summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/anytunError.cpp4
-rw-r--r--src/anytunError.h4
-rw-r--r--src/authAlgo.cpp54
-rw-r--r--src/authAlgo.h14
-rw-r--r--src/cipher.cpp28
-rw-r--r--src/cipher.h15
-rwxr-xr-xsrc/configure1
-rw-r--r--src/cryptinit.hpp12
-rw-r--r--src/keyDerivation.cpp76
-rw-r--r--src/keyDerivation.h14
10 files changed, 120 insertions, 102 deletions
diff --git a/src/anytunError.cpp b/src/anytunError.cpp
index d0cd451..58d8fd7 100644
--- a/src/anytunError.cpp
+++ b/src/anytunError.cpp
@@ -36,7 +36,8 @@
#include <boost/system/system_error.hpp>
#ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
+
+#if defined(USE_GCRYPT)
std::ostream& operator<<(std::ostream& stream, AnytunGpgError const& value)
{
char buf[STERROR_TEXT_MAX];
@@ -45,6 +46,7 @@ std::ostream& operator<<(std::ostream& stream, AnytunGpgError const& value)
return stream << buf;
}
#endif
+
#endif
std::ostream& operator<<(std::ostream& stream, AnytunErrno const& value)
diff --git a/src/anytunError.h b/src/anytunError.h
index b1077cd..b8ad49e 100644
--- a/src/anytunError.h
+++ b/src/anytunError.h
@@ -40,7 +40,8 @@
#define STERROR_TEXT_MAX 200
#ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
+
+#if defined(USE_GCRYPT)
#include <gcrypt.h>
class AnytunGpgError
@@ -51,6 +52,7 @@ public:
};
std::ostream& operator<<(std::ostream& stream, AnytunGpgError const& value);
#endif
+
#endif
class AnytunErrno
diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp
index b583d6f..24bb423 100644
--- a/src/authAlgo.cpp
+++ b/src/authAlgo.cpp
@@ -54,32 +54,32 @@ bool NullAuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH)
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+ HMAC_CTX_init(&ctx_);
+ HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL);
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
if(err) {
cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo";
return;
}
-#else
- HMAC_CTX_init(&ctx_);
- HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL);
#endif
}
Sha1AuthAlgo::~Sha1AuthAlgo()
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+ HMAC_CTX_cleanup(&ctx_);
+#else // USE_GCRYPT is the default
if(handle_) {
gcry_md_close(handle_);
}
-#else
- HMAC_CTX_cleanup(&ctx_);
#endif
}
void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
if(!handle_) {
return;
}
@@ -91,7 +91,13 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
}
kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+ HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
+
+ uint8_t hmac[DIGEST_LENGTH];
+ HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
+ HMAC_Final(&ctx_, hmac, NULL);
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength());
if(err) {
cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << AnytunGpgError(err);
@@ -102,12 +108,6 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
gcry_md_final(handle_);
uint8_t* hmac = gcry_md_read(handle_, 0);
-#else
- HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
-
- uint8_t hmac[DIGEST_LENGTH];
- HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
- HMAC_Final(&ctx_, hmac, NULL);
#endif
uint8_t* tag = packet.getAuthTag();
@@ -122,7 +122,7 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
if(!handle_) {
return false;
}
@@ -134,7 +134,13 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
}
kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+ HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
+
+ uint8_t hmac[DIGEST_LENGTH];
+ HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
+ HMAC_Final(&ctx_, hmac, NULL);
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength());
if(err) {
cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << AnytunGpgError(err);
@@ -145,12 +151,6 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
gcry_md_final(handle_);
