add support for openssl 1.1

author: Christian Pointner <equinox@anytun.org> 2018-06-08 23:58:57 +0200
committer: Christian Pointner <equinox@anytun.org> 2018-06-08 23:58:57 +0200
commit: f605e5fe4a44d6c9d849f6558535f8aac60761fa (patch)
tree: fad359213a53406cbe07a0df54888cf463e0b155
parent: fix include (diff)
6 files changed, 61 insertions, 16 deletions
diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp
index f0e3303..561b0b6 100644
--- a/src/authAlgo.cpp
+++ b/src/authAlgo.cpp
@@ -68,23 +68,51 @@ bool NullAuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
 Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH)
 {
 #if defined(USE_SSL_CRYPTO)
-  HMAC_CTX_init(&ctx_);
-  HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL);
+  ctx_ = NULL;
+#elif defined(USE_NETTLE)
+  // nothing here
+#else  // USE_GCRYPT is the default
+  handle_ = 0;
+#endif
+}
+
+bool Sha1AuthAlgo::Init()
+{
+#if defined(USE_SSL_CRYPTO)
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  if ((ctx_ = HMAC_CTX_new()) == NULL) {
+    return false;
+  }
+# else
+  if ((ctx_ = (HMAC_CTX*)calloc(1, sizeof(HMAC_CTX))) == NULL) {
+    return false;
+  }
+  HMAC_CTX_init(ctx_);
+# endif
+  HMAC_Init_ex(ctx_, NULL, 0, EVP_sha1(), NULL);
 #elif defined(USE_NETTLE)
   // nothing here
 #else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
   if(err) {
     cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo";
-    return;
+    return false;
   }
 #endif
+  return true;
 }
 
 Sha1AuthAlgo::~Sha1AuthAlgo()
 {
 #if defined(USE_SSL_CRYPTO)
-  HMAC_CTX_cleanup(&ctx_);
+  if(ctx_) {
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    HMAC_CTX_free(ctx_);
+# else
+    HMAC_CTX_cleanup(ctx_);
+    free(ctx_);
+# endif
+  }
 #elif defined(USE_NETTLE)
   // nothing here
 #else  // USE_GCRYPT is the default
@@ -109,11 +137,11 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
 
   kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
 #if defined(USE_SSL_CRYPTO)
-  HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
+  HMAC_Init_ex(ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
 
   uint8_t hmac[DIGEST_LENGTH];
-  HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
-  HMAC_Final(&ctx_, hmac, NULL);
+  HMAC_Update(ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
+  HMAC_Final(ctx_, hmac, NULL);
 #elif defined(USE_NETTLE)
   hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf());
 
@@ -158,11 +186,11 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
 
   kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
 #if defined(USE_SSL_CRYPTO)
-  HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
+  HMAC_Init_ex(ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
 
   uint8_t hmac[DIGEST_LENGTH];
-  HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
-  HMAC_Final(&ctx_, hmac, NULL);
+  HMAC_Update(ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
+  HMAC_Final(ctx_, hmac, NULL);
 #elif defined(USE_NETTLE)
   hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf());
 
diff --git a/src/authAlgo.h b/src/authAlgo.h
index a1fcea4..758e754 100644
--- a/src/authAlgo.h
+++ b/src/authAlgo.h
@@ -101,10 +101,13 @@ public:
 //****** Sha1AuthAlgo ******
 //* HMAC SHA1 Auth Tag Generator Class
 
+class AuthAlgoFactory;
+
 class Sha1AuthAlgo : public AuthAlgo
 {
+  friend class AuthAlgoFactory;
+
 public:
-  Sha1AuthAlgo(kd_dir_t d);
   ~Sha1AuthAlgo();
 
   void generate(KeyDerivation& kd, EncryptedPacket& packet);
@@ -113,8 +116,11 @@ public:
   static const uint32_t DIGEST_LENGTH = 20;
 
 private:
+  Sha1AuthAlgo(kd_dir_t d);
+  bool Init();
+
 #if defined(USE_SSL_CRYPTO)
-  HMAC_CTX ctx_;
+  HMAC_CTX *ctx_;
 #elif defined(USE_NETTLE)
   struct hmac_sha1_ctx ctx_;
 #else  // USE_GCRYPT is the default
diff --git a/src/authAlgoFactory.cpp b/src/authAlgoFactory.cpp
index b859f33..e30a4b4 100644
--- a/src/authAlgoFactory.cpp
+++ b/src/authAlgoFactory.cpp
@@ -48,6 +48,7 @@
 
 #include "authAlgoFactory.h"
 #include "authAlgo.h"
+#include "anytunError.h"
 
 
 AuthAlgo* AuthAlgoFactory::create(std::string const& type, kd_dir_t dir)
@@ -57,7 +58,13 @@ AuthAlgo* AuthAlgoFactory::create(std::string const& type, kd_dir_t dir)
   }
 #ifndef NO_CRYPT
   else if(type == "sha1") {
-    return new Sha1AuthAlgo(dir);
+    Sha1AuthAlgo* a = new Sha1AuthAlgo(dir);
+    if(!a || !(a->Init())) {
+      if(a)
+        delete a;
+      AnytunError::throwErr() << "failed to initialize SHA1 auth algo";
+    }
+    return a;
   }
 #endif
   else {
diff --git a/src/cipher.cpp b/src/cipher.cpp
index 52a2543..f3b2ed1 100644
--- a/src/cipher.cpp
+++ b/src/cipher.cpp
@@ -207,7 +207,7 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t*
   }
   unsigned int num = 0;
   std::memset(ecount_buf_, 0, AES_BLOCK_SIZE);
-  AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num);
+  CRYPTO_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num, (block128_f)AES_encrypt);
 #elif defined(USE_NETTLE)
   if(CTR_LENGTH != AES_BLOCK_SIZE) {
     cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit";
diff --git a/src/cipher.h b/src/cipher.h
index 6408ffd..e47dab9 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -55,7 +55,9 @@
 #ifndef NO_CRYPT
 
 #if defined(USE_SSL_CRYPTO)
+#include <openssl/crypto.h>
 #include <openssl/aes.h>
+#include <openssl/modes.h>
 #elif defined(USE_NETTLE)
 #include <nettle/aes.h>
 #else  // USE_GCRYPT is the default
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp
index 780a51c..812dc44 100644
--- a/src/keyDerivation.cpp
+++ b/src/keyDerivation.cpp
@@ -61,7 +61,9 @@
 #ifndef NO_PASSPHRASE
 
 #if defined(USE_SSL_CRYPTO)
+#include <openssl/crypto.h>
 #include <openssl/sha.h>
+#include <openssl/modes.h>
 #elif defined(USE_NETTLE)
 #include <nettle/sha1.h>
 #include <nettle/sha2.h>
@@ -363,9 +365,9 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_
     return false;
   }
   unsigned int num = 0;
-  std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
   std::memset(key.getBuf(), 0, key.getLength());
-  AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num);
+  std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
+  CRYPTO_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num, (block128_f)AES_encrypt);
 #elif defined(USE_NETTLE)
   if(CTR_LENGTH != AES_BLOCK_SIZE) {
     cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit";
author	Christian Pointner <equinox@anytun.org>	2018-06-08 23:58:57 +0200
committer	Christian Pointner <equinox@anytun.org>	2018-06-08 23:58:57 +0200
commit	f605e5fe4a44d6c9d849f6558535f8aac60761fa (patch)
tree	fad359213a53406cbe07a0df54888cf463e0b155
parent	fix include (diff)