summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/authAlgo.cpp48
-rw-r--r--src/authAlgo.h10
-rw-r--r--src/authAlgoFactory.cpp9
-rw-r--r--src/cipher.cpp2
-rw-r--r--src/cipher.h2
-rw-r--r--src/keyDerivation.cpp6
6 files changed, 61 insertions, 16 deletions
diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp
index f0e3303..561b0b6 100644
--- a/src/authAlgo.cpp
+++ b/src/authAlgo.cpp
@@ -68,23 +68,51 @@ bool NullAuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH)
{
#if defined(USE_SSL_CRYPTO)
- HMAC_CTX_init(&ctx_);
- HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL);
+ ctx_ = NULL;
+#elif defined(USE_NETTLE)
+ // nothing here
+#else // USE_GCRYPT is the default
+ handle_ = 0;
+#endif
+}
+
+bool Sha1AuthAlgo::Init()
+{
+#if defined(USE_SSL_CRYPTO)
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if ((ctx_ = HMAC_CTX_new()) == NULL) {
+ return false;
+ }
+# else
+ if ((ctx_ = (HMAC_CTX*)calloc(1, sizeof(HMAC_CTX))) == NULL) {
+ return false;
+ }
+ HMAC_CTX_init(ctx_);
+# endif
+ HMAC_Init_ex(ctx_, NULL, 0, EVP_sha1(), NULL);
#elif defined(USE_NETTLE)
// nothing here
#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
if(err) {
cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo";
- return;
+ return false;
}
#endif
+ return true;
}
Sha1AuthAlgo::~Sha1AuthAlgo()
{
#if defined(USE_SSL_CRYPTO)
- HMAC_CTX_cleanup(&ctx_);
+ if(ctx_) {
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ HMAC_CTX_free(ctx_);
+# else
+ HMAC_CTX_cleanup(ctx_);
+ free(ctx_);
+# endif
+ }
#elif defined(USE_NETTLE)
// nothing here
#else // USE_GCRYPT is the default
@@ -109,11 +137,11 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
#if defined(USE_SSL_CRYPTO)
- HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
+ HMAC_Init_ex(ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
uint8_t hmac[DIGEST_LENGTH];
- HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
- HMAC_Final(&ctx_, hmac, NULL);
+ HMAC_Update(ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
+ HMAC_Final(ctx_, hmac, NULL);
#elif defined(USE_NETTLE)
hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf());
@@ -158,11 +186,11 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
#if defined(USE_SSL_CRYPTO)
- HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
+ HMAC_Init_ex(ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
uint8_t hmac[DIGEST_LENGTH];
- HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
- HMAC_Final(&ctx_, hmac, NULL);
+ HMAC_Update(ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
+ HMAC_Final(ctx_, hmac, NULL);
#elif defined(USE_NETTLE)
hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf());
diff --git a/src/authAlgo.h b/src/authAlgo.h
index a1fcea4..758e754 100644
--- a/src/authAlgo.h
+++ b/src/authAlgo.h
@@ -101,10 +101,13 @@ public:
//****** Sha1AuthAlgo ******
//* HMAC SHA1 Auth Tag Generator Class
+class AuthAlgoFactory;
+
class Sha1AuthAlgo : public AuthAlgo
{
+ friend class AuthAlgoFactory;
+
public:
- Sha1AuthAlgo(kd_dir_t d);
~Sha1AuthAlgo();
void generate(KeyDerivation& kd, EncryptedPacket& packet);
@@ -113,8 +116,11 @@ public:
static const uint32_t DIGEST_LENGTH = 20;
private:
+ Sha1AuthAlgo(kd_dir_t d);
+ bool Init();
+
#if defined(USE_SSL_CRYPTO)
- HMAC_CTX ctx_;
+ HMAC_CTX *ctx_;
#elif defined(USE_NETTLE)
struct hmac_sha1_ctx ctx_;
#else // USE_GCRYPT is the default
diff --git a/src/authAlgoFactory.cpp b/src/authAlgoFactory.cpp
index b859f33..e30a4b4 100644
--- a/src/authAlgoFactory.cpp
+++ b/src/authAlgoFactory.cpp
@@ -48,6 +48,7 @@
#include "authAlgoFactory.h"
#include "authAlgo.h"
+#include "anytunError.h"
AuthAlgo* AuthAlgoFactory::create(std::string const& type, kd_dir_t dir)
@@ -57,7 +58,13 @@ AuthAlgo* AuthAlgoFactory::create(std::string const& type, kd_dir_t dir)
}
#ifndef NO_CRYPT
else if(type == "sha1") {
- return new Sha1AuthAlgo(dir);
+ Sha1AuthAlgo* a = new Sha1AuthAlgo(dir);
+ if(!a || !(a->Init())) {
+ if(a)
+ delete a;
+ AnytunError::throwErr() << "failed to initialize SHA1 auth algo";
+ }
+ return a;
}
#endif
else {
diff --git a/src/cipher.cpp b/src/cipher.cpp
index 52a2543..f3b2ed1 100644
--- a/src/cipher.cpp
+++ b/src/cipher.cpp
@@ -207,7 +207,7 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t*
}
unsigned int num = 0;
std::memset(ecount_buf_, 0, AES_BLOCK_SIZE);
- AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num);
+ CRYPTO_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num, (block128_f)AES_encrypt);
#elif defined(USE_NETTLE)
if(CTR_LENGTH != AES_BLOCK_SIZE) {
cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit";
diff --git a/src/cipher.h b/src/cipher.h
index 6408ffd..e47dab9 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -55,7 +55,9 @@
#ifndef NO_CRYPT
#if defined(USE_SSL_CRYPTO)
+#include <openssl/crypto.h>
#include <openssl/aes.h>
+#include <openssl/modes.h>
#elif defined(USE_NETTLE)
#include <nettle/aes.h>
#else // USE_GCRYPT is the default
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp
index 780a51c..812dc44 100644
--- a/src/keyDerivation.cpp
+++ b/src/keyDerivation.cpp
@@ -61,7 +61,9 @@
#ifndef NO_PASSPHRASE
#if defined(USE_SSL_CRYPTO)
+#include <openssl/crypto.h>
#include <openssl/sha.h>
+#include <openssl/modes.h>
#elif defined(USE_NETTLE)
#include <nettle/sha1.h>
#include <nettle/sha2.h>
@@ -363,9 +365,9 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_
return false;
}
unsigned int num = 0;
- std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
std::memset(key.getBuf(), 0, key.getLength());
- AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num);
+ std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
+ CRYPTO_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num, (block128_f)AES_encrypt);
#elif defined(USE_NETTLE)
if(CTR_LENGTH != AES_BLOCK_SIZE) {
cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit";