Migrated to openssl 1.1.x, removed Qt GUI

author: Timur Sattarov 2019-02-14 23:55:37 +0400
committer: Timur Sattarov 2019-02-14 23:55:37 +0400
commit: 3a56735ddc26f750df4720f4baba0728bb4cb458 (patch)
tree: daeb7503adb65f8183ae88138a5680c9e496bbfd
parent: c60f504bea7e15cf6eb11966f1a7f05052af7f11 (diff)
download: aur-3a56735ddc26f750df4720f4baba0728bb4cb458.tar.gz
4 files changed, 1001 insertions, 96 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 1fab95548b52..dad8cd3d6727 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,23 +1,22 @@
 pkgbase = ike
 	pkgdesc = Shrew Soft VPN client for Linux
 	pkgver = 2.2.1
-	pkgrel = 4
+	pkgrel = 5
 	url = http://www.shrew.net
 	arch = i686
 	arch = x86_64
 	license = BSD
 	makedepends = cmake
-	depends = openssl-1.0
-	depends = qt4
+	depends = openssl
 	depends = libedit
 	optdepends = openldap
 	backup = etc/iked.conf
 	source = http://www.shrew.net/download/ike/ike-2.2.1-release.tgz
 	source = iked.service
-	source = fix-openssl.patch
+	source = openssl-1.1.0.patch
 	md5sums = 3dac18a2da5809ccb38c50cd4a455897
 	md5sums = 3cb3ff3b663805f76be1efd527ae436c
-	md5sums = c1f793c174db5d7f5c11c8009a967a4d
+	md5sums = 57348fe9112555c0204709c1716e5fff
 
 pkgname = ike
 
diff --git a/PKGBUILD b/PKGBUILD
index 5b2f9bc0aabd..17329f79746e 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,32 +1,32 @@
-# Maintainer: Benjamin Robin <dev@benjarobin.fr>
+# Maintainer: Timur Sattarov <tim.helloworld@gmail.com>
 # Contributor: Taylor Hedberg <t@tmh.cc>
 # Contributor: Pablo Lluch <pablo.lluch@gmail.com>
 
 pkgname=ike
 pkgver=2.2.1
-pkgrel=4
+pkgrel=5
 pkgdesc='Shrew Soft VPN client for Linux'
 arch=(i686 x86_64)
 url='http://www.shrew.net'
 license=(BSD)
-depends=(openssl-1.0 qt4 libedit)
+depends=(openssl libedit)
 makedepends=(cmake)
 optdepends=(openldap)
 backup=(etc/iked.conf)
-source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service fix-openssl.patch)
+source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch)
 md5sums=('3dac18a2da5809ccb38c50cd4a455897'
          '3cb3ff3b663805f76be1efd527ae436c'
-         'c1f793c174db5d7f5c11c8009a967a4d')
+         '57348fe9112555c0204709c1716e5fff')
 
 prepare () {
     cd "$srcdir/ike"
-    patch -p1 -i "$srcdir/fix-openssl.patch"
+    patch -p1 -i "$srcdir/openssl-1.1.0.patch"
 }
 
 build () {
     cd "$srcdir/ike"
-    cmake -DCMAKE_INSTALL_PREFIX=/usr -DQTGUI=YES -DETCDIR=/etc -DNATT=YES \
-        -DQT_QMAKE_EXECUTABLE=/usr/bin/qmake-qt4 -DMANDIR=/usr/share/man -DSBINDIR=/usr/bin
+    cmake -DCMAKE_INSTALL_PREFIX=/usr -DQTGUI=NO -DETCDIR=/etc -DNATT=YES \
+        -DMANDIR=/usr/share/man -DSBINDIR=/usr/bin
     make
 }
 
diff --git a/fix-openssl.patch b/fix-openssl.patch
deleted file mode 100644
index b0dc30d3c25d..000000000000
--- a/fix-openssl.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-diff --git a/CMakeLists.txt b/CMakeLists.txt
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -25,6 +25,7 @@ add_definitions( -DUNIX )
- 
- include( CheckCSourceCompiles )
- include( CheckLibraryExists )
-+include_directories(BEFORE SYSTEM "/usr/include/openssl-1.0")
- 
- set(
- 	RELVER "2.2.1" )
-@@ -270,7 +271,7 @@ endif( NOT PATH_INC_CRYPTO )
- 
- find_library(
- 	PATH_LIB_CRYPTO
--	NAMES "crypto"
-+	NAMES "libcrypto.so.1.0.0"
- 	PATHS ${SEARCH_LIB} )
- 
- if( NOT PATH_LIB_CRYPTO )
-diff --git a/source/ikec/CMakeLists.txt b/source/ikec/CMakeLists.txt
---- a/source/ikec/CMakeLists.txt
-+++ b/source/ikec/CMakeLists.txt
-@@ -32,7 +32,7 @@ target_link_libraries(
- 	ss_idb
- 	ss_ith
- 	ss_log
--	crypto
-+	${PATH_LIB_CRYPTO}
- 	pthread
- 	edit )
- 
-diff --git a/source/iked/CMakeLists.txt b/source/iked/CMakeLists.txt
---- a/source/iked/CMakeLists.txt
-+++ b/source/iked/CMakeLists.txt
-@@ -73,7 +73,7 @@ target_link_libraries(
- 	ss_ip
- 	ss_log
- 	ss_pfk
--	crypto
-+	${PATH_LIB_CRYPTO}
- 	pthread )
- 
- if( FUNC_LIB_CRYPT )
-diff --git a/source/libike/CMakeLists.txt b/source/libike/CMakeLists.txt
---- a/source/libike/CMakeLists.txt
-+++ b/source/libike/CMakeLists.txt
-@@ -29,7 +29,7 @@ target_link_libraries(
- 	ss_ike
- 	ss_idb
- 	ss_ith
--	crypto )
-+	${PATH_LIB_CRYPTO} )
- 
- set_target_properties(
- 	ss_ike PROPERTIES
-diff --git a/source/qikea/CMakeLists.txt b/source/qikea/CMakeLists.txt
---- a/source/qikea/CMakeLists.txt
-+++ b/source/qikea/CMakeLists.txt
-@@ -55,7 +55,7 @@ target_link_libraries(
- 	ss_idb
- 	ss_ith
- 	ss_log
--	crypto
-+	${PATH_LIB_CRYPTO}
- 	pthread
- 	${QT_LIBRARIES} )
- 
-diff --git a/source/qikec/CMakeLists.txt b/source/qikec/CMakeLists.txt
---- a/source/qikec/CMakeLists.txt
-+++ b/source/qikec/CMakeLists.txt
-@@ -53,7 +53,7 @@ target_link_libraries(
- 	ss_idb
- 	ss_ith
- 	ss_log
--	crypto
-+	${PATH_LIB_CRYPTO}
- 	pthread
- 	${QT_LIBRARIES} )
- 
--- 
-2.12.2
-
diff --git a/openssl-1.1.0.patch b/openssl-1.1.0.patch
new file mode 100644
index 000000000000..8ae29e8ba073
--- /dev/null
+++ b/openssl-1.1.0.patch
@@ -0,0 +1,989 @@
+diff --git a/source/iked/crypto.cpp b/source/iked/crypto.cpp
+index 421e34f..5b58330 100644
