mirror of
https://github.com/ntop/n2n.git
synced 2024-09-20 00:51:10 +02:00
commit
b2f09a2d0c
|
@ -43,7 +43,7 @@
|
||||||
typedef unsigned char n2n_aes_ivec_t[N2N_AES_IVEC_SIZE];
|
typedef unsigned char n2n_aes_ivec_t[N2N_AES_IVEC_SIZE];
|
||||||
|
|
||||||
typedef struct transop_aes {
|
typedef struct transop_aes {
|
||||||
#ifdef OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
EVP_CIPHER_CTX *enc_ctx; /* openssl's reusable evp_* encryption context */
|
EVP_CIPHER_CTX *enc_ctx; /* openssl's reusable evp_* encryption context */
|
||||||
EVP_CIPHER_CTX *dec_ctx; /* openssl's reusable evp_* decryption context */
|
EVP_CIPHER_CTX *dec_ctx; /* openssl's reusable evp_* decryption context */
|
||||||
const EVP_CIPHER *cipher; /* cipher to use: e.g. EVP_aes_128_cbc */
|
const EVP_CIPHER *cipher; /* cipher to use: e.g. EVP_aes_128_cbc */
|
||||||
|
@ -61,7 +61,7 @@ typedef struct transop_aes {
|
||||||
static int transop_deinit_aes(n2n_trans_op_t *arg) {
|
static int transop_deinit_aes(n2n_trans_op_t *arg) {
|
||||||
transop_aes_t *priv = (transop_aes_t *)arg->priv;
|
transop_aes_t *priv = (transop_aes_t *)arg->priv;
|
||||||
|
|
||||||
#ifdef OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
EVP_CIPHER_CTX_free(priv->enc_ctx);
|
EVP_CIPHER_CTX_free(priv->enc_ctx);
|
||||||
EVP_CIPHER_CTX_free(priv->dec_ctx);
|
EVP_CIPHER_CTX_free(priv->dec_ctx);
|
||||||
#endif
|
#endif
|
||||||
|
@ -74,7 +74,7 @@ static int transop_deinit_aes(n2n_trans_op_t *arg) {
|
||||||
|
|
||||||
/* ****************************************************** */
|
/* ****************************************************** */
|
||||||
|
|
||||||
#ifdef OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
/* get any erorr message out of openssl
|
/* get any erorr message out of openssl
|
||||||
taken from https://en.wikibooks.org/wiki/OpenSSL/Error_handling */
|
taken from https://en.wikibooks.org/wiki/OpenSSL/Error_handling */
|
||||||
char *openssl_err_as_string (void) {
|
char *openssl_err_as_string (void) {
|
||||||
|
@ -168,7 +168,7 @@ static int transop_encode_aes(n2n_trans_op_t * arg,
|
||||||
|
|
||||||
set_aes_cbc_iv(priv, enc_ivec, iv_seed);
|
set_aes_cbc_iv(priv, enc_ivec, iv_seed);
|
||||||
|
|
||||||
#ifdef OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
EVP_CIPHER_CTX *ctx = priv->enc_ctx;
|
EVP_CIPHER_CTX *ctx = priv->enc_ctx;
|
||||||
int evp_len;
|
int evp_len;
|
||||||
int evp_ciphertext_len;
|
int evp_ciphertext_len;
|
||||||
|
@ -248,7 +248,7 @@ static int transop_decode_aes(n2n_trans_op_t * arg,
|
||||||
|
|
||||||
set_aes_cbc_iv(priv, dec_ivec, iv_seed);
|
set_aes_cbc_iv(priv, dec_ivec, iv_seed);
|
||||||
|
|
||||||
#ifdef OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
EVP_CIPHER_CTX *ctx = priv->dec_ctx;
|
EVP_CIPHER_CTX *ctx = priv->dec_ctx;
|
||||||
int evp_len;
|
int evp_len;
|
||||||
int evp_plaintext_len;
|
int evp_plaintext_len;
|
||||||
|
@ -319,7 +319,7 @@ static int setup_aes_key(transop_aes_t *priv, const uint8_t *key, ssize_t key_si
|
||||||
size_t key_mat_buf_length;
|
size_t key_mat_buf_length;
|
||||||
|
|
||||||
/* Clear out any old possibly longer key matter. */
|
/* Clear out any old possibly longer key matter. */
|
||||||
#ifdef OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
memset(&(priv->key), 0, sizeof(priv->key) );
|
