+2018.06.08 -- version 0.3.7
+
+* fix build for new versions of GCC and Boost
+* add support for OpenSSL 1.1
+
2016.07.08 -- Version 0.3.6
* fixed build for GCC-6 and C++0x
.\" Title: anytun-config
.\" Author: [see the "AUTHORS" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\" Date: 07/08/2016
+.\" Date: 06/09/2018
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "ANYTUN\-CONFIG" "8" "07/08/2016" "\ \&" "\ \&"
+.TH "ANYTUN\-CONFIG" "8" "06/09/2018" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" Title: anytun-controld
.\" Author: [see the "AUTHORS" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\" Date: 07/08/2016
+.\" Date: 06/09/2018
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "ANYTUN\-CONTROLD" "8" "07/08/2016" "\ \&" "\ \&"
+.TH "ANYTUN\-CONTROLD" "8" "06/09/2018" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" Title: anytun-showtables
.\" Author: [see the "AUTHORS" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\" Date: 07/08/2016
+.\" Date: 06/09/2018
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "ANYTUN\-SHOWTABLES" "8" "07/08/2016" "\ \&" "\ \&"
+.TH "ANYTUN\-SHOWTABLES" "8" "06/09/2018" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" Title: anytun
.\" Author: [see the "AUTHORS" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\" Date: 07/08/2016
+.\" Date: 06/09/2018
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "ANYTUN" "8" "07/08/2016" "\ \&" "\ \&"
+.TH "ANYTUN" "8" "06/09/2018" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH)
{
#if defined(USE_SSL_CRYPTO)
- HMAC_CTX_init(&ctx_);
- HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL);
+ ctx_ = NULL;
+#elif defined(USE_NETTLE)
+ // nothing here
+#else // USE_GCRYPT is the default
+ handle_ = 0;
+#endif
+}
+
+bool Sha1AuthAlgo::Init()
+{
+#if defined(USE_SSL_CRYPTO)
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if ((ctx_ = HMAC_CTX_new()) == NULL) {
+ return false;
+ }
+# else
+ if ((ctx_ = (HMAC_CTX*)calloc(1, sizeof(HMAC_CTX))) == NULL) {
+ return false;
+ }
+ HMAC_CTX_init(ctx_);
+# endif
+ HMAC_Init_ex(ctx_, NULL, 0, EVP_sha1(), NULL);
#elif defined(USE_NETTLE)
// nothing here
#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
if(err) {
cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo";
- return;
+ return false;
}
#endif
+ return true;
}
Sha1AuthAlgo::~Sha1AuthAlgo()
{
#if defined(USE_SSL_CRYPTO)
- HMAC_CTX_cleanup(&ctx_);
+ if(ctx_) {
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ HMAC_CTX_free(ctx_);
+# else
+ HMAC_CTX_cleanup(ctx_);
+ free(ctx_);
+# endif
+ }
#elif defined(USE_NETTLE)
// nothing here
#else // USE_GCRYPT is the default
kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
#if defined(USE_SSL_CRYPTO)
- HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
+ HMAC_Init_ex(ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
uint8_t hmac[DIGEST_LENGTH];
- HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
- HMAC_Final(&ctx_, hmac, NULL);
+ HMAC_Update(ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
+ HMAC_Final(ctx_, hmac, NULL);
#elif defined(USE_NETTLE)
hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf());
kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
#if defined(USE_SSL_CRYPTO)
- HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
+ HMAC_Init_ex(ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
uint8_t hmac[DIGEST_LENGTH];
- HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
- HMAC_Final(&ctx_, hmac, NULL);
+ HMAC_Update(ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
+ HMAC_Final(ctx_, hmac, NULL);
#elif defined(USE_NETTLE)
hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf());
//****** Sha1AuthAlgo ******
//* HMAC SHA1 Auth Tag Generator Class
+class AuthAlgoFactory;
+
class Sha1AuthAlgo : public AuthAlgo
{
+ friend class AuthAlgoFactory;
+
public:
- Sha1AuthAlgo(kd_dir_t d);
~Sha1AuthAlgo();
void generate(KeyDerivation& kd, EncryptedPacket& packet);
static const uint32_t DIGEST_LENGTH = 20;
private:
+ Sha1AuthAlgo(kd_dir_t d);
+ bool Init();
+
#if defined(USE_SSL_CRYPTO)
- HMAC_CTX ctx_;
