Module Name: src
Committed By: christos
Date: Sun Jan 23 14:35:45 UTC 2022
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: plainrsa-gen.c
src/distrib/sets/lists/base: mi
src/distrib/sets/lists/debug: mi
src/distrib/sets/lists/man: mi
src/usr.sbin: Makefile
Added Files:
src/usr.sbin/plainrsa-gen: Makefile
Log Message:
PR/56657: Juraj Hercek: Add plainrsa-gen utility mentioned in racoon.conf(5)
and fix it for OpenSSL 1.1
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c
cvs rdiff -u -r1.1288 -r1.1289 src/distrib/sets/lists/base/mi
cvs rdiff -u -r1.371 -r1.372 src/distrib/sets/lists/debug/mi
cvs rdiff -u -r1.1732 -r1.1733 src/distrib/sets/lists/man/mi
cvs rdiff -u -r1.285 -r1.286 src/usr.sbin/Makefile
cvs rdiff -u -r0 -r1.1 src/usr.sbin/plainrsa-gen/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c:1.6 src/crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c:1.7
--- src/crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c:1.6 Fri Feb 11 05:07:19 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c Sun Jan 23 09:35:45 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: plainrsa-gen.c,v 1.6 2011/02/11 10:07:19 tteras Exp $ */
+/* $NetBSD: plainrsa-gen.c,v 1.7 2022/01/23 14:35:45 christos Exp $ */
/* Id: plainrsa-gen.c,v 1.6 2005/04/21 09:08:40 monas Exp */
/*
@@ -63,6 +63,8 @@
#include "package_version.h"
+#define DEFAULT_PUBEXP RSA_F4
+
void
usage (char *argv0)
{
@@ -72,7 +74,7 @@ usage (char *argv0)
fprintf(stderr, "Usage: %s [options]\n", argv0);
fprintf(stderr, "\n");
fprintf(stderr, " -b bits Generate <bits> long RSA key (default=1024)\n");
- fprintf(stderr, " -e pubexp Public exponent to use (default=0x3)\n");
+ fprintf(stderr, " -e pubexp Public exponent to use (default=%#x)\n", DEFAULT_PUBEXP);
fprintf(stderr, " -f filename Filename to store the key to (default=stdout)\n");
fprintf(stderr, " -i filename Input source for format conversion\n");
fprintf(stderr, " -h Help\n");
@@ -91,11 +93,11 @@ mix_b64_pubkey(const RSA *key)
long binlen, ret;
vchar_t *res;
- binlen = 1 + BN_num_bytes(key->e) + BN_num_bytes(key->n);
+ binlen = 1 + BN_num_bytes(RSA_get0_e(key)) + BN_num_bytes(RSA_get0_n(key));
binbuf = malloc(binlen);
memset(binbuf, 0, binlen);
- binbuf[0] = BN_bn2bin(key->e, (unsigned char *) &binbuf[1]);
- ret = BN_bn2bin(key->n, (unsigned char *) (&binbuf[binbuf[0] + 1]));
+ binbuf[0] = BN_bn2bin(RSA_get0_e(key), (unsigned char *) &binbuf[1]);
+ ret = BN_bn2bin(RSA_get0_n(key), (unsigned char *) (&binbuf[binbuf[0] + 1]));
if (1 + binbuf[0] + ret != binlen) {
plog(LLV_ERROR, LOCATION, NULL,
"Pubkey generation failed. This is really strange...\n");
@@ -131,16 +133,16 @@ print_rsa_key(FILE *fp, const RSA *key)
fprintf(fp, "# : PUB 0s%s\n", pubkey64->v);
fprintf(fp, ": RSA\t{\n");
- fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(key->n));
+ fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(RSA_get0_n(key)));
fprintf(fp, "\t# pubkey=0s%s\n", pubkey64->v);
- fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(key->n)));
- fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(key->e)));
- fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(key->d)));
- fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(key->p)));
- fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(key->q)));
- fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(key->dmp1)));
- fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(key->dmq1)));
- fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(key->iqmp)));
+ fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(RSA_get0_n(key))));
+ fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(RSA_get0_e(key))));
+ fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(RSA_get0_d(key))));
+ fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(RSA_get0_p(key))));
+ fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(RSA_get0_q(key))));
+ fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(RSA_get0_dmp1(key))));
+ fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(RSA_get0_dmq1(key))));
+ fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(RSA_get0_iqmp(key))));
fprintf(fp, " }\n");
vfree(pubkey64);
@@ -204,13 +206,17 @@ gen_rsa_key(FILE *fp, size_t bits, unsig
{
int ret;
RSA *key;
+ BIGNUM *e;
+
+ key = RSA_new();
+ e = BN_new();
+ BN_set_word(e, exp);
- key = RSA_generate_key(bits, exp, NULL, NULL);
- if (!key) {
+ if (1 != RSA_generate_key_ex(key, bits, e, NULL)) {
fprintf(stderr, "RSA_generate_key(): %s\n", eay_strerror());
return -1;
}
-
+
ret = print_rsa_key(fp, key);
RSA_free(key);
@@ -222,7 +228,7 @@ main (int argc, char *argv[])
{
FILE *fp = stdout, *fpin = NULL;
size_t bits = 1024;
- unsigned int pubexp = 0x3;
+ unsigned int pubexp = DEFAULT_PUBEXP;
struct stat st;
extern char *optarg;
extern int optind;
@@ -232,10 +238,7 @@ main (int argc, char *argv[])
while ((c = getopt(argc, argv, "e:b:f:i:h")) != -1)
switch (c) {
case 'e':
- if (strncmp(optarg, "0x", 2) == 0)
- sscanf(optarg, "0x%x", &pubexp);
- else
- pubexp = atoi(optarg);
+ pubexp = (unsigned int)strtoul(optarg, NULL, 0);
break;
case 'b':
bits = atoi(optarg);
Index: src/distrib/sets/lists/base/mi
diff -u src/distrib/sets/lists/base/mi:1.1288 src/distrib/sets/lists/base/mi:1.1289
--- src/distrib/sets/lists/base/mi:1.1288 Sat Jan 22 02:53:05 2022
+++ src/distrib/sets/lists/base/mi Sun Jan 23 09:35:44 2022
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1288 2022/01/22 07:53:05 pho Exp $
+# $NetBSD: mi,v 1.1289 2022/01/23 14:35:44 christos Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -1800,6 +1800,7 @@
./usr/sbin/pkg_delete base-pkgutil-bin
./usr/sbin/pkg_info base-pkgutil-bin
./usr/sbin/pkg_view base-obsolete obsolete
+./usr/sbin/plainrsa-gen base-netutil-bin
./usr/sbin/portmap base-obsolete obsolete
./usr/sbin/postalias base-postfix-bin postfix
./usr/sbin/postcat base-postfix-bin postfix
Index: src/distrib/sets/lists/debug/mi
diff -u src/distrib/sets/lists/debug/mi:1.371 src/distrib/sets/lists/debug/mi:1.372
--- src/distrib/sets/lists/debug/mi:1.371 Fri Dec 31 11:14:44 2021
+++ src/distrib/sets/lists/debug/mi Sun Jan 23 09:35:44 2022
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.371 2021/12/31 16:14:44 christos Exp $
+# $NetBSD: mi,v 1.372 2022/01/23 14:35:44 christos Exp $
./etc/mtree/set.debug comp-sys-root
./usr/lib comp-sys-usr compatdir
./usr/lib/i18n/libBIG5_g.a comp-c-debuglib debuglib,compatfile
@@ -1231,6 +1231,7 @@
./usr/libdata/debug/usr/sbin/pkg_create.debug comp-pkgutil-debug debug
./usr/libdata/debug/usr/sbin/pkg_delete.debug comp-pkgutil-debug debug
./usr/libdata/debug/usr/sbin/pkg_info.debug comp-pkgutil-debug debug
+./usr/libdata/debug/usr/sbin/plainrsa-gen.debug comp-netutil-debug debug
./usr/libdata/debug/usr/sbin/postalias.debug comp-postfix-debug postfix,debug
./usr/libdata/debug/usr/sbin/postcat.debug comp-postfix-debug postfix,debug
./usr/libdata/debug/usr/sbin/postconf.debug comp-postfix-debug postfix,debug
Index: src/distrib/sets/lists/man/mi
diff -u src/distrib/sets/lists/man/mi:1.1732 src/distrib/sets/lists/man/mi:1.1733
--- src/distrib/sets/lists/man/mi:1.1732 Mon Jan 17 11:31:23 2022
+++ src/distrib/sets/lists/man/mi Sun Jan 23 09:35:44 2022
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1732 2022/01/17 16:31:23 thorpej Exp $
+# $NetBSD: mi,v 1.1733 2022/01/23 14:35:44 christos Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -2989,6 +2989,7 @@
./usr/share/man/cat8/ping.0 man-netutil-catman .cat
./usr/share/man/cat8/ping6.0 man-netutil-catman use_inet6,.cat
./usr/share/man/cat8/pipe.0 man-postfix-catman postfix,.cat
+./usr/share/man/cat8/plainrsa-gen.0 man-netutil-catman .cat
./usr/share/man/cat8/playstation2/MAKEDEV.0 man-obsolete obsolete
./usr/share/man/cat8/playstation2/makedev.0 man-obsolete obsolete
./usr/share/man/cat8/pmax/MAKEDEV.0 man-obsolete obsolete
@@ -6003,6 +6004,7 @@
./usr/share/man/html8/ping.html man-netutil-htmlman html
./usr/share/man/html8/ping6.html man-netutil-htmlman use_inet6,html
./usr/share/man/html8/pipe.html man-postfix-htmlman postfix,html
+./usr/share/man/html8/plainrsa-gen.html man-netutil-htmlman html
./usr/share/man/html8/pmax/boot.html man-sys-htmlman html
./usr/share/man/html8/postinstall.html man-sys-htmlman html
./usr/share/man/html8/postscreen.html man-postfix-htmlman postfix,html
@@ -9263,6 +9265,7 @@
./usr/share/man/man8/ping.8 man-netutil-man .man
./usr/share/man/man8/ping6.8 man-netutil-man use_inet6,.man
./usr/share/man/man8/pipe.8 man-postfix-man postfix,.man
+./usr/share/man/man8/plainrsa-gen.8 man-netutil-man .man
./usr/share/man/man8/playstation2/MAKEDEV.8 man-obsolete obsolete
./usr/share/man/man8/playstation2/makedev.8 man-obsolete obsolete
./usr/share/man/man8/pmax/MAKEDEV.8 man-obsolete obsolete
Index: src/usr.sbin/Makefile
diff -u src/usr.sbin/Makefile:1.285 src/usr.sbin/Makefile:1.286
--- src/usr.sbin/Makefile:1.285 Thu Aug 20 17:30:46 2020
+++ src/usr.sbin/Makefile Sun Jan 23 09:35:44 2022
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.285 2020/08/20 21:30:46 riastradh Exp $
+# $NetBSD: Makefile,v 1.286 2022/01/23 14:35:44 christos Exp $
# from: @(#)Makefile 5.20 (Berkeley) 6/12/93
.include <bsd.own.mk>
@@ -53,7 +53,7 @@ SUBDIR+=faithd ifmcstat ip6addrctl ndp r
SUBDIR+=mld6query route6d rtadvd traceroute6
.endif
-SUBDIR+= racoon racoonctl
+SUBDIR+= plainrsa-gen racoon racoonctl
SUBDIR+= nvmmctl
Added files:
Index: src/usr.sbin/plainrsa-gen/Makefile
diff -u /dev/null src/usr.sbin/plainrsa-gen/Makefile:1.1
--- /dev/null Sun Jan 23 09:35:45 2022
+++ src/usr.sbin/plainrsa-gen/Makefile Sun Jan 23 09:35:44 2022
@@ -0,0 +1,35 @@
+# $NetBSD: Makefile,v 1.1 2022/01/23 14:35:44 christos Exp $
+
+WARNS?= 0 # XXX third-party program, many issues
+NOCLANGERROR= # defined
+
+.include <bsd.own.mk>
+
+PROG= plainrsa-gen
+SRCS= plainrsa-gen.c plog.c crypto_openssl.c logger.c vmbuf.c misc.c \
+ rsalist.c sockmisc.c genlist.c prsa_tok.c prsa_par.c
+MAN= plainrsa-gen.8
+
+DIST= ${NETBSDSRCDIR}/crypto/dist/ipsec-tools
+CPPFLAGS+= -I${DIST}/src/racoon -I${DIST}/src/racoon/missing
+CPPFLAGS+= -I${DIST}/src/libipsec
+CPPFLAGS+= -I${NETBSDSRCDIR}/lib/libipsec
+CPPFLAGS+= -DHAVE_CONFIG_H -DNOUSE_PRIVSEP
+.if ${HAVE_OPENSSL} < 11
+CPPFLAGS+= -DHAVE_OPENSSL_RC5_H
+CPPFLAGS+= -DOPENSSL_API_COMPAT=0x10100000L
+.endif
+
+.PATH: ${DIST}/src/racoon
+
+LDADD+= -lcrypto -lipsec
+DPADD+= ${LIBCRYPTO} ${LIBIPSEC}
+
+LPREFIX=prsa
+YPREFIX=prsa
+YFLAGS=-d
+
+prsa_tok.c: prsa_par.c
+
+.include <bsd.prog.mk>
+