+--- a/source/iked/crypto.cpp
++++ b/source/iked/crypto.cpp
+@@ -376,60 +376,54 @@ bool dh_init( long group, DH ** dh_data, long * dh_size )
+ 	if( dh == NULL )
+ 		return false;
+ 
+-	dh->p = NULL;
+-	dh->g = NULL;
+-	dh->length = 0;
+-
+ 	//
+ 	// set p ( prime ) value
+ 	//
+ 
+-	unsigned char * p_data = NULL;
+-	size_t			p_size = 0;
+-
+-	dh->p = BN_new();
+-	if( dh->p == NULL )
++	BIGNUM *p, *g;
++	p = BN_new();
++	if( p == NULL )
+ 		goto dh_failed;
+ 
+ 	switch( group )
+ 	{
+ 		case 1:
+-			if( !BN_bin2bn( group1, sizeof( group1 ), dh->p ) )
++			if( !BN_bin2bn( group1, sizeof( group1 ), p ) )
+ 				goto dh_failed;
+ 			break;
+ 
+ 		case 2:
+-			if( !BN_bin2bn( group2, sizeof( group2 ), dh->p ) )
++			if( !BN_bin2bn( group2, sizeof( group2 ), p ) )
+ 				goto dh_failed;
+ 			break;
+ 
+ 		case 5:
+-			if( !BN_bin2bn( group5, sizeof( group5 ), dh->p ) )
++			if( !BN_bin2bn( group5, sizeof( group5 ), p ) )
+ 				goto dh_failed;
+ 			break;
+ 
+ 		case 14:
+-			if( !BN_bin2bn( group14, sizeof( group14 ), dh->p ) )
++			if( !BN_bin2bn( group14, sizeof( group14 ), p ) )
+ 				goto dh_failed;
+ 			break;
+ 
+ 		case 15:
+-			if( !BN_bin2bn( group15, sizeof( group15 ), dh->p ) )
++			if( !BN_bin2bn( group15, sizeof( group15 ), p ) )
+ 				goto dh_failed;
+ 			break;
+ 
+ 		case 16:
+-			if( !BN_bin2bn( group16, sizeof( group16 ), dh->p ) )
++			if( !BN_bin2bn( group16, sizeof( group16 ), p ) )
+ 				goto dh_failed;
+ 			break;
+ 
+ 		case 17:
+-			if( !BN_bin2bn( group17, sizeof( group17 ), dh->p ) )
++			if( !BN_bin2bn( group17, sizeof( group17 ), p ) )
+ 				goto dh_failed;
+ 			break;
+ 
+ 		case 18:
+-			if( !BN_bin2bn( group18, sizeof( group18 ), dh->p ) )
++			if( !BN_bin2bn( group18, sizeof( group18 ), p ) )
+ 				goto dh_failed;
+ 			break;
+ 
+@@ -441,13 +435,15 @@ bool dh_init( long group, DH ** dh_data, long * dh_size )
+ 	// set g ( generator ) value
+ 	//
+ 
+-	dh->g = BN_new();
+-	if( dh->g == NULL )
++	g = BN_new();
++	if( g == NULL )
+ 		goto dh_failed;
+ 
+-	if( !BN_set_word( dh->g, 2 ) )
++	if( !BN_set_word( g, 2 ) )
+ 		goto dh_failed;
+ 
++	DH_set0_pqg(dh, p, NULL, g);
++
+ 	//
+ 	// generate private and public DH values
+ 	//
+@@ -456,11 +452,16 @@ bool dh_init( long group, DH ** dh_data, long * dh_size )
+ 		goto dh_failed;
+ 
+ 	*dh_data = dh;
+-	*dh_size = BN_num_bytes( dh->p );
++	*dh_size = BN_num_bytes( p );
+ 
+ 	return true;
+ 
+ 	dh_failed:
++    if (p != NULL)
++        BN_free(p);
++
++    if (g != NULL)
++        BN_free(g);
+ 
+ 	DH_free( dh );
+ 
+diff --git a/source/iked/ike.cpp b/source/iked/ike.cpp
+index 1ad6a44..d5fd5b0 100644
+--- a/source/iked/ike.cpp
++++ b/source/iked/ike.cpp
+@@ -391,11 +391,11 @@ long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_IKE & packet, BDATA * iv )
+ 	// init cipher key and iv
+ 	//
+ 
+-	EVP_CIPHER_CTX ctx_cipher;
+-	EVP_CIPHER_CTX_init( &ctx_cipher );
++	EVP_CIPHER_CTX *ctx_cipher;
++	ctx_cipher = EVP_CIPHER_CTX_new();
+ 
+ 	EVP_CipherInit_ex(
+-		&ctx_cipher,
++		ctx_cipher,
+ 		sa->evp_cipher,
+ 		NULL,
+ 		NULL,
+@@ -403,11 +403,11 @@ long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_IKE & packet, BDATA * iv )
+ 		0 );
+ 
+ 	EVP_CIPHER_CTX_set_key_length(
+-		&ctx_cipher,
++		ctx_cipher,
+ 		( int ) sa->key.size() );
+ 
+ 	EVP_CipherInit_ex(
+-		&ctx_cipher,
++		ctx_cipher,
+ 		NULL,
+ 		NULL,
+ 		sa->key.buff(),
+@@ -419,12 +419,12 @@ long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_IKE & packet, BDATA * iv )
+ 	//
+ 
+ 	EVP_Cipher(
+-		&ctx_cipher,
++		ctx_cipher,
+ 		data + sizeof( IKE_HEADER ),
+ 		data + sizeof( IKE_HEADER ),
+ 		( int ) size - sizeof( IKE_HEADER ) );
+ 
+-	EVP_CIPHER_CTX_cleanup( &ctx_cipher );
++	EVP_CIPHER_CTX_free( ctx_cipher );
+ 
+ 	log.bin(
+ 		LLOG_DEBUG,
+@@ -595,11 +595,11 @@ long _IKED::packet_ike_encrypt( IDB_PH1 * sa, PACKET_IKE & packet, BDATA * iv )
+ 	// encrypt all but header
+ 	//
+ 
+-	EVP_CIPHER_CTX ctx_cipher;
+-	EVP_CIPHER_CTX_init( &ctx_cipher );
++	EVP_CIPHER_CTX *ctx_cipher;
++	ctx_cipher = EVP_CIPHER_CTX_new();
+ 
+ 	EVP_CipherInit_ex(
+-		&ctx_cipher,
++		ctx_cipher,
+ 		sa->evp_cipher,
+ 		NULL,
+ 		NULL,
+@@ -607,11 +607,11 @@ long _IKED::packet_ike_encrypt( IDB_PH1 * sa, PACKET_IKE & packet, BDATA * iv )
+ 		1 );
+ 
+ 	EVP_CIPHER_CTX_set_key_length(
+-		&ctx_cipher,
++		ctx_cipher,
+ 		( int ) sa->key.size() );
+ 
+ 	EVP_CipherInit_ex(
+-		&ctx_cipher,
++		ctx_cipher,
+ 		NULL,
+ 		NULL,
+ 		sa->key.buff(),
+@@ -619,12 +619,12 @@ long _IKED::packet_ike_encrypt( IDB_PH1 * sa, PACKET_IKE & packet, BDATA * iv )
+ 		1 );
+ 
+ 	EVP_Cipher(
+-		&ctx_cipher,
++		ctx_cipher,
+ 		data + sizeof( IKE_HEADER ),
+ 		data + sizeof( IKE_HEADER ),
+ 		( int ) size - sizeof( IKE_HEADER ) );
+ 
+-	EVP_CIPHER_CTX_cleanup( &ctx_cipher );
++	EVP_CIPHER_CTX_free( ctx_cipher );
+ 
+ 	//
+ 	// store cipher iv data
+diff --git a/source/iked/ike.exch.config.cpp b/source/iked/ike.exch.config.cpp
+index a9390e7..bc3160a 100644
+--- a/source/iked/ike.exch.config.cpp
++++ b/source/iked/ike.exch.config.cpp