uint8_t* hmac = gcry_md_read(handle_, 0);
-#else
- HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
-
- uint8_t hmac[DIGEST_LENGTH];
- HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
- HMAC_Final(&ctx_, hmac, NULL);
#endif
uint8_t* tag = packet.getAuthTag();
@@ -163,10 +163,10 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
int ret = std::memcmp(&tag[packet.getAuthTagLength() - length], &hmac[DIGEST_LENGTH - length], length);
packet.removeAuthTag();
- if(ret) {
- return false;
- }
-
+ if(ret) {
+ return false;
+ }
+
return true;
}
diff --git a/src/authAlgo.h b/src/authAlgo.h
index 3074014..a9b8051 100644
--- a/src/authAlgo.h
+++ b/src/authAlgo.h
@@ -37,11 +37,13 @@
#include "encryptedPacket.h"
#ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+
+#if defined(USE_SSL_CRYPTO)
#include <openssl/hmac.h>
+#else // USE_GCRYPT is the default
+#include <gcrypt.h>
#endif
+
#endif
#include "keyDerivation.h"
@@ -95,10 +97,10 @@ public:
static const uint32_t DIGEST_LENGTH = 20;
private:
-#ifndef USE_SSL_CRYPTO
- gcry_md_hd_t handle_;
-#else
+#if defined(USE_SSL_CRYPTO)
HMAC_CTX ctx_;
+#else // USE_GCRYPT is the default
+ gcry_md_hd_t handle_;
#endif
Buffer key_;
diff --git a/src/cipher.cpp b/src/cipher.cpp
index abc583f..d7cbb5f 100644
--- a/src/cipher.cpp
+++ b/src/cipher.cpp
@@ -87,7 +87,7 @@ AesIcmCipher::AesIcmCipher(kd_dir_t d, uint16_t key_length) : Cipher(d), key_(ui
void AesIcmCipher::init(uint16_t key_length)
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
handle_ = NULL;
int algo;
switch(key_length) {
@@ -116,7 +116,7 @@ void AesIcmCipher::init(uint16_t key_length)
AesIcmCipher::~AesIcmCipher()
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
if(handle_) {
gcry_cipher_close(handle_);
}
@@ -150,20 +150,20 @@ void AesIcmCipher::calcCtr(KeyDerivation& kd, seq_nr_t seq_nr, sender_id_t sende
void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
if(!handle_) {
return;
}
#endif
kd.generate(dir_, LABEL_ENC, seq_nr, key_);
-#ifdef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
int ret = AES_set_encrypt_key(key_.getBuf(), key_.getLength()*8, &aes_key_);
if(ret) {
cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher ssl key (code: " << ret << ")";
return;
}
-#else
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_cipher_setkey(handle_, key_.getBuf(), key_.getLength());
if(err) {
cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher key: " << AnytunGpgError(err);
@@ -173,7 +173,15 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t*
calcCtr(kd, seq_nr, sender_id, mux);
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+ if(CTR_LENGTH != AES_BLOCK_SIZE) {
+ cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size don't fits";
+ return;
+ }
+ unsigned int num = 0;
+ std::memset(ecount_buf_, 0, AES_BLOCK_SIZE);
+ AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num);
+#else // USE_GCRYPT is the default
err = gcry_cipher_setctr(handle_, ctr_.buf_, CTR_LENGTH);
if(err) {
cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: " << AnytunGpgError(err);
@@ -185,14 +193,6 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t*
cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to de/encrypt packet: " << AnytunGpgError(err);
return;
}
-#else
- if(CTR_LENGTH != AES_BLOCK_SIZE) {
- cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size don't fits";
- return;
- }
- unsigned int num = 0;
- std::memset(ecount_buf_, 0, AES_BLOCK_SIZE);
- AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num);
#endif
}
#endif
diff --git a/src/cipher.h b/src/cipher.h
index 9de463a..c39f9cb 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -39,11 +39,13 @@
#include "keyDerivation.h"
#ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+
+#if defined(USE_SSL_CRYPTO)
#include <openssl/aes.h>
