diff options
| author | Christian Pointner <equinox@anytun.org> | 2014-06-29 15:53:21 +0000 |
|---|---|---|
| committer | Christian Pointner <equinox@anytun.org> | 2014-06-29 15:53:21 +0000 |
| commit | d201613b477106ba85e32845542d5f73163fe5d5 (patch) | |
| tree | a857f49c89fa2018d91146b5cf239e2b32017aa8 | |
| parent | merged changelog from trunk (diff) | |
merged trunk changes to rail branch
39 files changed, 738 insertions, 147 deletions
@@ -2,7 +2,12 @@ * added RAIL mode -2014.06.08 -- Version 0.3.5 +2014.06.21 -- Version 0.3.5 + +* added support for libnettle as crypt library +* added an exception to the license which allows linking with OpenSSL + +2014.06.08 -- Version 0.3.4 * fixed build issues for clang * refactored the multi socket support @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,7 +31,23 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. + * */ + + GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 @@ -1,8 +1,8 @@ Dependencies ============ -uAnytun can be built by using either libgcrypt or the openssl-crypto library. -The latter is more performant in most cases but there are some license +uAnytun can be built by using either libgcrypt, libnettle or the openssl-crypto +library. The latter is more performant in most cases but there are some license issues when using this library. It also needs more space when installed. @@ -20,7 +20,13 @@ using ssl crypto library: build-essential libssl-dev +using nettle crypto library: + + build-essential + nettle-dev + if you want clang as compiler + clang if you want to rebuild the manpage: @@ -56,10 +62,9 @@ Installation Getting the source via subversion: ---------------------------------- -svn co https://svn.anytun.org/uanytun/trunk uanytun +svn co http://svn.anytun.org/uanytun/trunk uanytun cd uanytun - Building from source -------------------- @@ -75,6 +80,7 @@ using ssl crypto library: # ./configure --use-ssl-crypto # make + Notes: - try './configure --help' for further information - if using openssl pre 0.9.8 you have to disable passphrase diff --git a/doc/Makefile b/doc/Makefile index 3a1a672..1e4b315 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -10,7 +10,7 @@ ## tunnel endpoints. It has less protocol overhead than IPSec in Tunnel ## mode and allows tunneling of every ETHER TYPE protocol (e.g. ## ethernet, ip, arp ...). satp directly includes cryptography and -## message authentication based on the methodes used by SRTP. It is +## message authentication based on the methods used by SRTP. It is ## intended to deliver a generic, scaleable and secure solution for ## tunneling and relaying of packets of any protocol. ## @@ -32,6 +32,19 @@ ## You should have received a copy of the GNU General Public License ## along with uAnytun. If not, see <http://www.gnu.org/licenses/>. ## +## In addition, as a special exception, the copyright holders give +## permission to link the code of portions of this program with the +## OpenSSL library under certain conditions as described in each +## individual source file, and distribute linked combinations +## including the two. +## You must obey the GNU General Public License in all respects +## for all of the code used other than OpenSSL. If you modify +## file(s) with this exception, you may extend this exception to your +## version of the file(s), but you are not obligated to do so. If you +## do not wish to do so, delete this exception statement from your +## version. If you delete this exception statement from all source +## files in the program, then also delete it here. +## VERSION=$(shell cat ../version) diff --git a/src/Makefile b/src/Makefile index 6653b60..feccbaa 100644 --- a/src/Makefile +++ b/src/Makefile @@ -10,7 +10,7 @@ ## tunnel endpoints. It has less protocol overhead than IPSec in Tunnel ## mode and allows tunneling of every ETHER TYPE protocol (e.g. ## ethernet, ip, arp ...). satp directly includes cryptography and -## message authentication based on the methodes used by SRTP. It is +## message authentication based on the methods used by SRTP. It is ## intended to deliver a generic, scaleable and secure solution for ## tunneling and relaying of packets of any protocol. ## @@ -32,6 +32,19 @@ ## You should have received a copy of the GNU General Public License ## along with uAnytun. If not, see <http://www.gnu.org/licenses/>. ## +## In addition, as a special exception, the copyright holders give +## permission to link the code of portions of this program with the +## OpenSSL library under certain conditions as described in each +## individual source file, and distribute linked combinations +## including the two. +## You must obey the GNU General Public License in all respects +## for all of the code used other than OpenSSL. If you modify +## file(s) with this exception, you may extend this exception to your +## version of the file(s), but you are not obligated to do so. If you +## do not wish to do so, delete this exception statement from your +## version. If you delete this exception statement from all source +## files in the program, then also delete it here. +## ifneq ($(MAKECMDGOALS),distclean) include include.mk diff --git a/src/auth_algo.c b/src/auth_algo.c index db87e7a..ac102c7 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" @@ -152,17 +165,19 @@ int auth_algo_sha1_init(auth_algo_t* aa) if(!aa->params_) return -2; +#if defined(USE_SSL_CRYPTO) + auth_algo_sha1_param_t* params = aa->params_; + HMAC_CTX_init(¶ms->ctx_); + HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default auth_algo_sha1_param_t* params = aa->params_; - -#ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_md_open(¶ms->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if(err) { log_printf(ERROR, "failed to open message digest algo: %s", gcry_strerror(err)); return -1; } -#else - HMAC_CTX_init(¶ms->ctx_); - HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); #endif return 0; @@ -174,13 +189,15 @@ void auth_algo_sha1_close(auth_algo_t* aa) return; if(aa->params_) { +#if defined(USE_SSL_CRYPTO) + auth_algo_sha1_param_t* params = aa->params_; + HMAC_CTX_cleanup(¶ms->ctx_); +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default auth_algo_sha1_param_t* params = aa->params_; - -#ifndef USE_SSL_CRYPTO if(params->handle_) gcry_md_close(params->handle_); -#else - HMAC_CTX_cleanup(¶ms->ctx_); #endif free(aa->params_); @@ -207,7 +224,19 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(ret < 0) return; -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + + u_int8_t hmac[SHA1_LENGTH]; + HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(¶ms->ctx_, hmac, NULL); +#elif defined(USE_NETTLE) + hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); + + u_int8_t hmac[SHA1_LENGTH]; + hmac_sha1_update(¶ms->ctx_, encrypted_packet_get_auth_portion_length(packet), encrypted_packet_get_auth_portion(packet)); + hmac_sha1_digest(¶ms->ctx_, SHA1_LENGTH, hmac); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); @@ -218,12 +247,6 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); u_int8_t* hmac = gcry_md_read(params->handle_, 0); -#else - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); - - u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); #endif u_int8_t* tag = encrypted_packet_get_auth_tag(packet); @@ -255,7 +278,19 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(ret < 0) return 0; -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + + u_int8_t hmac[SHA1_LENGTH]; + HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(¶ms->ctx_, hmac, NULL); +#elif defined(USE_NETTLE) + hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); + + u_int8_t hmac[SHA1_LENGTH]; + hmac_sha1_update(¶ms->ctx_, encrypted_packet_get_auth_portion_length(packet), encrypted_packet_get_auth_portion(packet)); + hmac_sha1_digest(¶ms->ctx_, SHA1_LENGTH, hmac); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); @@ -266,12 +301,6 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); u_int8_t* hmac = gcry_md_read(params->handle_, 0); -#else - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); - - u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); #endif u_int8_t* tag = encrypted_packet_get_auth_tag(packet); diff --git a/src/auth_algo.h b/src/auth_algo.h index d911ca8..d1e5178 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,15 +31,30 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_auth_algo_h_INCLUDED #define UANYTUN_auth_algo_h_INCLUDED -#ifndef USE_SSL_CRYPTO -#include <gcrypt.h> -#else +#if defined(USE_SSL_CRYPTO) #include <openssl/hmac.h> +#elif defined(USE_NETTLE) +#include <nettle/hmac.h> +#else // USE_GCRYPT is the default +#include <gcrypt.h> #endif #include "key_derivation.h" #include "encrypted_packet.h" @@ -66,10 +81,12 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di #define SHA1_LENGTH 20 struct auth_algo_sha1_param_struct { -#ifndef USE_SSL_CRYPTO - gcry_md_hd_t handle_; -#else +#if defined(USE_SSL_CRYPTO) HMAC_CTX ctx_; +#elif defined(USE_NETTLE) + struct hmac_sha1_ctx ctx_; +#else // USE_GCRYPT is the default + gcry_md_hd_t handle_; #endif }; typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t; diff --git a/src/bsd/tun.c b/src/bsd/tun.c index 734c3d8..a469c58 100644 --- a/src/bsd/tun.c +++ b/src/bsd/tun.