+@@ -2481,15 +2481,15 @@ long _IKED::config_chk_hash( IDB_PH1 * ph1, IDB_CFG * cfg, unsigned long msgid )
+ 	BDATA hash_c;
+ 	hash_c.size( ph1->hash_size );
+ 
+-	HMAC_CTX ctx_prf;
+-	HMAC_CTX_init( &ctx_prf );
++    HMAC_CTX *ctx_prf;
++    ctx_prf = HMAC_CTX_new();
+ 
+-	HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+-	HMAC_Update( &ctx_prf, ( unsigned char * ) &msgid, 4 );
+-	HMAC_Update( &ctx_prf, cfg->hda.buff(), cfg->hda.size() );
+-	HMAC_Final( &ctx_prf, hash_c.buff(), NULL );
++    HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++    HMAC_Update( ctx_prf, ( unsigned char * ) &msgid, 4 );
++    HMAC_Update( ctx_prf, cfg->hda.buff(), cfg->hda.size() );
++    HMAC_Final( ctx_prf, hash_c.buff(), NULL );
+ 
+-	HMAC_CTX_cleanup( &ctx_prf );
++    HMAC_CTX_free( ctx_prf );
+ 
+ 	log.bin(
+ 		LLOG_DEBUG,
+@@ -2543,17 +2543,17 @@ long _IKED::config_message_send( IDB_PH1 * ph1, IDB_CFG * cfg )
+ 	// create message authentication hash
+ 	//
+ 
+-	HMAC_CTX ctx_prf;
+-	HMAC_CTX_init( &ctx_prf );
++    HMAC_CTX *ctx_prf;
++    ctx_prf = HMAC_CTX_new();
+ 
+-	HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+-	HMAC_Update( &ctx_prf, ( unsigned char * ) &cfg->msgid, sizeof( cfg->msgid ) );
+-	HMAC_Update( &ctx_prf, packet.buff() + beg, end - beg );
+-	HMAC_Final( &ctx_prf, hash.buff(), 0 );
++    HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++    HMAC_Update( ctx_prf, ( unsigned char * ) &cfg->msgid, sizeof( cfg->msgid ) );
++    HMAC_Update( ctx_prf, packet.buff() + beg, end - beg );
++    HMAC_Final( ctx_prf, hash.buff(), 0 );
+ 
+-	HMAC_CTX_cleanup( &ctx_prf );
++    HMAC_CTX_free(ctx_prf );
+ 
+-	memcpy( packet.buff() + off + 4, hash.buff(), hash.size() );
++    memcpy( packet.buff() + off + 4, hash.buff(), hash.size() );
+ 
+ 	log.bin(
+ 		LLOG_DEBUG,
+diff --git a/source/iked/ike.exch.inform.cpp b/source/iked/ike.exch.inform.cpp
+index 07d963b..c15e5f8 100644
+--- a/source/iked/ike.exch.inform.cpp
++++ b/source/iked/ike.exch.inform.cpp
+@@ -399,15 +399,15 @@ long _IKED::inform_chk_hash( IDB_PH1 * ph1, IDB_XCH * inform )
+ 	BDATA hash_c;
+ 	hash_c.size( ph1->hash_size );
+ 
+-	HMAC_CTX ctx_prf;
+-	HMAC_CTX_init( &ctx_prf );
++    HMAC_CTX *ctx_prf;
++    ctx_prf = HMAC_CTX_new();
+ 
+-	HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+-	HMAC_Update( &ctx_prf, ( unsigned char * ) &inform->msgid, 4 );
+-	HMAC_Update( &ctx_prf, inform->hda.buff(), inform->hda.size() );
+-	HMAC_Final( &ctx_prf, hash_c.buff(), NULL );
++    HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++    HMAC_Update( ctx_prf, ( unsigned char * ) &inform->msgid, 4 );
++    HMAC_Update( ctx_prf, inform->hda.buff(), inform->hda.size() );
++    HMAC_Final( ctx_prf, hash_c.buff(), NULL );
+ 
+-	HMAC_CTX_cleanup( &ctx_prf );
++    HMAC_CTX_free( ctx_prf );
+ 
+ 	log.bin(
+ 		LLOG_DEBUG,
+@@ -439,15 +439,15 @@ long _IKED::inform_gen_hash( IDB_PH1 * ph1, IDB_XCH * inform )
+ {
+ 	inform->hash_l.size( ph1->hash_size );
+ 
+-	HMAC_CTX ctx_prf;
+-	HMAC_CTX_init( &ctx_prf );
++    HMAC_CTX *ctx_prf;
++    ctx_prf = HMAC_CTX_new();
+ 
+-	HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+-	HMAC_Update( &ctx_prf, ( unsigned char * ) &inform->msgid, sizeof( inform->msgid ) );
+-	HMAC_Update( &ctx_prf, inform->hda.buff(), inform->hda.size() );
+-	HMAC_Final( &ctx_prf, inform->hash_l.buff(), 0 );
++    HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++    HMAC_Update( ctx_prf, ( unsigned char * ) &inform->msgid, sizeof( inform->msgid ) );
++    HMAC_Update( ctx_prf, inform->hda.buff(), inform->hda.size() );
++    HMAC_Final( ctx_prf, inform->hash_l.buff(), 0 );
+ 
+-	HMAC_CTX_cleanup( &ctx_prf );
++    HMAC_CTX_free(ctx_prf);
+ 
+ 	log.bin(
+ 		LLOG_DEBUG,
+diff --git a/source/iked/ike.exch.phase1.cpp b/source/iked/ike.exch.phase1.cpp
+index 47fe020..c3d3113 100644
+--- a/source/iked/ike.exch.phase1.cpp
++++ b/source/iked/ike.exch.phase1.cpp
+@@ -1044,14 +1044,14 @@ long _IKED::process_phase1_send( IDB_PH1 * ph1 )
+ 								BDATA psk_hash;
+ 								psk_hash.size( ph1->hash_size );
+ 
+-								HMAC_CTX ctx_prf;
+-								HMAC_CTX_init( &ctx_prf );
++                                HMAC_CTX *ctx_prf;
++                                ctx_prf = HMAC_CTX_new();
+ 
+-								HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
+-								HMAC_Update( &ctx_prf, ph1->tunnel->peer->psk.buff(), ph1->tunnel->peer->psk.size() );
+-								HMAC_Final( &ctx_prf, psk_hash.buff(), NULL );
++                                HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
++                                HMAC_Update( ctx_prf, ph1->tunnel->peer->psk.buff(), ph1->tunnel->peer->psk.size() );
++                                HMAC_Final( ctx_prf, psk_hash.buff(), NULL );
+ 
+-								HMAC_CTX_cleanup( &ctx_prf );
++                                HMAC_CTX_free( ctx_prf );
+ 
+ 								//
+ 								// add the notification payload
+@@ -1557,7 +1557,9 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ 	{
+ 		BDATA prv;
