From 2ca04c970ea76d18da53fbbc2c7c7281797af79d Mon Sep 17 00:00:00 2001 From: Darshaka Pathirana Date: Sun, 10 Jun 2018 07:36:11 +0200 Subject: [PATCH] Imported Upstream version 0.3.7 --- ChangeLog | 6 ++++++ doc/uanytun.8 | 4 ++-- etc/init.d/uanytun | 2 ++ src/auth_algo.c | 38 ++++++++++++++++++++++++++++---------- src/auth_algo.h | 2 +- src/cipher.c | 3 ++- src/cipher.h | 2 ++ src/key_derivation.c | 8 +++++--- src/linux/tun.c | 3 ++- src/log.c | 2 +- version | 2 +- 11 files changed, 52 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index e295fc0..5a4b332 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2018.06.08 -- version 0.3.7 + +* fixed some off-by-one errors using snprintf +* add support for OpenSSL 1.1.0 + (Thanks to Eneas U de Queiroz ) + 2017.01.04 -- Version 0.3.6 * moved to GIT diff --git a/doc/uanytun.8 b/doc/uanytun.8 index 941cdaa..e49a3e3 100644 --- a/doc/uanytun.8 +++ b/doc/uanytun.8 @@ -2,12 +2,12 @@ .\" Title: uanytun .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.79.1 -.\" Date: 01/04/2017 +.\" Date: 06/08/2018 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" -.TH "UANYTUN" "8" "01/04/2017" "\ \&" "\ \&" +.TH "UANYTUN" "8" "06/08/2018" "\ \&" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/etc/init.d/uanytun b/etc/init.d/uanytun index 9071e5a..b8a8573 100755 --- a/etc/init.d/uanytun +++ b/etc/init.d/uanytun @@ -22,6 +22,8 @@ if [ -f /etc/default/uanytun ] ; then . /etc/default/uanytun fi +. /lib/lsb/init-functions + start_vpn () { STATUS="OK" if [ -f $CONFIG_DIR/$VPNNAME/config ] ; then diff --git a/src/auth_algo.c b/src/auth_algo.c index ac102c7..c4041a5 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -161,14 +161,25 @@ int auth_algo_sha1_init(auth_algo_t* aa) if(aa->params_) free(aa->params_); - aa->params_ = malloc(sizeof(auth_algo_sha1_param_t)); + aa->params_ = calloc(1, sizeof(auth_algo_sha1_param_t)); if(!aa->params_) return -2; #if defined(USE_SSL_CRYPTO) auth_algo_sha1_param_t* params = aa->params_; - HMAC_CTX_init(¶ms->ctx_); - HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); +# if OPENSSL_VERSION_NUMBER >= 0x10100000L + if ((params->ctx_ = HMAC_CTX_new()) == NULL) { + log_printf(ERROR, "failed to allocate HMAC_CTX"); + return -2; + } +# else + if ((params->ctx_ = calloc(1, sizeof(HMAC_CTX))) == NULL) { + log_printf(ERROR, "failed to allocate HMAC_CTX"); + return -2; + } + HMAC_CTX_init(params->ctx_); +# endif + HMAC_Init_ex(params->ctx_, NULL, 0, EVP_sha1(), NULL); #elif defined(USE_NETTLE) // nothing here #else // USE_GCRYPT is the default @@ -191,7 +202,14 @@ void auth_algo_sha1_close(auth_algo_t* aa) if(aa->params_) { #if defined(USE_SSL_CRYPTO) auth_algo_sha1_param_t* params = aa->params_; - HMAC_CTX_cleanup(¶ms->ctx_); + if(params->ctx_) { +# if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_free(params->ctx_); +# else + HMAC_CTX_cleanup(params->ctx_); + free(params->ctx_); +# endif + } #elif defined(USE_NETTLE) // nothing here #else // USE_GCRYPT is the default @@ -225,11 +243,11 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati return; #if defined(USE_SSL_CRYPTO) - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + HMAC_Init_ex(params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); + HMAC_Update(params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(params->ctx_, hmac, NULL); #elif defined(USE_NETTLE) hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); @@ -279,11 +297,11 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati return 0; #if defined(USE_SSL_CRYPTO) - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + HMAC_Init_ex(params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); + HMAC_Update(params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(params->ctx_, hmac, NULL); #elif defined(USE_NETTLE) hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); diff --git a/src/auth_algo.h b/src/auth_algo.h index d1e5178..4ac0f40 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -82,7 +82,7 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di struct auth_algo_sha1_param_struct { #if defined(USE_SSL_CRYPTO) - HMAC_CTX ctx_; + HMAC_CTX *ctx_; #elif defined(USE_NETTLE) struct hmac_sha1_ctx ctx_; #else // USE_GCRYPT is the default diff --git a/src/cipher.c b/src/cipher.c index f87e2cf..f3ccbce 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -338,7 +338,8 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di } u_int32_t num = 0; memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); - AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); + CRYPTO_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, + params->ecount_buf_, &num, (block128_f)AES_encrypt); #elif defined(USE_NETTLE) if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); diff --git a/src/cipher.h b/src/cipher.h index 570df8d..fedc82a 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -51,7 +51,9 @@ #ifndef NO_CRYPT #if defined(USE_SSL_CRYPTO) +#include #include +#include #elif defined(USE_NETTLE) #include #else // USE_GCRYPT is the default diff --git a/src/key_derivation.c b/src/key_derivation.c index f2d8548..c593f31 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -51,7 +51,9 @@ #include "key_derivation.h" #if defined(USE_SSL_CRYPTO) +#include #include +#include #elif defined(USE_NETTLE) #include #include @@ -467,13 +469,13 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di #if defined(USE_SSL_CRYPTO) if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { - log_printf(ERROR, "failed to set key derivation CTR: size don't fits"); + log_printf(ERROR, "failed to set key derivation CTR: size doesn't fit"); return -1; } u_int32_t num = 0; - memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); memset(key, 0, len); - AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); + memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); + CRYPTO_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num, (block128_f)AES_encrypt); #elif defined(USE_NETTLE) if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); diff --git a/src/linux/tun.c b/src/linux/tun.c index c77cea1..11fd209 100644 --- a/src/linux/tun.c +++ b/src/linux/tun.c @@ -60,6 +60,7 @@ #include #include #include +#include #include #include #include @@ -103,7 +104,7 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, cons } if(dev_name) - strncpy(ifr.ifr_name, dev_name, IFNAMSIZ); + strncpy(ifr.ifr_name, dev_name, IFNAMSIZ-1); if(!ioctl(dev->fd_, TUNSETIFF, &ifr)) { dev->actual_name_ = strdup(ifr.ifr_name); diff --git a/src/log.c b/src/log.c index b094d49..02208c6 100644 --- a/src/log.c +++ b/src/log.c @@ -265,7 +265,7 @@ void log_print_hex_dump(log_prio_t prio, const u_int8_t* buf, u_int32_t len) for(i=0; i < len; i++) { if(((i+1)*3) >= (MSG_LENGTH_MAX - offset)) break; - snprintf(ptr, 3, "%02X ", buf[i]); + snprintf(ptr, 4, "%02X ", buf[i]); ptr+=3; } } diff --git a/version b/version index 449d7e7..0f82685 100644 --- a/version +++ b/version @@ -1 +1 @@ -0.3.6 +0.3.7 -- 2.1.4