diff options
author | Christian Pointner <equinox@anytun.org> | 2018-06-08 19:31:26 +0200 |
---|---|---|
committer | Christian Pointner <equinox@anytun.org> | 2018-06-08 19:45:54 +0200 |
commit | 1f1df7c948267c8939ffe47a9e15ec03b3805a04 (patch) | |
tree | 2debab03f6152cbd00c8e1c21768bcbdf7b9bfed | |
parent | fix missing include in linux/tun.c (diff) |
Add support for openssl 1.1.0.
Thanks to Eneas U de Queiroz <cote2004-github@yahoo.com>
-rw-r--r-- | src/auth_algo.c | 38 | ||||
-rw-r--r-- | src/auth_algo.h | 2 | ||||
-rw-r--r-- | src/cipher.c | 3 | ||||
-rw-r--r-- | src/cipher.h | 2 | ||||
-rw-r--r-- | src/key_derivation.c | 8 |
5 files changed, 38 insertions, 15 deletions
diff --git a/src/auth_algo.c b/src/auth_algo.c index ac102c7..c4041a5 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -161,14 +161,25 @@ int auth_algo_sha1_init(auth_algo_t* aa) if(aa->params_) free(aa->params_); - aa->params_ = malloc(sizeof(auth_algo_sha1_param_t)); + aa->params_ = calloc(1, sizeof(auth_algo_sha1_param_t)); if(!aa->params_) return -2; #if defined(USE_SSL_CRYPTO) auth_algo_sha1_param_t* params = aa->params_; - HMAC_CTX_init(¶ms->ctx_); - HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); +# if OPENSSL_VERSION_NUMBER >= 0x10100000L + if ((params->ctx_ = HMAC_CTX_new()) == NULL) { + log_printf(ERROR, "failed to allocate HMAC_CTX"); + return -2; + } +# else + if ((params->ctx_ = calloc(1, sizeof(HMAC_CTX))) == NULL) { + log_printf(ERROR, "failed to allocate HMAC_CTX"); + return -2; + } + HMAC_CTX_init(params->ctx_); +# endif + HMAC_Init_ex(params->ctx_, NULL, 0, EVP_sha1(), NULL); #elif defined(USE_NETTLE) // nothing here #else // USE_GCRYPT is the default @@ -191,7 +202,14 @@ void auth_algo_sha1_close(auth_algo_t* aa) if(aa->params_) { #if defined(USE_SSL_CRYPTO) auth_algo_sha1_param_t* params = aa->params_; - HMAC_CTX_cleanup(¶ms->ctx_); + if(params->ctx_) { +# if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_free(params->ctx_); +# else + HMAC_CTX_cleanup(params->ctx_); + free(params->ctx_); +# endif + } #elif defined(USE_NETTLE) // nothing here #else // USE_GCRYPT is the default @@ -225,11 +243,11 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati return; #if defined(USE_SSL_CRYPTO) - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + HMAC_Init_ex(params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); + HMAC_Update(params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(params->ctx_, hmac, NULL); #elif defined(USE_NETTLE) hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); @@ -279,11 +297,11 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati return 0; #if defined(USE_SSL_CRYPTO) - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + HMAC_Init_ex(params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); + HMAC_Update(params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(params->ctx_, hmac, NULL); #elif defined(USE_NETTLE) hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); diff --git a/src/auth_algo.h b/src/auth_algo.h index d1e5178..4ac0f40 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -82,7 +82,7 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di struct auth_algo_sha1_param_struct { #if defined(USE_SSL_CRYPTO) - HMAC_CTX ctx_; + HMAC_CTX *ctx_; #elif defined(USE_NETTLE) struct hmac_sha1_ctx ctx_; #else // USE_GCRYPT is the default diff --git a/src/cipher.c b/src/cipher.c index f87e2cf..f3ccbce 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -338,7 +338,8 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di } u_int32_t num = 0; memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); - AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); + CRYPTO_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, + params->ecount_buf_, &num, (block128_f)AES_encrypt); #elif defined(USE_NETTLE) if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); diff --git a/src/cipher.h b/src/cipher.h index 570df8d..fedc82a 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -51,7 +51,9 @@ #ifndef NO_CRYPT #if defined(USE_SSL_CRYPTO) +#include <openssl/crypto.h> #include <openssl/aes.h> +#include <openssl/modes.h> #elif defined(USE_NETTLE) #include <nettle/aes.h> #else // USE_GCRYPT is the default diff --git a/src/key_derivation.c b/src/key_derivation.c index f2d8548..c593f31 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -51,7 +51,9 @@ #include "key_derivation.h" #if defined(USE_SSL_CRYPTO) +#include <openssl/crypto.h> #include <openssl/sha.h> +#include <openssl/modes.h> #elif defined(USE_NETTLE) #include <nettle/sha1.h> #include <nettle/sha2.h> @@ -467,13 +469,13 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di #if defined(USE_SSL_CRYPTO) if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { - log_printf(ERROR, "failed to set key derivation CTR: size don't fits"); + log_printf(ERROR, "failed to set key derivation CTR: size doesn't fit"); return -1; } u_int32_t num = 0; - memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); memset(key, 0, len); - AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); + memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); + CRYPTO_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num, (block128_f)AES_encrypt); #elif defined(USE_NETTLE) if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); |