mirror of
https://github.com/ntop/n2n.git
synced 2024-09-19 16:41:11 +02:00
Updated OpenSSL checks
This commit is contained in:
parent
1cc4996ef3
commit
8b8e3ed3ee
4
edge.c
4
edge.c
|
@ -679,6 +679,10 @@ int main(int argc, char* argv[]) {
|
|||
|
||||
traceEvent(TRACE_NORMAL, "Starting n2n edge %s %s", PACKAGE_VERSION, PACKAGE_BUILDDATE);
|
||||
|
||||
#if defined(N2N_HAVE_AES) || defined(HAVE_OPENSSL_1_1)
|
||||
traceEvent(TRACE_NORMAL, "Using %s", OpenSSL_version(0));
|
||||
#endif
|
||||
|
||||
/* Random seed */
|
||||
srand(time(NULL));
|
||||
|
||||
|
|
2
n2n.h
2
n2n.h
|
@ -110,6 +110,8 @@ typedef struct ether_hdr ether_hdr_t;
|
|||
#include <unistd.h>
|
||||
#include <assert.h>
|
||||
#include <sys/stat.h>
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include "minilzo.h"
|
||||
|
||||
#define closesocket(a) close(a)
|
||||
|
|
|
@ -83,8 +83,10 @@ char *openssl_err_as_string (void) {
|
|||
char *buf = NULL;
|
||||
size_t len = BIO_get_mem_data (bio, &buf);
|
||||
char *ret = (char *) calloc (1, 1 + len);
|
||||
|
||||
if(ret)
|
||||
memcpy (ret, buf, len);
|
||||
|
||||
BIO_free (bio);
|
||||
return ret;
|
||||
}
|
||||
|
@ -119,7 +121,7 @@ static void set_aes_cbc_iv(transop_aes_t *priv, n2n_aes_ivec_t ivec, uint64_t iv
|
|||
* [V|II|DDDDDDDDDDDDDDDDDDDDD]
|
||||
* |<---- encrypted ---->|
|
||||
*/
|
||||
static int transop_encode_aes( n2n_trans_op_t * arg,
|
||||
static int transop_encode_aes(n2n_trans_op_t * arg,
|
||||
uint8_t * outbuf,
|
||||
size_t out_len,
|
||||
const uint8_t * inbuf,
|
||||
|
@ -140,7 +142,7 @@ static int transop_encode_aes( n2n_trans_op_t * arg,
|
|||
traceEvent(TRACE_DEBUG, "encode_aes %lu", in_len);
|
||||
|
||||
/* Encode the aes format version. */
|
||||
encode_uint8( outbuf, &idx, N2N_AES_TRANSFORM_VERSION);
|
||||
encode_uint8(outbuf, &idx, N2N_AES_TRANSFORM_VERSION);
|
||||
|
||||
/* Generate and encode the IV seed.
|
||||
* Using two calls to rand() because RAND_MAX is usually < 64bit
|
||||
|
@ -156,10 +158,10 @@ static int transop_encode_aes( n2n_trans_op_t * arg,
|
|||
|
||||
/* The assembly buffer is a source for encrypting data.
|
||||
* The whole contents of assembly are encrypted. */
|
||||
memcpy( assembly, inbuf, in_len);
|
||||
memcpy(assembly, inbuf, in_len);
|
||||
|
||||
/* Need at least one encrypted byte at the end for the padding. */
|
||||
len2 = ( (len / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE; /* Round up to next whole AES adding at least one byte. */
|
||||
len2 = ((len / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE; /* Round up to next whole AES adding at least one byte. */
|
||||
padding = (len2-len);
|
||||
assembly[len2 - 1] = padding;
|
||||
traceEvent(TRACE_DEBUG, "padding = %u, seed = %016llx", padding, iv_seed);
|
||||
|
@ -192,7 +194,7 @@ static int transop_encode_aes( n2n_trans_op_t * arg,
|
|||
|
||||
EVP_CIPHER_CTX_reset(ctx);
|
||||
#else
|
||||
AES_cbc_encrypt( assembly, /* source */
|
||||
AES_cbc_encrypt(assembly, /* source */
|
||||
outbuf + TRANSOP_AES_PREAMBLE_SIZE, /* dest */
|
||||
len2, /* enc size */
|
||||
&(priv->enc_key), enc_ivec, AES_ENCRYPT);
|
||||
|
@ -210,7 +212,7 @@ static int transop_encode_aes( n2n_trans_op_t * arg,
|
|||
/* ****************************************************** */
|
||||
|
||||
/* See transop_encode_aes for packet format */
