+2018.06.08 -- version 0.3.7
+
+* fixed some off-by-one errors using snprintf
+* add support for OpenSSL 1.1.0
+ (Thanks to Eneas U de Queiroz <cote2004-github@yahoo.com>)
+
2017.01.04 -- Version 0.3.6
* moved to GIT
.\" Title: uanytun
.\" Author: [see the "AUTHORS" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\" Date: 01/04/2017
+.\" Date: 06/08/2018
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "UANYTUN" "8" "01/04/2017" "\ \&" "\ \&"
+.TH "UANYTUN" "8" "06/08/2018" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
. /etc/default/uanytun
fi
+. /lib/lsb/init-functions
+
start_vpn () {
STATUS="OK"
if [ -f $CONFIG_DIR/$VPNNAME/config ] ; then
if(aa->params_)
free(aa->params_);
- aa->params_ = malloc(sizeof(auth_algo_sha1_param_t));
+ aa->params_ = calloc(1, sizeof(auth_algo_sha1_param_t));
if(!aa->params_)
return -2;
#if defined(USE_SSL_CRYPTO)
auth_algo_sha1_param_t* params = aa->params_;
- HMAC_CTX_init(¶ms->ctx_);
- HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL);
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if ((params->ctx_ = HMAC_CTX_new()) == NULL) {
+ log_printf(ERROR, "failed to allocate HMAC_CTX");
+ return -2;
+ }
+# else
+ if ((params->ctx_ = calloc(1, sizeof(HMAC_CTX))) == NULL) {
+ log_printf(ERROR, "failed to allocate HMAC_CTX");
+ return -2;
+ }
+ HMAC_CTX_init(params->ctx_);
+# endif
+ HMAC_Init_ex(params->ctx_, NULL, 0, EVP_sha1(), NULL);
#elif defined(USE_NETTLE)
// nothing here
#else // USE_GCRYPT is the default
if(aa->params_) {
#if defined(USE_SSL_CRYPTO)
auth_algo_sha1_param_t* params = aa->params_;
- HMAC_CTX_cleanup(¶ms->ctx_);
+ if(params->ctx_) {
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ HMAC_CTX_free(params->ctx_);
+# else
+ HMAC_CTX_cleanup(params->ctx_);
+ free(params->ctx_);
+# endif
+ }
#elif defined(USE_NETTLE)
// nothing here
#else // USE_GCRYPT is the default
return;
#if defined(USE_SSL_CRYPTO)
- HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
+ HMAC_Init_ex(params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
u_int8_t hmac[SHA1_LENGTH];
- HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
- HMAC_Final(¶ms->ctx_, hmac, NULL);
+ HMAC_Update(params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+ HMAC_Final(params->ctx_, hmac, NULL);
#elif defined(USE_NETTLE)
hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_);
return 0;
#if defined(USE_SSL_CRYPTO)
- HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
+ HMAC_Init_ex(params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
u_int8_t hmac[SHA1_LENGTH];
- HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
- HMAC_Final(¶ms->ctx_, hmac, NULL);
+ HMAC_Update(params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+ HMAC_Final(params->ctx_, hmac, NULL);
#elif defined(USE_NETTLE)
hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_);
struct auth_algo_sha1_param_struct {
#if defined(USE_SSL_CRYPTO)
- HMAC_CTX ctx_;
+ HMAC_CTX *ctx_;
#elif defined(USE_NETTLE)
struct hmac_sha1_ctx ctx_;
#else // USE_GCRYPT is the default
}
u_int32_t num = 0;
memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
- AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
+ CRYPTO_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_,
+ params->ecount_buf_, &num, (block128_f)AES_encrypt);
#elif defined(USE_NETTLE)
if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
log_printf(ERROR, "failed to set cipher CTR: size doesn't fit");
#ifndef NO_CRYPT
#if defined(USE_SSL_CRYPTO)
+#include <openssl/crypto.h>
#include <openssl/aes.h>
+#include <openssl/modes.h>
#elif defined(USE_NETTLE)
#include <nettle/aes.h>
#else // USE_GCRYPT is the default
#include "key_derivation.h"
#if defined(USE_SSL_CRYPTO)
+#include <openssl/crypto.h>
#include <openssl/sha.h>
+#include <openssl/modes.h>
#elif defined(USE_NETTLE)
#include <nettle/sha1.h>
#include <nettle/sha2.h>
#if defined(USE_SSL_CRYPTO)
if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
- log_printf(ERROR, "failed to set key derivation CTR: size don't fits");
+ log_printf(ERROR, "failed to set key derivation CTR: size doesn't fit");
return -1;
}
u_int32_t num = 0;
- memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
memset(key, 0, len);
- AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
+ memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
+ CRYPTO_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num, (block128_f)AES_encrypt);
#elif defined(USE_NETTLE)
if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
log_printf(ERROR, "failed to set cipher CTR: size doesn't fit");
#include <sys/wait.h>
#include <fcntl.h>
#include <sys/ioctl.h>
+#include <sys/uio.h>
#include <arpa/inet.h>
#include <errno.h>
#include <net/if.h>
}
if(dev_name)
- strncpy(ifr.ifr_name, dev_name, IFNAMSIZ);
+ strncpy(ifr.ifr_name, dev_name, IFNAMSIZ-1);
if(!ioctl(dev->fd_, TUNSETIFF, &ifr)) {
dev->actual_name_ = strdup(ifr.ifr_name);
for(i=0; i < len; i++) {
if(((i+1)*3) >= (MSG_LENGTH_MAX - offset))
break;
- snprintf(ptr, 3, "%02X ", buf[i]);
+ snprintf(ptr, 4, "%02X ", buf[i]);
ptr+=3;
}
}
projects / debian / uanytun.git / commitdiff