From fa83a5f29af84382724b6bb79436f2c6d032b579 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 8 Jun 2018 19:31:26 +0200 Subject: Add support for openssl 1.1.0. Thanks to Eneas U de Queiroz --- src/auth_algo.c | 38 ++++++++++++++++++++++++++++---------- src/auth_algo.h | 2 +- src/cipher.c | 3 ++- src/cipher.h | 2 ++ src/key_derivation.c | 8 +++++--- 5 files changed, 38 insertions(+), 15 deletions(-) diff --git a/src/auth_algo.c b/src/auth_algo.c index 38ed4f5..b4afc13 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -161,14 +161,25 @@ int auth_algo_sha1_init(auth_algo_t* aa) if(aa->params_) free(aa->params_); - aa->params_ = malloc(sizeof(auth_algo_sha1_param_t)); + aa->params_ = calloc(1, sizeof(auth_algo_sha1_param_t)); if(!aa->params_) return -2; #if defined(USE_SSL_CRYPTO) auth_algo_sha1_param_t* params = aa->params_; - HMAC_CTX_init(¶ms->ctx_); - HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); +# if OPENSSL_VERSION_NUMBER >= 0x10100000L + if ((params->ctx_ = HMAC_CTX_new()) == NULL) { + log_printf(ERROR, "failed to allocate HMAC_CTX"); + return -2; + } +# else + if ((params->ctx_ = calloc(1, sizeof(HMAC_CTX))) == NULL) { + log_printf(ERROR, "failed to allocate HMAC_CTX"); + return -2; + } + HMAC_CTX_init(params->ctx_); +# endif + HMAC_Init_ex(params->ctx_, NULL, 0, EVP_sha1(), NULL); #elif defined(USE_NETTLE) // nothing here #else // USE_GCRYPT is the default @@ -191,7 +202,14 @@ void auth_algo_sha1_close(auth_algo_t* aa) if(aa->params_) { #if defined(USE_SSL_CRYPTO) auth_algo_sha1_param_t* params = aa->params_; - HMAC_CTX_cleanup(¶ms->ctx_); + if(params->ctx_) { +# if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_free(params->ctx_); +# else + HMAC_CTX_cleanup(params->ctx_); + free(params->ctx_); +# endif + } #elif defined(USE_NETTLE) // nothing here #else // USE_GCRYPT is the default @@ -225,11 +243,11 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati return; #if defined(USE_SSL_CRYPTO) - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + HMAC_Init_ex(params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); + HMAC_Update(params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(params->ctx_, hmac, NULL); #elif defined(USE_NETTLE) hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); @@ -279,11 +297,11 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati return 0; #if defined(USE_SSL_CRYPTO) - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + HMAC_Init_ex(params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); + HMAC_Update(params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(params->ctx_, hmac, NULL); #elif defined(USE_NETTLE) hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); diff --git a/src/auth_algo.h b/src/auth_algo.h index 576d490..fc355ad 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -82,7 +82,7 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di struct auth_algo_sha1_param_struct { #if defined(USE_SSL_CRYPTO) - HMAC_CTX ctx_; + HMAC_CTX *ctx_; #elif defined(USE_NETTLE) struct hmac_sha1_ctx ctx_; #else // USE_GCRYPT is the default diff --git a/src/cipher.c b/src/cipher.c index 8c73a2e..cce4594 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -338,7 +338,8 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di } u_int32_t num = 0; memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); - AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); + CRYPTO_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, + params->ecount_buf_, &num, (block128_f)AES_encrypt); #elif defined(USE_NETTLE) if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); diff --git a/src/cipher.h b/src/cipher.h index 62508e2..1d956bc 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -51,7 +51,9 @@ #ifndef NO_CRYPT #if defined(USE_SSL_CRYPTO) +#include #include +#include #elif defined(USE_NETTLE) #include #else // USE_GCRYPT is the default diff --git a/src/key_derivation.c b/src/key_derivation.c index 8f4994e..3e85ce9 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -51,7 +51,9 @@ #include "key_derivation.h" #if defined(USE_SSL_CRYPTO) +#include #include +#include #elif defined(USE_NETTLE) #include #include @@ -467,13 +469,13 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di #if defined(USE_SSL_CRYPTO) if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { - log_printf(ERROR, "failed to set key derivation CTR: size don't fits"); + log_printf(ERROR, "failed to set key derivation CTR: size doesn't fit"); return -1; } u_int32_t num = 0; - memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); memset(key, 0, len); - AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); + memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); + CRYPTO_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num, (block128_f)AES_encrypt); #elif defined(USE_NETTLE) if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); -- cgit v1.2.3