memset(&(priv->key), 0, sizeof(priv->key) );
|
||||||
#else
|
#else
|
||||||
memset(&(priv->enc_key), 0, sizeof(priv->enc_key) );
|
memset(&(priv->enc_key), 0, sizeof(priv->enc_key) );
|
||||||
|
@ -344,14 +344,14 @@ static int setup_aes_key(transop_aes_t *priv, const uint8_t *key, ssize_t key_si
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if(key_size >= 65) {
|
if(key_size >= 65) {
|
||||||
#ifdef OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
priv->cipher = EVP_aes_256_cbc();
|
priv->cipher = EVP_aes_256_cbc();
|
||||||
#endif
|
#endif
|
||||||
aes_key_size_bytes = AES256_KEY_BYTES;
|
aes_key_size_bytes = AES256_KEY_BYTES;
|
||||||
SHA512(key, key_size, key_mat_buf);
|
SHA512(key, key_size, key_mat_buf);
|
||||||
key_mat_buf_length = SHA512_DIGEST_LENGTH;
|
key_mat_buf_length = SHA512_DIGEST_LENGTH;
|
||||||
} else if(key_size >= 44) {
|
} else if(key_size >= 44) {
|
||||||
#ifdef OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
priv->cipher = EVP_aes_192_cbc();
|
priv->cipher = EVP_aes_192_cbc();
|
||||||
#endif
|
#endif
|
||||||
aes_key_size_bytes = AES192_KEY_BYTES;
|
aes_key_size_bytes = AES192_KEY_BYTES;
|
||||||
|
@ -360,7 +360,7 @@ static int setup_aes_key(transop_aes_t *priv, const uint8_t *key, ssize_t key_si
|
||||||
SHA256(key_mat_buf, SHA384_DIGEST_LENGTH, key_mat_buf + SHA384_DIGEST_LENGTH);
|
SHA256(key_mat_buf, SHA384_DIGEST_LENGTH, key_mat_buf + SHA384_DIGEST_LENGTH);
|
||||||
key_mat_buf_length = SHA384_DIGEST_LENGTH + SHA256_DIGEST_LENGTH;
|
key_mat_buf_length = SHA384_DIGEST_LENGTH + SHA256_DIGEST_LENGTH;
|
||||||
} else {
|
} else {
|
||||||
#ifdef OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
priv->cipher = EVP_aes_128_cbc();
|
priv->cipher = EVP_aes_128_cbc();
|
||||||
#endif
|
#endif
|
||||||
aes_key_size_bytes = AES128_KEY_BYTES;
|
aes_key_size_bytes = AES128_KEY_BYTES;
|
||||||
|
@ -381,7 +381,7 @@ static int setup_aes_key(transop_aes_t *priv, const uint8_t *key, ssize_t key_si
|
||||||
/* setup of key, used for the CBC encryption */
|
/* setup of key, used for the CBC encryption */
|
||||||
aes_key_size_bits = 8 * aes_key_size_bytes;
|
aes_key_size_bits = 8 * aes_key_size_bytes;
|
||||||
|
|
||||||
#ifdef OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
memcpy (priv->key, key_mat_buf, aes_key_size_bytes);
|
memcpy (priv->key, key_mat_buf, aes_key_size_bytes);
|
||||||
#else
|
#else
|
||||||
AES_set_encrypt_key(key_mat_buf, aes_key_size_bits, &(priv->enc_key));
|
AES_set_encrypt_key(key_mat_buf, aes_key_size_bits, &(priv->enc_key));
|
||||||
|
@ -425,7 +425,7 @@ int n2n_transop_aes_cbc_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) {
|
||||||
}
|
}
|
||||||
ttt->priv = priv;
|
ttt->priv = priv;
|
||||||
|
|
||||||
#ifdef OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
/* Setup openssl's reusable evp_* contexts for encryption and decryption*/
|
/* Setup openssl's reusable evp_* contexts for encryption and decryption*/
|
||||||
if(!(priv->enc_ctx = EVP_CIPHER_CTX_new())) {
|
if(!(priv->enc_ctx = EVP_CIPHER_CTX_new())) {
|
||||||
traceEvent(TRACE_ERROR, "openssl's evp_* encryption context creation: %s\n", openssl_err_as_string());
|
traceEvent(TRACE_ERROR, "openssl's evp_* encryption context creation: %s\n", openssl_err_as_string());
|
||||||
|
|
Loading…
Reference in New Issue
Block a user