+#else // USE_GCRYPT is the default
+#include <gcrypt.h>
#endif
+
#endif
class Cipher
@@ -96,12 +98,13 @@ private:
void calcCtr(KeyDerivation& kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
void calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
-#ifndef USE_SSL_CRYPTO
- gcry_cipher_hd_t handle_;
-#else
+#if defined(USE_SSL_CRYPTO)
AES_KEY aes_key_;
uint8_t ecount_buf_[AES_BLOCK_SIZE];
+#else // USE_GCRYPT is the default
+ gcry_cipher_hd_t handle_;
#endif
+
Buffer key_;
Buffer salt_;
diff --git a/src/configure b/src/configure
index c01da8f..27c4890 100755
--- a/src/configure
+++ b/src/configure
@@ -218,6 +218,7 @@ fi
case $CRYPTO_LIB in
gcrypt)
+ CXXFLAGS=$CXXFLAGS' -DUSE_GCRYPT'
LDFLAGS=$LDFLAGS' -lgcrypt -lgpg-error'
if [ -n "$GCRYPT_PREFIX" ]; then
CXXFLAGS="$CXXFLAGS -I\"$GCRYPT_PREFIX/include\""
diff --git a/src/cryptinit.hpp b/src/cryptinit.hpp
index 9f9c5a5..e684a13 100644
--- a/src/cryptinit.hpp
+++ b/src/cryptinit.hpp
@@ -34,7 +34,8 @@
#define ANYTUN_cryptinit_hpp_INCLUDED
#ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
+
+#if defined(USE_GCRYPT)
#include <gcrypt.h>
// boost thread callbacks for libgcrypt
@@ -104,16 +105,19 @@ bool initLibGCrypt()
return true;
}
#endif
+
#endif
bool initCrypto()
{
#ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
- return initLibGCrypt();
-#else
+
+#if defined(USE_SSL_CRYPTO)
return true;
+#else // USE_GCRYPT is the default
+ return initLibGCrypt();
#endif
+
#else
return true;
#endif
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp
index 3b6f17c..d462515 100644
--- a/src/keyDerivation.cpp
+++ b/src/keyDerivation.cpp
@@ -46,9 +46,11 @@
#ifndef NO_CRYPT
#ifndef NO_PASSPHRASE
-#ifdef USE_SSL_CRYPTO
+
+#if defined(USE_SSL_CRYPTO)
#include <openssl/sha.h>
#endif
+
#endif
#endif
@@ -69,21 +71,21 @@ void KeyDerivation::calcMasterKey(std::string passphrase, uint16_t length)
return;
}
-#ifndef USE_SSL_CRYPTO
- if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA256)) {
-#else
+#if defined(USE_SSL_CRYPTO)
if(length > SHA256_DIGEST_LENGTH) {
+#else // USE_GCRYPT is the default
+ if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA256)) {
#endif
cLog.msg(Log::PRIO_ERROR) << "KeyDerivation: master key too long for passphrase algorithm";
return;
}
-#ifndef USE_SSL_CRYPTO
- Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA256)));
- gcry_md_hash_buffer(GCRY_MD_SHA256, digest.getBuf(), passphrase.c_str(), passphrase.length());
-#else
+#if defined(USE_SSL_CRYPTO)
Buffer digest(uint32_t(SHA256_DIGEST_LENGTH));
SHA256(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digest.getBuf());
+#else // USE_GCRYPT is the default
+ Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA256)));
+ gcry_md_hash_buffer(GCRY_MD_SHA256, digest.getBuf(), passphrase.c_str(), passphrase.length());
#endif
master_key_.setLength(length);
@@ -98,21 +100,21 @@ void KeyDerivation::calcMasterSalt(std::string passphrase, uint16_t length)
return;
}
-#ifndef USE_SSL_CRYPTO
- if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA1)) {
-#else
+#if defined(USE_SSL_CRYPTO)
if(length > SHA_DIGEST_LENGTH) {
+#else // USE_GCRYPT is the default
+ if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA1)) {
#endif
cLog.msg(Log::PRIO_ERROR) << "KeyDerivation: master key too long for passphrase algorithm";
return;
}
-#ifndef USE_SSL_CRYPTO
- Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA1)));
- gcry_md_hash_buffer(GCRY_MD_SHA1, digest.getBuf(), passphrase.c_str(), passphrase.length());
-#else
+#if defined(USE_SSL_CRYPTO)
Buffer digest(uint32_t(SHA_DIGEST_LENGTH));
SHA1(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digest.getBuf());
+#else // USE_GCRYPT is the default
+ Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA1)));