+ 		prv.size( ph1->dh_size );
+-		BN_bn2bin( ph1->dh->priv_key, prv.buff() );
++        const BIGNUM * priv_key;
++        DH_get0_key(ph1->dh, NULL, &priv_key);
++        BN_bn2bin( priv_key, prv.buff() );
+ 
+ 		log.bin(
+ 			LLOG_DECODE,
+@@ -1656,25 +1658,25 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ 		case XAUTH_AUTH_INIT_PSK:
+ 		case XAUTH_AUTH_RESP_PSK:
+ 		{
+-			HMAC_CTX ctx_prf;
+-			HMAC_CTX_init( &ctx_prf );
++            HMAC_CTX *ctx_prf;
++            ctx_prf = HMAC_CTX_new();
+ 
+-			HMAC_Init_ex( &ctx_prf, ph1->tunnel->peer->psk.buff(), ( int ) ph1->tunnel->peer->psk.size(), ph1->evp_hash, NULL );
++            HMAC_Init_ex( ctx_prf, ph1->tunnel->peer->psk.buff(), ( int ) ph1->tunnel->peer->psk.size(), ph1->evp_hash, NULL );
+ 
+ 			if( ph1->initiator )
+ 			{
+-				HMAC_Update( &ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
+-				HMAC_Update( &ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
++                HMAC_Update( ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
++                HMAC_Update( ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
+ 			}
+ 			else
+ 			{
+-				HMAC_Update( &ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
+-				HMAC_Update( &ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
++                HMAC_Update( ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
++                HMAC_Update( ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
+ 			}
+ 
+-			HMAC_Final( &ctx_prf, skeyid_data, NULL );
++            HMAC_Final( ctx_prf, skeyid_data, NULL );
+ 
+-			HMAC_CTX_cleanup( &ctx_prf );
++            HMAC_CTX_free( ctx_prf );
+ 
+ 			break;
+ 		}
+@@ -1704,14 +1706,14 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ 				nonce.add( ph1->nonce_l );
+ 			}
+ 
+-			HMAC_CTX ctx_prf;
+-			HMAC_CTX_init( &ctx_prf );
++            HMAC_CTX *ctx_prf;
++            ctx_prf = HMAC_CTX_new();
+ 
+-			HMAC_Init_ex( &ctx_prf, nonce.buff(), ( int ) nonce.size(), ph1->evp_hash, NULL );
+-			HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
+-			HMAC_Final( &ctx_prf, skeyid_data, NULL );
++            HMAC_Init_ex( ctx_prf, nonce.buff(), ( int ) nonce.size(), ph1->evp_hash, NULL );
++            HMAC_Update( ctx_prf, shared.buff(), shared.size() );
++            HMAC_Final( ctx_prf, skeyid_data, NULL );
+ 
+-			HMAC_CTX_cleanup( &ctx_prf );
++            HMAC_CTX_free( ctx_prf );
+ 
+ 			break;
+ 		}	
+@@ -1730,15 +1732,15 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ 	// compute SKEYID_d
+ 	//
+ 
+-	HMAC_CTX ctx_prf;
+-	HMAC_CTX_init( &ctx_prf );
++    HMAC_CTX *ctx_prf;
++    ctx_prf = HMAC_CTX_new();
+ 
+-	HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
+-	HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
+-	HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
+-	HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
+-	HMAC_Update( &ctx_prf, ( unsigned char * ) "\0", 1 );
+-	HMAC_Final( &ctx_prf, skeyid_data, NULL );
++    HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
++    HMAC_Update( ctx_prf, shared.buff(), shared.size() );
++    HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
++    HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
++    HMAC_Update( ctx_prf, ( unsigned char * ) "\0", 1 );
++    HMAC_Final( ctx_prf, skeyid_data, NULL );
+ 
+ 	ph1->skeyid_d.set( skeyid_data, skeyid_size );
+ 
+@@ -1753,13 +1755,13 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ 	// compute SKEYID_a
+ 	//
+ 
+-	HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
+-	HMAC_Update( &ctx_prf, skeyid_data, skeyid_size );
+-	HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
+-	HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
+-	HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
+-	HMAC_Update( &ctx_prf, ( unsigned char * ) "\1", 1 );
+-	HMAC_Final( &ctx_prf, skeyid_data, NULL );
++    HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
++    HMAC_Update( ctx_prf, skeyid_data, skeyid_size );
++    HMAC_Update( ctx_prf, shared.buff(), shared.size() );
++    HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
++    HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
++    HMAC_Update( ctx_prf, ( unsigned char * ) "\1", 1 );
++    HMAC_Final( ctx_prf, skeyid_data, NULL );
+ 
+ 	ph1->skeyid_a.set( skeyid_data, skeyid_size );
+ 
+@@ -1774,13 +1776,13 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ 	// compute SKEYID_e
+ 	//
+ 
+-	HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
+-	HMAC_Update( &ctx_prf, skeyid_data, skeyid_size );
+-	HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
+-	HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
+-	HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
+-	HMAC_Update( &ctx_prf, ( unsigned char * ) "\2", 1 );
+-	HMAC_Final( &ctx_prf, skeyid_data, NULL );
++    HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
++    HMAC_Update( ctx_prf, skeyid_data, skeyid_size );
++    HMAC_Update( ctx_prf, shared.buff(), shared.size() );
++    HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
++    HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
++    HMAC_Update( ctx_prf, ( unsigned char * ) "\2", 1 );
++    HMAC_Final( ctx_prf, skeyid_data, NULL );
+ 
+ 	ph1->skeyid_e.set( skeyid_data, skeyid_size );
+ 
+@@ -1821,15 +1823,15 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ 
+ 		// create extended key data
+ 
+-		HMAC_Init_ex( &ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
+-		HMAC_Update( &ctx_prf, ( unsigned char * ) "\0", 1 );
+-		HMAC_Final( &ctx_prf, key_data, NULL );
++        HMAC_Init_ex( ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
++        HMAC_Update( ctx_prf, ( unsigned char * ) "\0", 1 );
++        HMAC_Final( ctx_prf, key_data, NULL );
+ 
+ 		for( long size = skeyid_size; size < key_size; size += skeyid_size )
+ 		{
+-			HMAC_Init_ex( &ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
+-			HMAC_Update( &ctx_prf, key_data + size - skeyid_size, skeyid_size );
+-			HMAC_Final( &ctx_prf, key_data + size, NULL );
++            HMAC_Init_ex( ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
++            HMAC_Update( ctx_prf, key_data + size - skeyid_size, skeyid_size );
++            HMAC_Final( ctx_prf, key_data + size, NULL );
+ 		}
+ 	}
+ 	else
+@@ -1839,7 +1841,7 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ 		memcpy( key_data, skeyid_data, key_size );
+ 	}
+ 
+-	HMAC_CTX_cleanup( &ctx_prf );
++    HMAC_CTX_free( ctx_prf );
+ 
+ 	if( proposal->ciph_kl )
+ 		key_size = ( proposal->ciph_kl + 7 ) / 8;
+@@ -1860,22 +1862,23 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ 	unsigned char iv_data[ HMAC_MAX_MD_CBLOCK ];
+ 	unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher );
+ 
+-	EVP_MD_CTX ctx_hash;
+-	EVP_DigestInit( &ctx_hash, ph1->evp_hash );
++    EVP_MD_CTX *ctx_hash;
++    ctx_hash = EVP_MD_CTX_new();
++    EVP_DigestInit( ctx_hash, ph1->evp_hash );
+ 
+ 	if( ph1->initiator )
+ 	{
+-		EVP_DigestUpdate( &ctx_hash, ph1->xl.buff(), ph1->xl.size() );
+-		EVP_DigestUpdate( &ctx_hash, ph1->xr.buff(), ph1->xr.size() );
++        EVP_DigestUpdate( ctx_hash, ph1->xl.buff(), ph1->xl.size() );
++        EVP_DigestUpdate( ctx_hash, ph1->xr.buff(), ph1->xr.size() );
+ 	}
+ 	else
+ 	{
+-		EVP_DigestUpdate( &ctx_hash, ph1->xr.buff(), ph1->xr.size() );
+-		EVP_DigestUpdate( &ctx_hash, ph1->xl.buff(), ph1->xl.size() );
++        EVP_DigestUpdate( ctx_hash, ph1->xr.buff(), ph1->xr.size() );
++        EVP_DigestUpdate( ctx_hash, ph1->xl.buff(), ph1->xl.size() );
+ 	}
+ 
+-	EVP_DigestFinal( &ctx_hash, iv_data, NULL );
+-	EVP_MD_CTX_cleanup( &ctx_hash );
++    EVP_DigestFinal( ctx_hash, iv_data, NULL );
++    EVP_MD_CTX_free( ctx_hash );
+ 
+ 	ph1->iv.set( iv_data, iv_size );
+ 
+@@ -1903,29 +1906,29 @@ long _IKED::phase1_gen_hash_i( IDB_PH1 * sa, BDATA & hash )
+ 
+ 	hash.size( sa->hash_size );
+ 
+-	HMAC_CTX ctx_prf;
+-	HMAC_CTX_init( &ctx_prf );
++    HMAC_CTX *ctx_prf;
++    ctx_prf = HMAC_CTX_new();
+ 
+-	HMAC_Init_ex( &ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
++    HMAC_Init_ex( ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
+ 
+ 	if( sa->initiator )
+ 	{
+-		HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
+-		HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
++        HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
++        HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
+ 	}
+ 	else
+ 	{
+-		HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
+-		HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
++        HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
++        HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
+ 	}
+ 
+-	HMAC_Update( &ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
+-	HMAC_Update( &ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
+-	HMAC_Update( &ctx_prf, sa->hda.buff(), sa->hda.size() );
+-	HMAC_Update( &ctx_prf, sa->idi.buff(), sa->idi.size() );
+-	HMAC_Final( &ctx_prf, hash.buff(), NULL );
++    HMAC_Update( ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
++    HMAC_Update( ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
++    HMAC_Update( ctx_prf, sa->hda.buff(), sa->hda.size() );
++    HMAC_Update( ctx_prf, sa->idi.buff(), sa->idi.size() );
++    HMAC_Final( ctx_prf, hash.buff(), NULL );
+ 
+-	HMAC_CTX_cleanup( &ctx_prf );
++    HMAC_CTX_free( ctx_prf );
+ 
+ 	log.bin(
+ 		LLOG_DEBUG,
+@@ -1945,29 +1948,29 @@ long _IKED::phase1_gen_hash_r( IDB_PH1 * sa, BDATA & hash )
+ 
+ 	hash.size( sa->hash_size );
+ 
+-	HMAC_CTX ctx_prf;
+-	HMAC_CTX_init( &ctx_prf );
++    HMAC_CTX *ctx_prf;
++    ctx_prf = HMAC_CTX_new();
+ 
+-	HMAC_Init_ex( &ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
++    HMAC_Init_ex( ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
+ 
+ 	if( sa->initiator )
+ 	{
+-		HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
+-		HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
++        HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