|
||||
static int transop_decode_aes( n2n_trans_op_t * arg,
|
||||
static int transop_decode_aes(n2n_trans_op_t * arg,
|
||||
uint8_t * outbuf,
|
||||
size_t out_len,
|
||||
const uint8_t * inbuf,
|
||||
|
@ -220,7 +222,7 @@ static int transop_decode_aes( n2n_trans_op_t * arg,
|
|||
transop_aes_t * priv = (transop_aes_t *)arg->priv;
|
||||
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
||||
|
||||
if(( (in_len - TRANSOP_AES_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
|
||||
if(((in_len - TRANSOP_AES_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
|
||||
&& (in_len >= TRANSOP_AES_PREAMBLE_SIZE) /* Has at least version, iv seed */
|
||||
)
|
||||
{
|
||||
|
@ -230,7 +232,7 @@ static int transop_decode_aes( n2n_trans_op_t * arg,
|
|||
uint64_t iv_seed=0;
|
||||
|
||||
/* Get the encoding version to make sure it is supported */
|
||||
decode_uint8( &aes_enc_ver, inbuf, &rem, &idx );
|
||||
decode_uint8(&aes_enc_ver, inbuf, &rem, &idx );
|
||||
|
||||
if(N2N_AES_TRANSFORM_VERSION == aes_enc_ver) {
|
||||
/* Get the IV seed */
|
||||
|
@ -273,7 +275,7 @@ static int transop_decode_aes( n2n_trans_op_t * arg,
|
|||
|
||||
EVP_CIPHER_CTX_reset(ctx);
|
||||
#else
|
||||
AES_cbc_encrypt( (inbuf + TRANSOP_AES_PREAMBLE_SIZE),
|
||||
AES_cbc_encrypt((inbuf + TRANSOP_AES_PREAMBLE_SIZE),
|
||||
assembly, /* destination */
|
||||
len,
|
||||
&(priv->dec_key),
|
||||
|
@ -290,7 +292,7 @@ static int transop_decode_aes( n2n_trans_op_t * arg,
|
|||
traceEvent(TRACE_DEBUG, "padding = %u", padding);
|
||||
len -= padding;
|
||||
|
||||
memcpy( outbuf,
|
||||
memcpy(outbuf,
|
||||
assembly,
|
||||
len);
|
||||
} else
|
||||
|
@ -318,13 +320,13 @@ static int setup_aes_key(transop_aes_t *priv, const uint8_t *key, ssize_t key_si
|
|||
|
||||
/* Clear out any old possibly longer key matter. */
|
||||
#ifdef OPENSSL_1_1
|
||||
memset( &(priv->key), 0, sizeof(priv->key) );
|
||||
memset(&(priv->key), 0, sizeof(priv->key) );
|
||||
#else
|
||||
memset( &(priv->enc_key), 0, sizeof(priv->enc_key) );
|
||||
memset( &(priv->dec_key), 0, sizeof(priv->dec_key) );
|
||||
memset(&(priv->enc_key), 0, sizeof(priv->enc_key) );
|
||||
memset(&(priv->dec_key), 0, sizeof(priv->dec_key) );
|
||||
#endif
|
||||
memset( &(priv->iv_enc_key), 0, sizeof(priv->iv_enc_key) );
|
||||
memset( &(priv->iv_pad_val), 0, sizeof(priv->iv_pad_val) );
|
||||
memset(&(priv->iv_enc_key), 0, sizeof(priv->iv_enc_key) );
|
||||
memset(&(priv->iv_pad_val), 0, sizeof(priv->iv_pad_val) );
|
||||
|
||||
/* Let the user choose the degree of encryption:
|
||||
* Long input keys will pick AES192 or AES256 with more robust but expensive encryption.
|
||||
|
@ -371,7 +373,7 @@ static int setup_aes_key(transop_aes_t *priv, const uint8_t *key, ssize_t key_si
|
|||
/* is there enough material available? */
|
||||
if(key_mat_buf_length < (aes_key_size_bytes + TRANSOP_AES_IV_KEY_BYTES + TRANSOP_AES_IV_PADDING_SIZE)) {
|
||||
/* this should never happen */
|
||||
traceEvent( TRACE_ERROR, "AES missing %u bits hashed key material\n",
|
||||
traceEvent(TRACE_ERROR, "AES missing %u bits hashed key material\n",
|
||||
(aes_key_size_bytes + TRANSOP_AES_IV_KEY_BYTES + TRANSOP_AES_IV_PADDING_SIZE - key_mat_buf_length) * 8);
|
||||
return(1);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user