+ gcry_md_hash_buffer(GCRY_MD_SHA1, digest.getBuf(), passphrase.c_str(), passphrase.length());
#endif
master_salt_.setLength(length);
@@ -172,7 +174,7 @@ bool NullKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_t
AesIcmKeyDerivation::AesIcmKeyDerivation() : KeyDerivation(DEFAULT_KEY_LENGTH)
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
for(int i=0; i<2; i++) {
handle_[i] = NULL;
}
@@ -181,7 +183,7 @@ AesIcmKeyDerivation::AesIcmKeyDerivation() : KeyDerivation(DEFAULT_KEY_LENGTH)
AesIcmKeyDerivation::AesIcmKeyDerivation(uint16_t key_length) : KeyDerivation(key_length)
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
for(int i=0; i<2; i++) {
handle_[i] = NULL;
}
@@ -191,7 +193,7 @@ AesIcmKeyDerivation::AesIcmKeyDerivation(uint16_t key_length) : KeyDerivation(ke
AesIcmKeyDerivation::~AesIcmKeyDerivation()
{
WritersLock lock(mutex_);
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
for(int i=0; i<2; i++)
if(handle_[i]) {
gcry_cipher_close(handle_[i]);
@@ -236,7 +238,15 @@ void AesIcmKeyDerivation::updateMasterKey()
return;
}
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+ for(int i=0; i<2; i++) {
+ int ret = AES_set_encrypt_key(master_key_.getBuf(), master_key_.getLength()*8, &aes_key_[i]);
+ if(ret) {
+ cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::updateMasterKey: Failed to set ssl key (code: " << ret << ")";
+ return;
+ }
+ }
+#else // USE_GCRYPT is the default
int algo;
switch(key_length_) {
case 128:
@@ -271,14 +281,6 @@ void AesIcmKeyDerivation::updateMasterKey()
return;
}
}
-#else
- for(int i=0; i<2; i++) {
- int ret = AES_set_encrypt_key(master_key_.getBuf(), master_key_.getLength()*8, &aes_key_[i]);
- if(ret) {
- cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::updateMasterKey: Failed to set ssl key (code: " << ret << ")";
- return;
- }
- }
#endif
is_initialized_ = true;
}
@@ -318,7 +320,16 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_
return false;
}
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+ if(CTR_LENGTH != AES_BLOCK_SIZE) {
+ cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size don't fits";
+ return false;
+ }
+ unsigned int num = 0;
+ std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
+ std::memset(key.getBuf(), 0, key.getLength());
+ AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num);
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_cipher_reset(handle_[dir]);
if(err) {
cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::generate: Failed to reset cipher: " << AnytunGpgError(err);
@@ -335,15 +346,6 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_
if(err) {
cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << AnytunGpgError(err);
}
-#else
- if(CTR_LENGTH != AES_BLOCK_SIZE) {
- cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size don't fits";
- return false;
- }
- unsigned int num = 0;
- std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
- std::memset(key.getBuf(), 0, key.getLength());
- AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num);
#endif
return true;
diff --git a/src/keyDerivation.h b/src/keyDerivation.h
index accb501..7f0c137 100644
--- a/src/keyDerivation.h
+++ b/src/keyDerivation.h
@@ -40,11 +40,13 @@
#include "options.h"
#ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+
+#if defined(USE_SSL_CRYPTO)
#include <openssl/aes.h>
+#else // USE_GCRYPT is the default
+#include <gcrypt.h>
#endif
+
#endif
#include <boost/archive/text_oarchive.hpp>
#include <boost/archive/text_iarchive.hpp>
@@ -168,11 +170,11 @@ private:
ar& boost::serialization::base_object<KeyDerivation>(*this);
}
-#ifndef USE_SSL_CRYPTO
- gcry_cipher_hd_t handle_[2];
-#else
+#if defined(USE_SSL_CRYPTO)
AES_KEY aes_key_[2];
uint8_t ecount_buf_[2][AES_BLOCK_SIZE];
+#else // USE_GCRYPT is the default
+ gcry_cipher_hd_t handle_[2];
#endif
#ifdef _MSC_VER