++        HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
+ 	}
+ 	else
+ 	{
+-		HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
+-		HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
++        HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
++        HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
+ 	}
+ 
+-	HMAC_Update( &ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
+-	HMAC_Update( &ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
+-	HMAC_Update( &ctx_prf, sa->hda.buff(), sa->hda.size() );
+-	HMAC_Update( &ctx_prf, sa->idr.buff(), sa->idr.size() );
+-	HMAC_Final( &ctx_prf, hash.buff(), NULL );
++    HMAC_Update( ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
++    HMAC_Update( ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
++    HMAC_Update( ctx_prf, sa->hda.buff(), sa->hda.size() );
++    HMAC_Update( ctx_prf, sa->idr.buff(), sa->idr.size() );
++    HMAC_Final( ctx_prf, hash.buff(), NULL );
+ 
+-	HMAC_CTX_cleanup( &ctx_prf );
++    HMAC_CTX_free( ctx_prf );
+ 
+ 	log.bin(
+ 		LLOG_DEBUG,
+@@ -2569,14 +2572,15 @@ long _IKED::phase1_gen_natd( IDB_PH1 * ph1 )
+ 	// hash for remote address
+ 	//
+ 
+-	EVP_MD_CTX ctx_hash;
+-	EVP_DigestInit( &ctx_hash, ph1->evp_hash );
+-	EVP_DigestUpdate( &ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
+-	EVP_DigestUpdate( &ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
+-	EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_addr.s_addr, 4 );
+-	EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_port, 2 );
+-	EVP_DigestFinal( &ctx_hash, natd.buff(), NULL );
+-	EVP_MD_CTX_cleanup( &ctx_hash );
++    EVP_MD_CTX *ctx_hash;
++    ctx_hash = EVP_MD_CTX_new();
++    EVP_DigestInit( ctx_hash, ph1->evp_hash );
++    EVP_DigestUpdate( ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
++    EVP_DigestUpdate( ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
++    EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_addr.s_addr, 4 );
++    EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_port, 2 );
++    EVP_DigestFinal( ctx_hash, natd.buff(), NULL );
++    EVP_MD_CTX_free( ctx_hash );
+ 
+ 	ph1->natd_hash_l.add( natd );
+ 
+@@ -2585,13 +2589,14 @@ long _IKED::phase1_gen_natd( IDB_PH1 * ph1 )
+ 	// hash for local address
+ 	//
+ 
+-	EVP_DigestInit( &ctx_hash, ph1->evp_hash );
+-	EVP_DigestUpdate( &ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
+-	EVP_DigestUpdate( &ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
+-	EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_addr.s_addr, 4 );
+-	EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_port, 2 );
+-	EVP_DigestFinal( &ctx_hash, natd.buff(), NULL );
+-	EVP_MD_CTX_cleanup( &ctx_hash );
++    ctx_hash = EVP_MD_CTX_new();
++    EVP_DigestInit( ctx_hash, ph1->evp_hash );
++    EVP_DigestUpdate( ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
++    EVP_DigestUpdate( ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
++    EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_addr.s_addr, 4 );
++    EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_port, 2 );
++    EVP_DigestFinal( ctx_hash, natd.buff(), NULL );
++    EVP_MD_CTX_free( ctx_hash );
+ 
+ 	ph1->natd_hash_l.add( natd );
+ 
+diff --git a/source/iked/ike.exch.phase2.cpp b/source/iked/ike.exch.phase2.cpp
+index 19a5ad5..59e04e5 100644
+--- a/source/iked/ike.exch.phase2.cpp
++++ b/source/iked/ike.exch.phase2.cpp
+@@ -1008,14 +1008,14 @@ long _IKED::phase2_gen_hash_i( IDB_PH1 * ph1, IDB_PH2 * ph2, BDATA & hash )
+ 
+ 	hash.size( ph1->hash_size );
+ 
+-	HMAC_CTX ctx_prf;
+-	HMAC_CTX_init( &ctx_prf );
++    HMAC_CTX *ctx_prf;
++    ctx_prf = HMAC_CTX_new();
+ 
+-	HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+-	HMAC_Update( &ctx_prf, input.buff(), input.size() );
+-	HMAC_Final( &ctx_prf, hash.buff(), NULL );
++    HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++    HMAC_Update( ctx_prf, input.buff(), input.size() );
++    HMAC_Final( ctx_prf, hash.buff(), NULL );
+ 
+-	HMAC_CTX_cleanup( &ctx_prf );
++    HMAC_CTX_free( ctx_prf );
+ 
+ 	log.bin(
+ 		LLOG_DEBUG,
+@@ -1048,14 +1048,14 @@ long _IKED::phase2_gen_hash_r( IDB_PH1 * ph1, IDB_PH2 * ph2, BDATA & hash )
+ 
+ 	hash.size( ph1->hash_size );
+ 
+-	HMAC_CTX ctx_prf;
+-	HMAC_CTX_init( &ctx_prf );
++    HMAC_CTX *ctx_prf;
++    ctx_prf = HMAC_CTX_new();
+ 
+-	HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+-	HMAC_Update( &ctx_prf, input.buff(), input.size() );
+-	HMAC_Final( &ctx_prf, hash.buff(), NULL );
++    HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++    HMAC_Update( ctx_prf, input.buff(), input.size() );
++    HMAC_Final( ctx_prf, hash.buff(), NULL );
+ 
+-	HMAC_CTX_cleanup( &ctx_prf );
++    HMAC_CTX_free( ctx_prf );
+ 
+ 	log.bin(
+ 		LLOG_DEBUG,
+@@ -1093,14 +1093,14 @@ long _IKED::phase2_gen_hash_p( IDB_PH1 * ph1, IDB_PH2 * ph2, BDATA & hash )
+ 
+ 	hash.size( ph1->hash_size );
+ 
+-	HMAC_CTX ctx_prf;
+-	HMAC_CTX_init( &ctx_prf );
++    HMAC_CTX *ctx_prf;
++    ctx_prf = HMAC_CTX_new();
+ 
+-	HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+-	HMAC_Update( &ctx_prf, input.buff(), input.size() );
+-	HMAC_Final( &ctx_prf, hash.buff(), 0 );
++    HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++    HMAC_Update( ctx_prf, input.buff(), input.size() );
++    HMAC_Final( ctx_prf, hash.buff(), 0 );
+ 
+-	HMAC_CTX_cleanup( &ctx_prf );
++    HMAC_CTX_free( ctx_prf );
+ 
+ 	log.bin(
+ 		LLOG_DEBUG,
+@@ -1555,7 +1555,9 @@ long _IKED::phase2_gen_keys( IDB_PH1 * ph1, IDB_PH2 * ph2 )
+ 		{
+ 			BDATA prv;
+ 			prv.size( ph2->dh_size );
+-			BN_bn2bin( ph2->dh->priv_key, prv.buff() );
++            const BIGNUM * priv_key;
++            DH_get0_key(ph2->dh, NULL, &priv_key);
++            BN_bn2bin( priv_key, prv.buff() );
+ 
+ 			log.bin(
+ 				LLOG_DECODE,
+@@ -1817,56 +1819,56 @@ long _IKED::phase2_gen_keys( IDB_PH1 * ph1, IDB_PH2 * ph2, long dir, IKE_PROPOSA
+ 	// K3 = prf( SKEYID_d, K2 | [ g(qm)^xy | ] protocol | SPI | Ni_b | Nr_b )
+ 	//
+ 	
+-	HMAC_CTX ctx_prf;
+-	HMAC_CTX_init( &ctx_prf );
++    HMAC_CTX *ctx_prf;
++    ctx_prf = HMAC_CTX_new();
+ 
+-	HMAC_Init_ex( &ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
++    HMAC_Init_ex( ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
+ 
+ 	if( ph2->dhgr_id )
+-		HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
++        HMAC_Update( ctx_prf, shared.buff(), shared.size() );
+ 
+-	HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
+-	HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
++    HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
++    HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
+ 
+ 	if( ph2->initiator )
+ 	{
+-		HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
+-		HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
++        HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
++        HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
+ 	}
+ 	else
+ 	{
+-		HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
+-		HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
++        HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
++        HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
+ 	}
+ 
+-	HMAC_Final( &ctx_prf, key_data, NULL );
++    HMAC_Final( ctx_prf, key_data, NULL );
+ 
+ 	for( long size = skeyid_size; size < key_size; size += skeyid_size )
+ 	{
+-		HMAC_Init_ex( &ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
+-		HMAC_Update( &ctx_prf, key_data + size - skeyid_size, skeyid_size );
++        HMAC_Init_ex( ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
++        HMAC_Update( ctx_prf, key_data + size - skeyid_size, skeyid_size );
+ 
+ 		if( ph2->dhgr_id )
+-			HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
++            HMAC_Update( ctx_prf, shared.buff(), shared.size() );
+ 
+-		HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
+-		HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
++        HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
++        HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
+ 
+ 		if( ph2->initiator )
+ 		{
+-			HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
+-			HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
++            HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
++            HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
+ 		}
+ 		else
+ 		{
+-			HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
+-			HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
++            HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
++            HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
+ 		}
+ 
+-		HMAC_Final( &ctx_prf, key_data + size, 0 );
++        HMAC_Final( ctx_prf, key_data + size, 0 );
+ 	}
+ 
+-	HMAC_CTX_cleanup( &ctx_prf );
++    HMAC_CTX_free( ctx_prf );
+ 
+ 	//
+ 	// separate encrypt and auth key data
+diff --git a/source/iked/ike.idb.exch.cpp b/source/iked/ike.idb.exch.cpp
+index d237e41..bd3bd95 100644
+--- a/source/iked/ike.idb.exch.cpp
++++ b/source/iked/ike.idb.exch.cpp
+@@ -134,12 +134,13 @@ bool _IDB_XCH::new_msgiv( IDB_PH1 * ph1 )
+ 	unsigned char iv_data[ EVP_MAX_MD_SIZE ];
+ 	unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher );
+ 
+-	EVP_MD_CTX ctx_hash;
+-	EVP_DigestInit( &ctx_hash, ph1->evp_hash );
+-	EVP_DigestUpdate( &ctx_hash, ph1->iv.buff(), ph1->iv.size() );
+-	EVP_DigestUpdate( &ctx_hash, &msgid, 4 );
+-	EVP_DigestFinal( &ctx_hash, iv_data, NULL );
+-	EVP_MD_CTX_cleanup( &ctx_hash );
++    EVP_MD_CTX *ctx_hash;
++    ctx_hash = EVP_MD_CTX_new();
++    EVP_DigestInit( ctx_hash, ph1->evp_hash );
++    EVP_DigestUpdate( ctx_hash, ph1->iv.buff(), ph1->iv.size() );
++    EVP_DigestUpdate( ctx_hash, &msgid, 4 );
++    EVP_DigestFinal( ctx_hash, iv_data, NULL );
++    EVP_MD_CTX_free( ctx_hash );
+ 
+ 	iv.set( iv_data, iv_size );
+ 
+diff --git a/source/iked/ike.idb.phase1.cpp b/source/iked/ike.idb.phase1.cpp
+index f3858fc..fdd6bc7 100644
+--- a/source/iked/ike.idb.phase1.cpp
++++ b/source/iked/ike.idb.phase1.cpp
