RE: [Ipsec-tools-devel] aes in openssl 0.9.7

[Kostadin K. <la...@mi...>]

Hi Derek
I folowed your advice and I have made some patches, hmm two patches indeed
one for src/racoon/configure.in
and one for src/racoon/crypto_openssl.c

First pleace excuse the quality of the code and my english :-)),
This is my first attempt to write in C on UN*X ever... although I've did
some coding in C
for DOS years ago....
so consider these patches as highly wrong and dangerous, no testing is done
except that they compile (even on slackware :-))
after applying these, its necessary to run autoconf in src/racoon/ to
produce proper configure script and after all here they are :-))))))


--- ipsec-tools-0.2.2-orig/src/racoon/configure.in      2003-03-07
19:06:12.000000000 +0200
+++ ipsec-tools-0.2.2/src/racoon/configure.in   2003-04-09
16:43:39.000000000 +0300
@@ -675,12 +675,13 @@
 AC_CHECK_HEADERS(openssl/cversion.h openssl/opensslv.h)

 dnl checking rijndael
-AC_SUBST(CRYPTOBJS)
-AC_CHECK_HEADER(openssl/rijndael.h, [], [
-       CPPFLAGS="$CPPFLAGS -I${srcdir}/missing"
-       CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"
+AC_CHECK_HEADERS(openssl/aes.h,[],[
+       AC_SUBST(CRYPTOBJS)
+       AC_CHECK_HEADER(openssl/rijndael.h, [], [
+               CPPFLAGS="$CPPFLAGS -I${srcdir}/missing"
+               CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"
+       ])
 ])
-
 dnl checking sha2
 AC_SUBST(CRYPTOBJS)
 AC_CHECK_HEADER(openssl/sha2.h, [], [

--- ipsec-tools-0.2.2-orig/src/racoon/crypto_openssl.c  2003-03-04
01:56:56.000000000 +0200
+++ ipsec-tools-0.2.2/src/racoon/crypto_openssl.c       2003-04-09
16:42:25.000000000 +0300
@@ -74,7 +74,9 @@
 #endif
 #include <openssl/cast.h>
 #include <openssl/err.h>
-#ifdef HAVE_OPENSSL_RIJNDAEL_H
+#ifdef HAVE_OPENSSL_AES_H
+#include <openssl/aes.h>
+#elif HAVE_OPENSSL_RIJNDAEL_H
 #include <openssl/rijndael.h>
 #else
 #include "crypto/rijndael/rijndael-api-fst.h"
@@ -1384,6 +1386,7 @@
 /*
  * AES(RIJNDAEL)-CBC
  */
+#ifndef HAVE_OPENSSL_AES_H
 vchar_t *
 eay_aes_encrypt(data, key, iv)
        vchar_t *data, *key, *iv;
@@ -1435,6 +1438,47 @@

        return res;
 }
+#else
+/*My part*/
+
+vchar_t *
+eay_aes_encrypt(data, key, iv)
+       vchar_t *data, *key, *iv;
+{
+ vchar_t *res;
+ AES_KEY ks;
+
+ AES_set_encrypt_key(key->v, key->l, &ks);
+
+       /* allocate buffer for result */
+       if ((res = vmalloc(data->l)) == NULL)
+               return NULL;
+
+       /* encryption data */
+       AES_cbc_encrypt(data->v, res->v, data->l,
+                       &ks, iv->v, AES_ENCRYPT);
+  return res;
+}
+
+vchar_t *
+eay_aes_decrypt(data, key, iv)
+       vchar_t *data, *key, *iv;
+{
+  vchar_t *res;
+  AES_KEY ks;
+
+  AES_set_decrypt_key(key->v, key->l, &ks);
+
+       /* allocate buffer for result */
+       if ((res = vmalloc(data->l)) == NULL)
+               return NULL;
+
+       /* decryption data */
+       AES_cbc_encrypt(data->v, res->v, data->l,
+                       &ks, iv->v, AES_DECRYPT);
+  return res;
+}
+#endif

 int
 eay_aes_weakkey(key)



> -----Original Message-----
> From: Derek Atkins [mailto:de...@ih...]
> Sent: Tuesday, April 08, 2003 11:49 PM
> To: Kostadin Karaivanov
> Cc: ips...@li...
> Subject: Re: [Ipsec-tools-devel] aes in openssl 0.9.7
>
>
> Yes, rijndael is AES, so yes, it should probably check for both.
> However, I don't know if it will properly use both.
>
> In either case, send me a patch.  I don't have openssl-0.9.7 so I
> can't make/test this change myself.
>
> -derek
>
> Kostadin Karaivanov <la...@mi...> writes:
>
> > Hi Derek,
> > As I'm compiling ipsec-tools (all versions till now) I'have notised
> > that racoon still checks only for openssl/rijndael.h
> >  From version 0.9.7 of openssl, it supports this but by the name aes
> > (i beleave that rijndael=aes:-)
> > My question is - is it apropriate in further versions of ipsec-tools
> > racoon to checks this too ?
> >
> > wwell larry
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for
> > just $79/mo with 500 GB of bandwidth! No other company gives more
> > support or power for your dedicated server
> > http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
> > _______________________________________________
> > Ipsec-tools-devel mailing list
> > Ips...@li...
> > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel
>
> --
>        Derek Atkins
>        Computer and Internet Security Consultant
>        de...@ih...             www.ihtfp.com

Kostadin Karaivanov
Senior System Administrator @ Ministry Of Finance
tel: +359 2 98592062
la...@mi...