+ HMAC_CTX *ctx_;
#elif defined(USE_NETTLE)
struct hmac_sha1_ctx ctx_;
#else // USE_GCRYPT is the default
#include "authAlgoFactory.h"
#include "authAlgo.h"
+#include "anytunError.h"
AuthAlgo* AuthAlgoFactory::create(std::string const& type, kd_dir_t dir)
}
#ifndef NO_CRYPT
else if(type == "sha1") {
- return new Sha1AuthAlgo(dir);
+ Sha1AuthAlgo* a = new Sha1AuthAlgo(dir);
+ if(!a || !(a->Init())) {
+ if(a)
+ delete a;
+ AnytunError::throwErr() << "failed to initialize SHA1 auth algo";
+ }
+ return a;
}
#endif
else {
}
unsigned int num = 0;
std::memset(ecount_buf_, 0, AES_BLOCK_SIZE);
- AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num);
+ CRYPTO_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num, (block128_f)AES_encrypt);
#elif defined(USE_NETTLE)
if(CTR_LENGTH != AES_BLOCK_SIZE) {
cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit";
#ifndef NO_CRYPT
#if defined(USE_SSL_CRYPTO)
+#include <openssl/crypto.h>
#include <openssl/aes.h>
+#include <openssl/modes.h>
#elif defined(USE_NETTLE)
#include <nettle/aes.h>
#else // USE_GCRYPT is the default
LDFLAGS="$LDFLAGS -L\"$BOOST_PREFIX/lib\""
fi
+CRYPTO_LIB_NAME=""
case $CRYPTO_LIB in
gcrypt)
CXXFLAGS=$CXXFLAGS' -DUSE_GCRYPT'
CXXFLAGS="$CXXFLAGS -I\"$GCRYPT_PREFIX/include\""
LDFLAGS="$LDFLAGS -L\"$GCRYPT_PREFIX/lib\""
fi
+ CRYPTO_LIB_NAME="libgcrypt"
echo "using gcrypt library"
;;
nettle)
CXXFLAGS="$CXXFLAGS -I\"$NETTLE_PREFIX/include\""
LDFLAGS="$LDFLAGS -L\"$NETTLE_PREFIX/lib\""
fi
+ CRYPTO_LIB_NAME="Nettle"
echo "using nettle library"
;;
ssl)
CXXFLAGS="$CXXFLAGS -I\"$OPENSSL_PREFIX/include\""
LDFLAGS="$LDFLAGS -L\"$OPENSSL_PREFIX/lib\""
fi
+ CRYPTO_LIB_NAME="OpenSSL"
echo "using openssl crypto library"
;;
none)
CXXFLAGS=$CXXFLAGS' -DNO_CRYPT'
+ CRYPTO_LIB_NAME="none"
echo "disabling crypto"
;;
esac
VERSION="$VERSION (git $GIT_HASH)"
fi
fi
-HOSTNAME=`hostname`
-DATE=`date +"%d.%m.%Y %H:%M:%S %Z"`
cat > version.h <<EOF
/*
#ifndef ANYTUN_version_h_INCLUDED
#define ANYTUN_version_h_INCLUDED
-#define VERSION_STRING_0 " version $VERSION"
-#define VERSION_STRING_1 "built on $HOSTNAME, $DATE"
+#define VERSION_STRING " version $VERSION"
+#define CRYPTO_LIB_NAME "$CRYPTO_LIB_NAME"
#endif
EOF
#ifndef NO_PASSPHRASE
#if defined(USE_SSL_CRYPTO)
+#include <openssl/crypto.h>
#include <openssl/sha.h>
+#include <openssl/modes.h>
#elif defined(USE_NETTLE)
#include <nettle/sha1.h>
#include <nettle/sha2.h>
return false;
}
unsigned int num = 0;
- std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
std::memset(key.getBuf(), 0, key.getLength());
- AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num);
+ std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
+ CRYPTO_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num, (block128_f)AES_encrypt);
#elif defined(USE_NETTLE)
if(CTR_LENGTH != AES_BLOCK_SIZE) {
cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit";
}
if(dev_name != "") {
- strncpy(ifr.ifr_name, dev_name.c_str(), IFNAMSIZ);
+ strncpy(ifr.ifr_name, dev_name.c_str(), IFNAMSIZ-1);
}
fd_ = ::open(DEFAULT_DEVICE, O_RDWR);
#else
std::cout << "anytun";
#endif
- std::cout << VERSION_STRING_0 << std::endl;
+ std::cout << VERSION_STRING << std::endl;
#if defined(__clang__)
- std::cout << VERSION_STRING_1 << ", using CLANG " << __clang_version__ << std::endl;
+ std::cout << "built using CLANG " << __clang_version__ << " with " << CRYPTO_LIB_NAME << " crypto library." << std::endl;
#elif defined(__GNUC__)
- std::cout << VERSION_STRING_1 << ", using GCC " << __GNUC__ << '.' << __GNUC_MINOR__
- << '.' << __GNUC_PATCHLEVEL__ << std::endl;
+ std::cout << "built using GCC " << __GNUC__ << '.' << __GNUC_MINOR__ << '.' << __GNUC_PATCHLEVEL__
+ << " with " << CRYPTO_LIB_NAME << " crypto library." << std::endl;
#else
- std::cout << VERSION_STRING_1 << std::endl;
+ std::cout << "built using an unknown compiler " << CRYPTO_LIB_NAME << " crypto library." << std::endl;
#endif
-
}
void Options::printUsage()
* files in the program, then also delete it here.
*/
+#include <iostream>
+
#include "routingTreeNode.h"
RoutingTreeNode::RoutingTreeNode():mux_(0),valid_(false)