+@@ -676,7 +676,9 @@ bool _IDB_PH1::setup_dhgrp( IKE_PROPOSAL * proposal )
+ 	}
+ 
+ 	xl.size( dh_size );
+-	long result = BN_bn2bin( dh->pub_key, xl.buff() );
++    const BIGNUM * pub_key;
++    DH_get0_key(dh, &pub_key, NULL);
++    long result = BN_bn2bin( pub_key, xl.buff() );
+ 
+ 	//
+ 	// fixup public buffer alignment
+diff --git a/source/iked/ike.idb.phase2.cpp b/source/iked/ike.idb.phase2.cpp
+index 172944c..dab2566 100644
+--- a/source/iked/ike.idb.phase2.cpp
++++ b/source/iked/ike.idb.phase2.cpp
+@@ -438,7 +438,9 @@ bool _IDB_PH2::setup_dhgrp()
+ 		}
+ 
+ 		xl.size( dh_size );
+-		long result = BN_bn2bin( dh->pub_key, xl.buff() );
++        const BIGNUM * pub_key;
++        DH_get0_key(dh, &pub_key, NULL);
++        long result = BN_bn2bin( pub_key, xl.buff() );
+ 
+ 		//
+ 		// fixup public buffer alignment
+diff --git a/source/iked/ike.keyfile.cpp b/source/iked/ike.keyfile.cpp
+index c9ea803..2ab9c95 100644
+--- a/source/iked/ike.keyfile.cpp
++++ b/source/iked/ike.keyfile.cpp
+@@ -664,14 +664,16 @@ static int verify_cb( int ok, X509_STORE_CTX * store_ctx )
+ 		long ll = LLOG_ERROR;
+ 		char name[ 512 ];
+ 
+-		X509_NAME * x509_name = X509_get_subject_name( store_ctx->current_cert );
++        X509 * current_cert = X509_STORE_CTX_get_current_cert(store_ctx);
++        X509_NAME * x509_name = X509_get_subject_name( current_cert );
+ 
+ 		X509_NAME_oneline(
+ 			x509_name,
+ 			name,
+ 			512 );
+ 
+-		switch( store_ctx->error )
++        int store_ctx_error = X509_STORE_CTX_get_error(store_ctx);
++        switch( store_ctx_error )
+ 		{
+ 			case X509_V_ERR_UNABLE_TO_GET_CRL:
+ 				ok = 1;
+@@ -683,9 +685,9 @@ static int verify_cb( int ok, X509_STORE_CTX * store_ctx )
+ 			ll,
+ 			"ii : %s(%d) at depth:%d\n"
+ 			"ii : subject :%s\n",
+-			X509_verify_cert_error_string( store_ctx->error ),
+-			store_ctx->error,
+-			store_ctx->error_depth,
++            X509_verify_cert_error_string( store_ctx_error ),
++            store_ctx_error,
++            X509_STORE_CTX_get_error_depth(store_ctx),
+ 			name );
+ 	}
+ 
+@@ -857,7 +859,7 @@ bool prvkey_rsa_load_pem( BDATA & prvkey, FILE * fp, BDATA & pass )
+ 	if( evp_pkey == NULL )
+ 		return false;
+ 
+-	bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
++	bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
+ 	EVP_PKEY_free( evp_pkey );
+ 
+ 	return converted;
+@@ -883,7 +885,7 @@ bool prvkey_rsa_load_p12( BDATA & prvkey, FILE * fp, BDATA & pass )
+ 	if( evp_pkey == NULL )
+ 		return false;
+ 
+-	bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
++	bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
+ 	EVP_PKEY_free( evp_pkey );
+ 
+ 	return converted;
+@@ -939,7 +941,7 @@ bool prvkey_rsa_load_pem( BDATA & prvkey, BDATA & input, BDATA & pass )
+ 	if( evp_pkey == NULL )
+ 		return false;
+ 
+-	bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
++	bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
+ 	EVP_PKEY_free( evp_pkey );
+ 
+ 	return converted;
+@@ -976,7 +978,7 @@ bool prvkey_rsa_load_p12( BDATA & prvkey, BDATA & input, BDATA & pass )
+ 	if( evp_pkey == NULL )
+ 		return false;
+ 
+-	bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
++	bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
+ 	EVP_PKEY_free( evp_pkey );
+ 
+ 	return converted;
+@@ -1010,7 +1012,7 @@ bool _IKED::pubkey_rsa_read( BDATA & cert, BDATA & pubkey )
+ 	if( evp_pkey == NULL )
+ 		return false;
+ 
+-	bool result = pubkey_rsa_2_bdata( pubkey, evp_pkey->pkey.rsa );
++	bool result = pubkey_rsa_2_bdata( pubkey, EVP_PKEY_get0_RSA(evp_pkey) );
+ 
+ 	EVP_PKEY_free( evp_pkey );
+ 
+diff --git a/source/libike/manager.file.cpp b/source/libike/manager.file.cpp
+index 67a50ad..113486a 100644
+--- a/source/libike/manager.file.cpp
++++ b/source/libike/manager.file.cpp
+@@ -679,11 +679,11 @@ bool _CONFIG_MANAGER::file_pcf_load( CONFIG & config, const char * path, bool &
+ 			BDATA pwd;
+ 			data.get( pwd );
+ 
+-			EVP_CIPHER_CTX ctx_cipher;
+-			EVP_CIPHER_CTX_init( &ctx_cipher );
++			EVP_CIPHER_CTX *ctx_cipher;
++			ctx_cipher = EVP_CIPHER_CTX_new();
+ 
+ 			EVP_CipherInit_ex(
+-				&ctx_cipher,
++				ctx_cipher,
+ 				EVP_des_ede3_cbc(),
+ 				NULL,
+ 				key,
+@@ -691,7 +691,7 @@ bool _CONFIG_MANAGER::file_pcf_load( CONFIG & config, const char * path, bool &
+ 				0 );
+ 
+ 			EVP_Cipher(
+-				&ctx_cipher,
++				ctx_cipher,
+ 				pwd.buff(),
+ 				pwd.buff(),
+ 				( unsigned int ) pwd.size() );
+@@ -700,6 +700,7 @@ bool _CONFIG_MANAGER::file_pcf_load( CONFIG & config, const char * path, bool &
+ 			pwd.size( pwlen );
+ 
+ 			config.set_binary( "auth-mutual-psk", pwd );
++			EVP_CIPHER_CTX_free(ctx_cipher);
+ 		}
+ 
+ 		if( !_stricmp( name.text(), "DHGroup" ) && data.size() )
author	Timur Sattarov	2019-02-14 23:55:37 +0400
committer	Timur Sattarov	2019-02-14 23:55:37 +0400
commit	3a56735ddc26f750df4720f4baba0728bb4cb458 (patch)
tree	daeb7503adb65f8183ae88138a5680c9e496bbfd
parent	c60f504bea7e15cf6eb11966f1a7f05052af7f11 (diff)
download	aur-3a56735ddc26f750df4720f4baba0728bb4cb458.tar.gz