long result = BN_bn2bin( pub_key, xl.buff() ); // // fixup public buffer alignmentdiff -Naur ike/source/iked/ike.keyfile.cpp ike_20.04/source/iked/ike.keyfile.cpp--- ike/source/iked/ike.keyfile.cpp 2012-12-15 23:14:32.000000000 +0100+++ ike_20.04/source/iked/ike.keyfile.cpp 2020-05-27 13:02:20.288706071 +0200@@ -664,14 +664,17 @@ long ll = LLOG_ERROR; char name[ 512 ]; - X509_NAME * x509_name = X509_get_subject_name( store_ctx->current_cert );+ X509 *current_cert=X509_STORE_CTX_get_current_cert(store_ctx);+ X509_NAME * x509_name = X509_get_subject_name( current_cert ); X509_NAME_oneline( x509_name, name, 512 ); - switch( store_ctx->error )+ int error=X509_STORE_CTX_get_error(store_ctx);+ int error_depth=X509_STORE_CTX_get_error_depth(store_ctx);+ switch( error ) { case X509_V_ERR_UNABLE_TO_GET_CRL: ok = 1;@@ -683,9 +686,9 @@ ll, "ii : %s(%d) at depth:%d\n" "ii : subject :%s\n",- X509_verify_cert_error_string( store_ctx->error ),- store_ctx->error,- store_ctx->error_depth,+ X509_verify_cert_error_string( error ),+ error,+ error_depth, name ); } @@ -857,7 +860,8 @@ if( evp_pkey == NULL ) return false; - bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );+ RSA *pkr=EVP_PKEY_get0_RSA(evp_pkey);+ bool converted = prvkey_rsa_2_bdata( prvkey, pkr ); EVP_PKEY_free( evp_pkey ); return converted;@@ -883,7 +887,8 @@ if( evp_pkey == NULL ) return false; - bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );+ RSA *pkr=EVP_PKEY_get0_RSA(evp_pkey);+ bool converted = prvkey_rsa_2_bdata( prvkey, pkr ); EVP_PKEY_free( evp_pkey ); return converted;@@ -939,7 +944,8 @@ if( evp_pkey == NULL ) return false; - bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );+ RSA *pkr=EVP_PKEY_get0_RSA(evp_pkey);+ bool converted = prvkey_rsa_2_bdata( prvkey, pkr ); EVP_PKEY_free( evp_pkey ); return converted;@@ -976,7 +982,8 @@ if( evp_pkey == NULL ) return false; - bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );+ RSA *pkr=EVP_PKEY_get0_RSA(evp_pkey);+ bool converted = prvkey_rsa_2_bdata( prvkey, pkr ); EVP_PKEY_free( evp_pkey ); return converted;@@ -1010,7 +1017,8 @@ if( evp_pkey == NULL ) return false; - bool result = pubkey_rsa_2_bdata( pubkey, evp_pkey->pkey.rsa );+ RSA *pkr=EVP_PKEY_get0_RSA(evp_pkey);+ bool result = pubkey_rsa_2_bdata( pubkey, pkr ); EVP_PKEY_free( evp_pkey ); diff -Naur ike/source/libike/manager.file.cpp ike_20.04/source/libike/manager.file.cpp--- ike/source/libike/manager.file.cpp 2011-02-06 17:40:00.000000000 +0100+++ ike_20.04/source/libike/manager.file.cpp 2020-05-27 13:03:49.197959204 +0200@@ -679,11 +679,10 @@ BDATA pwd; data.get( pwd ); - EVP_CIPHER_CTX ctx_cipher;- EVP_CIPHER_CTX_init( &ctx_cipher );+ EVP_CIPHER_CTX *ctx_cipher=EVP_CIPHER_CTX_new(); EVP_CipherInit_ex(- &ctx_cipher,+ ctx_cipher, EVP_des_ede3_cbc(), NULL, key,@@ -691,11 +690,13 @@ 0 ); EVP_Cipher(- &ctx_cipher,+ ctx_cipher, pwd.buff(), pwd.buff(), ( unsigned int ) pwd.size() ); + EVP_CIPHER_CTX_free(ctx_cipher);+ pwlen -= pwd.buff()[ pwd.size() - 1 ]; pwd.size( pwlen );