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/cipher.c b/src/cipher.c index d6eae57..f87e2cf 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" @@ -39,6 +52,9 @@ #include "encrypted_packet.h" #include "cipher.h" +#if defined(USE_NETTLE) +#include <nettle/ctr.h> +#endif #include "log.h" @@ -210,7 +226,11 @@ int cipher_aesctr_init(cipher_t* c) if(!c->params_) return -2; -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + // nothing here +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default int algo; switch(c->key_length_) { case 128: algo = GCRY_CIPHER_AES128; break; @@ -239,7 +259,11 @@ void cipher_aesctr_close(cipher_t* c) return; if(c->params_) { -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + // nothing here +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default cipher_aesctr_param_t* params = c->params_; gcry_cipher_close(params->handle_); #endif @@ -285,13 +309,15 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di if(ret < 0) return ret; -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, ¶ms->aes_key_); if(ret) { - log_printf(ERROR, "failed to set cipher ssl aes-key (code: %d)", ret); + log_printf(ERROR, "failed to set cipher key (code: %d)", ret); return -1; } -#else +#elif defined(USE_NETTLE) + aes_set_encrypt_key(¶ms->ctx_, c->key_.length_, c->key_.buf_); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_); if(err) { log_printf(ERROR, "failed to set cipher key: %s", gcry_strerror(err)); @@ -305,7 +331,21 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di return ret; } -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); + return -1; + } + u_int32_t num = 0; + memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); + AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); +#elif defined(USE_NETTLE) + if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); + return -1; + } + ctr_crypt(¶ms->ctx_, (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, params->ctr_.buf_, (ilen < olen) ? ilen : olen, out, in); +#else // USE_GCRYPT is the default err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH); if(err) { log_printf(ERROR, "failed to set cipher CTR: %s", gcry_strerror(err)); @@ -317,14 +357,6 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di log_printf(ERROR, "failed to de/encrypt packet: %s", gcry_strerror(err)); return -1; } -#else - if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { - log_printf(ERROR, "failed to set cipher CTR: size don't fits"); - return -1; - } - u_int32_t num = 0; - memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); - AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif return (ilen < olen) ? ilen : olen; diff --git a/src/cipher.h b/src/cipher.h index 4582a46..570df8d 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,16 +31,31 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_cipher_h_INCLUDED #define UANYTUN_cipher_h_INCLUDED #ifndef NO_CRYPT -#ifndef USE_SSL_CRYPTO -#include <gcrypt.h> -#else +#if defined(USE_SSL_CRYPTO) #include <openssl/aes.h> +#elif defined(USE_NETTLE) +#include <nettle/aes.h> +#else // USE_GCRYPT is the default +#include <gcrypt.h> #endif #include "key_derivation.h" #else @@ -94,11 +109,13 @@ union __attribute__((__packed__)) cipher_aesctr_ctr_union { typedef union cipher_aesctr_ctr_union cipher_aesctr_ctr_t; struct cipher_aesctr_param_struct { -#ifndef USE_SSL_CRYPTO - gcry_cipher_hd_t handle_; -#else +#if defined(USE_SSL_CRYPTO) AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; +#elif defined(USE_NETTLE) + struct aes_ctx ctx_; +#else // USE_GCRYPT is the default + gcry_cipher_hd_t handle_; #endif cipher_aesctr_ctr_t ctr_; }; diff --git a/src/configure b/src/configure index 542b4b4..16d5cc7 100755 --- a/src/configure +++ b/src/configure @@ -11,7 +11,7 @@ # tunnel endpoints. It has less protocol overhead than IPSec in Tunnel # mode and allows tunneling of every ETHER TYPE protocol (e.g. # ethernet, ip, arp ...). satp directly includes cryptography and -# message authentication based on the methodes used by SRTP. It is +# message authentication based on the methods used by SRTP. It is # intended to deliver a generic, scaleable and secure solution for # tunneling and relaying of packets of any protocol. # @@ -33,6 +33,19 @@ # You should have received a copy of the GNU General Public License # along with uAnytun. If not, see <http://www.gnu.org/licenses/>. # +# In addition, as a special exception, the copyright holders give +# permission to link the code of portions of this program with the +# OpenSSL library under certain conditions as described in each +# individual source file, and distribute linked combinations +# including the two. +# You must obey the GNU General Public License in all respects +# for all of the code used other than OpenSSL. If you modify +# file(s) with this exception, you may extend this exception to your +# version of the file(s), but you are not obligated to do so. If you +# do not wish to do so, delete this exception statement from your +# version. If you delete this exception statement from all source +# files in the program, then also delete it here. +# TARGET=`uname -s` EBUILD_COMPAT=0 @@ -61,7 +74,8 @@ print_usage() { echo " --examplesdir=<DIR> the path to the examples files (default: $PREFIX/share/examples)" echo " --no-examples dont't install example files" echo " --use-gcrypt use libgcrypt (this is the default)" - echo " --use-ssl-crypto use ssl crypto library instead of libgcrypt" + echo " --use-nettle use libnettle instead of libgcrypt" + echo " --use-ssl-crypto use openssl crypto library instead of libgcrypt" echo " --no-crypto disable crypto at all (only NULL cipher)" echo " --disable-passphrase disable master key and salt passphrase" echo " --enable-passphrase enable master key and salt passphrase" @@ -101,6 +115,9 @@ do --use-gcrypt) CRYPTO_LIB='gcrypt' ;; + --use-nettle) + CRYPTO_LIB='nettle' + ;; --use-ssl-crypto) CRYPTO_LIB='ssl' ;; @@ -169,8 +186,14 @@ esac case $CRYPTO_LIB in gcrypt) + CFLAGS=$CFLAGS' -DUSE_GCRYPT' LDFLAGS=$LDFLAGS' -lgcrypt' - echo "using libgcrypt library" + echo "using gcrypt library" + ;; + nettle) + CFLAGS=$CFLAGS' -DUSE_NETTLE' + LDFLAGS=$LDFLAGS' -lnettle' + echo "using nettle library" ;; ssl) CFLAGS=$CFLAGS' -DUSE_SSL_CRYPTO' diff --git a/src/daemon.h b/src/daemon.h index 05fa83e..9a477a7 100644 --- a/src/daemon.h +++ b/src/daemon.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_daemon_h_INCLUDED diff --git a/src/datatypes.h b/src/datatypes.h index a374022..58434c8 100644 --- a/src/datatypes.h +++ b/src/datatypes.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_datatypes_h_INCLUDED diff --git a/src/encrypted_packet.c b/src/encrypted_packet.c index 801d8e6..2d46f40 100644 --- a/src/encrypted_packet.c +++ b/src/encrypted_packet.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/encrypted_packet.h b/src/encrypted_packet.h index fcd16ab..3f66f12 100644 --- a/src/encrypted_packet.h +++ b/src/encrypted_packet.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_encrypted_packet_h_INCLUDED diff --git a/src/init_crypt.h b/src/init_crypt.h index 848f9d7..b0c6a49 100644 --- a/src/init_crypt.h +++ b/src/init_crypt.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_init_crypt_h_INCLUDED @@ -48,7 +61,23 @@ int init_crypt() #else -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + +int init_crypt() +{ +// nothing here + return 0; +} + +#elif defined(USE_NETTLE) + +int init_crypt() +{ +// nothing here + return 0; +} + +#else // USE_GCRYPT is the default #include <gcrypt.h> @@ -77,14 +106,6 @@ int init_crypt() return 0; } -#else - -int init_crypt() -{ -// nothing here - return 0; -} - #endif diff --git a/src/key_derivation.c b/src/key_derivation.c index a9c4f6d..f2d8548 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,14 +31,31 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" #include "key_derivation.h" -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) #include <openssl/sha.h> +#elif defined(USE_NETTLE) +#include <nettle/sha1.h> +#include <nettle/sha2.h> +#include <nettle/ctr.h> #endif #include "log.h" @@ -135,30 +152,39 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr return -1; } -#ifndef USE_SSL_CRYPTO - if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) { -#else +#if defined(USE_SSL_CRYPTO) if(key_length > (SHA256_DIGEST_LENGTH * 8)) { +#elif defined(USE_NETTLE) + if(key_length > (SHA256_DIGEST_SIZE * 8)) { +#else // USE_GCRYPT is the default + if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) { #endif log_printf(ERROR, "master key too long for passphrase algorithm"); return -1; } buffer_t digest; -#ifndef USE_SSL_CRYPTO - digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256); -#else +#if defined(USE_SSL_CRYPTO) digest.length_ = SHA256_DIGEST_LENGTH; +#elif defined(USE_NETTLE) + digest.length_ = SHA256_DIGEST_SIZE; +#else // USE_GCRYPT is the default + digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256); #endif digest.buf_ = malloc(digest.length_); if(!digest.buf_) return -2; -#ifndef USE_SSL_CRYPTO - gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase)); -#else +#if defined(USE_SSL_CRYPTO) SHA256((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); +#elif defined(USE_NETTLE) + struct sha256_ctx ctx; + sha256_init(&ctx); + sha256_update(&ctx, strlen(passphrase), (const u_int8_t*)passphrase); + sha256_digest(&ctx, digest.length_, digest.buf_); +#else // USE_GCRYPT is the default + gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase)); #endif kd->master_key_.length_ = key_length/8; @@ -191,29 +217,38 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph return -1; } -#ifndef USE_SSL_CRYPTO - if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) { -#else +#if defined(USE_SSL_CRYPTO) if(salt_length > (SHA_DIGEST_LENGTH * 8)) { +#elif defined(USE_NETTLE) + if(salt_length > (SHA1_DIGEST_SIZE * 8)) { +#else // USE_GCRYPT is the default + if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) { #endif log_printf(ERROR, "master salt too long for passphrase algorithm"); return -1; } buffer_t digest; -#ifndef USE_SSL_CRYPTO - digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1); -#else +#if defined(USE_SSL_CRYPTO) digest.length_ = SHA_DIGEST_LENGTH; +#elif defined(USE_NETTLE) + digest.length_ = SHA1_DIGEST_SIZE; +#else // USE_GCRYPT is the default + digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1); #endif digest.buf_ = malloc(digest.length_); if(!digest.buf_) return -2; -#ifndef USE_SSL_CRYPTO - gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase)); -#else +#if defined(USE_SSL_CRYPTO) SHA1((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); +#elif defined(USE_NETTLE) + struct sha1_ctx ctx; + sha1_init(&ctx); + sha1_update(&ctx, strlen(passphrase), (const u_int8_t*)passphrase); + sha1_digest(&ctx, digest.length_, digest.buf_); +#else // USE_GCRYPT is the default + gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase)); #endif kd->master_salt_.length_ = salt_length/8; @@ -330,7 +365,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) return -2; key_derivation_aesctr_param_t* params = kd->params_; -#ifndef USE_SSL_CRYPTO +#ifdef USE_GCRYPT params->handle_ = 0; #endif @@ -345,7 +380,15 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) } #endif -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, ¶ms->aes_key_); + if(ret) { + log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret); + return -1; + } +#elif defined(USE_NETTLE) + aes_set_encrypt_key(¶ms->ctx_, kd->master_key_.length_, kd->master_key_.buf_); +#else // USE_GCRYPT is the default int algo; switch(kd->key_length_) { case 128: algo = GCRY_CIPHER_AES128; break; @@ -368,12 +411,6 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) log_printf(ERROR, "failed to set key derivation key: %s", gcry_strerror(err)); return -1; } -#else - int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, ¶ms->aes_key_); - if(ret) { - log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret); - return -1; - } #endif return 0; @@ -385,7 +422,7 @@ void key_derivation_aesctr_close(key_derivation_t* kd) return; if(kd->params_) { -#ifndef USE_SSL_CRYPTO +#ifdef USE_GCRYPT key_derivation_aesctr_param_t* params = kd->params_; if(params->handle_) gcry_cipher_close(params->handle_); @@ -428,7 +465,23 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di return -1; } -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set key derivation CTR: size don't fits"); + return -1; + } + u_int32_t num = 0; + memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); + memset(key, 0, len); + AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); +#elif defined(USE_NETTLE) + if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); + return -1; + } + memset(key, 0, len); + ctr_crypt(¶ms->ctx_, (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, params->ctr_.buf_, len, key, key); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_reset(params->handle_); if(err) { log_printf(ERROR, "failed to reset key derivation cipher: %s", gcry_strerror(err)); @@ -447,15 +500,6 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di log_printf(ERROR, "failed to generate key derivation bitstream: %s", gcry_strerror(err)); return -1; } -#else - if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { - log_printf(ERROR, "failed to set key derivation CTR: size don't fits"); - return -1; - } - u_int32_t num = 0; - memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); - memset(key, 0, len); - AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif return 0; diff --git a/src/key_derivation.h b/src/key_derivation.h index 5268faf..0f0942e 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,15 +31,30 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_key_derivation_h_INCLUDED #define UANYTUN_key_derivation_h_INCLUDED -#ifndef USE_SSL_CRYPTO -#include <gcrypt.h> -#else +#if defined(USE_SSL_CRYPTO) #include <openssl/aes.h> +#elif defined(USE_NETTLE) +#include <nettle/aes.h> +#else // USE_GCRYPT is the default +#include <gcrypt.h> #endif #include "options.h" @@ -103,11 +118,13 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union { typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t; struct key_derivation_aesctr_param_struct { -#ifndef USE_SSL_CRYPTO - gcry_cipher_hd_t handle_; -#else +#if defined(USE_SSL_CRYPTO) AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; +#elif defined(USE_NETTLE) + struct aes_ctx ctx_; +#else // USE_GCRYPT is the default + gcry_cipher_hd_t handle_; #endif key_derivation_aesctr_ctr_t ctr_; }; diff --git a/src/linux/tun.c b/src/linux/tun.c index acd823e..c77cea1 100644 --- a/src/linux/tun.c +++ b/src/linux/tun.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #define _GNU_SOURCE @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_log_h_INCLUDED diff --git a/src/log_targets.h b/src/log_targets.h index babe1d1..a0a774b 100644 --- a/src/log_targets.h +++ b/src/log_targets.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_log_targets_h_INCLUDED diff --git a/src/options.c b/src/options.c index 4b5df26..f12eb1b 100644 --- a/src/options.c +++ b/src/options.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/options.h b/src/options.h index 05f1c21..fa4d554 100644 --- a/src/options.h +++ b/src/options.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_options_h_INCLUDED diff --git a/src/plain_packet.c b/src/plain_packet.c index 53bddb9..868ebd8 100644 --- a/src/plain_packet.c +++ b/src/plain_packet.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/plain_packet.h b/src/plain_packet.h index 54c0f8d..5b79c39 100644 --- a/src/plain_packet.h +++ b/src/plain_packet.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_plain_packet_h_INCLUDED diff --git a/src/seq_window.c b/src/seq_window.c index 55be299..2d225a4 100644 --- a/src/seq_window.c +++ b/src/seq_window.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" @@ -201,7 +214,7 @@ void seq_win_print(seq_win_t* win) while(ptr) { printf(" [%u]: (%u)-", ptr->sender_id_, ptr->max_); window_size_t i = ptr->pos_; - while(1) { + for(;;) { if(ptr->window_[i]) printf("O"); else diff --git a/src/seq_window.h b/src/seq_window.h index 51bb1eb..612c2d1 100644 --- a/src/seq_window.h +++ b/src/seq_window.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_seq_window_h_INCLUDED diff --git a/src/sig_handler.c b/src/sig_handler.c index 69b96e3..5de168e 100644 --- a/src/sig_handler.c +++ b/src/sig_handler.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/sig_handler.h b/src/sig_handler.h index 749c80d..fbb66b6 100644 --- a/src/sig_handler.h +++ b/src/sig_handler.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_sig_handler_h_INCLUDED diff --git a/src/string_list.c b/src/string_list.c index 260dd92..97bc057 100644 --- a/src/string_list.c +++ b/src/string_list.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include <string.h> diff --git a/src/string_list.h b/src/string_list.h index 2e29822..03ca276 100644 --- a/src/string_list.h +++ b/src/string_list.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_string_list_h_INCLUDED diff --git a/src/sysexec.c b/src/sysexec.c index 1191401..814d5ff 100644 --- a/src/sysexec.c +++ b/src/sysexec.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/sysexec.h b/src/sysexec.h index 7527584..da6555e 100644 --- a/src/sysexec.h +++ b/src/sysexec.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_sysexec_h_INCLUDED @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_tun_h_INCLUDED diff --git a/src/tun_helper.h b/src/tun_helper.h index 6417d1c..15a1c81 100644 --- a/src/tun_helper.h +++ b/src/tun_helper.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_tun_helper_h_INCLUDED diff --git a/src/uanytun.c b/src/uanytun.c index 3453a38..93ddf63 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #define _GNU_SOURCE @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see <http://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_udp_h_INCLUDED |