Skip to content
Permalink
Browse files

Merge pull request #3 from jurmc/support_for_openssl-1.1.0

Support for OpenSSL >= 1.1.0.
  • Loading branch information
lpefferkorn committed Mar 31, 2018
2 parents b719681 + 6243705 commit 02e435fa9ca2ccaef4eb81033adc0249c786ffea
Showing with 13 additions and 13 deletions.
  1. +1 −1 configure.ac
  2. +1 −1 src/esp.h
  3. +11 −11 src/ipdecap.c
@@ -23,7 +23,7 @@ esac
# Checks for libraries.
AC_CHECK_LIB(pcap, pcap_offline_filter, [],
AC_MSG_ERROR(pcap library not found ))
AC_CHECK_LIB(crypto, EVP_CIPHER_CTX_init, [],
AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [],
AC_MSG_ERROR(OpenSSL library not found))

# Checks for header files.
@@ -47,7 +47,7 @@ typedef struct auth_method_t {
typedef struct llflow_t {
address_t addr_src;
address_t addr_dst;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx;
unsigned char *key;
u_int32_t spi;
char *crypt_name;
@@ -356,8 +356,8 @@ int add_flow(char *ip_src, char *ip_dst, char *crypt_name, char *auth_name, char
flow->auth_name = strdup(auth_name);
flow->key = dec_key;

EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_init(ctx);
flow->ctx = ctx;

// Adding to linked list
@@ -543,7 +543,7 @@ void dump_flows() {
printf("dump_flows: src:%s dst:%s crypt:%s auth:%s spi:%lx\n",
src, dst, e->crypt_name, e->auth_name, (long unsigned int) e->spi);

dumpmem("key", e->key, EVP_CIPHER_CTX_key_length(&e->ctx), 0);
dumpmem("key", e->key, EVP_CIPHER_CTX_key_length(e->ctx), 0);
printf("\n");

e = e->next;
@@ -743,7 +743,7 @@ void process_esp_packet(u_char const *payload, const int payload_len, pcap_hdr *
char ip_src[INET_ADDRSTRLEN+1];
char ip_dst[INET_ADDRSTRLEN+1];
llflow_t *flow = NULL;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *cipher = NULL;
int packet_size, rc, len, remaining;
int ivlen;
@@ -821,15 +821,15 @@ void process_esp_packet(u_char const *payload, const int payload_len, pcap_hdr *
if ((cipher = EVP_get_cipherbyname(flow->crypt_method->openssl_cipher)) == NULL)
error("Cannot find cipher %s - EVP_get_cipherbyname() err", flow->crypt_method->openssl_cipher);

EVP_CIPHER_CTX_init(&ctx);
EVP_CIPHER_CTX_init(ctx);

// Copy initialization vector
ivlen = EVP_CIPHER_iv_length(cipher);
memset(&esp_packet.iv, 0, EVP_MAX_IV_LENGTH);
memcpy(&esp_packet.iv, payload_src, ivlen);
payload_src += ivlen;

rc = EVP_DecryptInit_ex(&ctx, cipher,NULL, flow->key, esp_packet.iv);
rc = EVP_DecryptInit_ex(ctx, cipher,NULL, flow->key, esp_packet.iv);
if (rc != 1) {
error("Error during the initialization of crypto system. Please report this bug with your .pcap file");
}
@@ -847,7 +847,7 @@ void process_esp_packet(u_char const *payload, const int payload_len, pcap_hdr *
}

// Do the decryption work
rc = EVP_DecryptUpdate(&ctx, payload_dst, &len, payload_src, remaining);
rc = EVP_DecryptUpdate(ctx, payload_dst, &len, payload_src, remaining);
packet_size += len;

if (rc != 1) {
@@ -857,16 +857,16 @@ void process_esp_packet(u_char const *payload, const int payload_len, pcap_hdr *
return;
}

EVP_DecryptFinal_ex(&ctx, payload_dst+len, &len);
EVP_DecryptFinal_ex(ctx, payload_dst+len, &len);
packet_size += len;

// http://www.mail-archive.com/openssl-users@openssl.org/msg23434.html
packet_size +=EVP_CIPHER_CTX_block_size(&ctx);
packet_size +=EVP_CIPHER_CTX_block_size(ctx);

u_char *pad_len = (new_packet_payload + packet_size -2);

// Detect obviously badly decrypted packet
if (*pad_len >= EVP_CIPHER_CTX_block_size(&ctx)) {
if (*pad_len >= EVP_CIPHER_CTX_block_size(ctx)) {
verbose("Warning: invalid pad_len field, wrong encryption key ? copying raw packet...\n");
process_nonip_packet(payload, payload_len, new_packet_hdr, new_packet_payload);
return;
@@ -880,7 +880,7 @@ void process_esp_packet(u_char const *payload, const int payload_len, pcap_hdr *

new_packet_hdr->len = packet_size;

EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_cleanup(ctx);

} /* flow->crypt_method->openssl_cipher == NULL */

0 comments on commit 02e435f

Please sign in to comment.
You can’t perform that action at this time.