summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/auth_algo.c43
-rw-r--r--src/auth_algo.h8
-rw-r--r--src/uanytun.c4
3 files changed, 52 insertions, 3 deletions
diff --git a/src/auth_algo.c b/src/auth_algo.c
index e1077d5..1476ad0 100644
--- a/src/auth_algo.c
+++ b/src/auth_algo.c
@@ -140,11 +140,16 @@ int auth_algo_sha1_init(auth_algo_t* aa)
auth_algo_sha1_param_t* params = aa->params_;
+#ifndef USE_SSL_CRYPTO
gcry_error_t err = gcry_md_open(&params->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
if(err) {
log_printf(ERR, "failed to open message digest algo: %s", gcry_strerror(err));
return -1;
}
+#else
+ HMAC_CTX_init(&params->ctx_);
+ HMAC_Init_ex(&params->ctx_, NULL, 0, EVP_sha1(), NULL);
+#endif
return 0;
}
@@ -157,8 +162,12 @@ void auth_algo_sha1_close(auth_algo_t* aa)
if(aa->params_) {
auth_algo_sha1_param_t* params = aa->params_;
+#ifndef USE_SSL_CRYPTO
if(params->handle_)
gcry_md_close(params->handle_);
+#else
+ HMAC_CTX_cleanup(&params->ctx_);
+#endif
free(aa->params_);
}
@@ -181,21 +190,35 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
if(ret < 0)
return;
if(ret) { // a new key got generated
+#ifndef USE_SSL_CRYPTO
gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
if(err) {
log_printf(ERR, "failed to set hmac key: %s", gcry_strerror(err));
return;
}
+#else
+ HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
+ }
+ else {
+ HMAC_Init_ex(&params->ctx_, NULL, 0, EVP_sha1(), NULL);
+#endif
}
encrypted_packet_add_auth_tag(packet);
+#ifndef USE_SSL_CRYPTO
gcry_md_reset(params->handle_);
gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
gcry_md_final(params->handle_);
+ u_int8_t* hmac = gcry_md_read(params->handle_, 0);
+#else
+ u_int8_t hmac[SHA1_LENGTH];
+ HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+ HMAC_Final(&params->ctx_, hmac, NULL);
+#endif
+
u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
- u_int8_t* hmac = gcry_md_read(params->handle_, 0);
u_int32_t length = (encrypted_packet_get_auth_tag_length(packet) < SHA1_LENGTH) ? encrypted_packet_get_auth_tag_length(packet) : SHA1_LENGTH;
if(length > SHA1_LENGTH)
@@ -221,19 +244,33 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
if(ret < 0)
return 0;
if(ret) { // a new key got generated
+#ifndef USE_SSL_CRYPTO
gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
if(err) {
log_printf(ERR, "failed to set hmac key: %s", gcry_strerror(err));
return;
- }
+ }
+#else
+ HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
}
+ else {
+ HMAC_Init_ex(&params->ctx_, NULL, 0, EVP_sha1(), NULL);
+#endif
+ }
+
+#ifndef USE_SSL_CRYPTO
gcry_md_reset(params->handle_);
gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
gcry_md_final(params->handle_);
+ u_int8_t* hmac = gcry_md_read(params->handle_, 0);
+#else
+ u_int8_t hmac[SHA1_LENGTH];
+ HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+ HMAC_Final(&params->ctx_, hmac, NULL);
+#endif
u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
- u_int8_t* hmac = gcry_md_read(params->handle_, 0);
u_int32_t length = (encrypted_packet_get_auth_tag_length(packet) < SHA1_LENGTH) ? encrypted_packet_get_auth_tag_length(packet) : SHA1_LENGTH;
if(length > SHA1_LENGTH) {
diff --git a/src/auth_algo.h b/src/auth_algo.h
index f77ae75..3c00dd6 100644
--- a/src/auth_algo.h
+++ b/src/auth_algo.h
@@ -35,7 +35,11 @@
#ifndef _AUTH_ALGO_H_
#define _AUTH_ALGO_H_
+#ifndef USE_SSL_CRYPTO
#include <gcrypt.h>
+#else
+#include <openssl/hmac.h>
+#endif
#include "key_derivation.h"
enum auth_algo_type_enum { aa_unknown, aa_null, aa_sha1 };
@@ -58,7 +62,11 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_
#define SHA1_LENGTH 20
struct auth_algo_sha1_param_struct {
+#ifndef USE_SSL_CRYPTO
gcry_md_hd_t handle_;
+#else
+ HMAC_CTX ctx_;
+#endif
};
typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t;
diff --git a/src/uanytun.c b/src/uanytun.c
index 1181689..b33ff43 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -64,6 +64,7 @@
#include "sysexec.h"
#ifndef NO_CRYPT
+#ifndef USE_SSL_CRYPTO
#define MIN_GCRYPT_VERSION "1.2.0"
@@ -90,6 +91,7 @@ int init_libgcrypt()
return 0;
}
#endif
+#endif
int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
{
@@ -292,6 +294,7 @@ int main(int argc, char* argv[])
log_printf(NOTICE, "just started...");
#ifndef NO_CRYPT
+#ifndef USE_SSL_CRYPTO
ret = init_libgcrypt();
if(ret) {
log_printf(ERR, "error on libgcrpyt initialization, exitting");
@@ -299,6 +302,7 @@ int main(int argc, char* argv[])
exit(ret);
}
#endif
+#endif
tun_device_t dev;