From: Kostadin K. <la...@mi...> - 2003-04-09 14:09:13
|
Hi Derek I folowed your advice and I have made some patches, hmm two patches indeed one for src/racoon/configure.in and one for src/racoon/crypto_openssl.c First pleace excuse the quality of the code and my english :-)), This is my first attempt to write in C on UN*X ever... although I've did some coding in C for DOS years ago.... so consider these patches as highly wrong and dangerous, no testing is done except that they compile (even on slackware :-)) after applying these, its necessary to run autoconf in src/racoon/ to produce proper configure script and after all here they are :-)))))) --- ipsec-tools-0.2.2-orig/src/racoon/configure.in 2003-03-07 19:06:12.000000000 +0200 +++ ipsec-tools-0.2.2/src/racoon/configure.in 2003-04-09 16:43:39.000000000 +0300 @@ -675,12 +675,13 @@ AC_CHECK_HEADERS(openssl/cversion.h openssl/opensslv.h) dnl checking rijndael -AC_SUBST(CRYPTOBJS) -AC_CHECK_HEADER(openssl/rijndael.h, [], [ - CPPFLAGS="$CPPFLAGS -I${srcdir}/missing" - CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o" +AC_CHECK_HEADERS(openssl/aes.h,[],[ + AC_SUBST(CRYPTOBJS) + AC_CHECK_HEADER(openssl/rijndael.h, [], [ + CPPFLAGS="$CPPFLAGS -I${srcdir}/missing" + CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o" + ]) ]) - dnl checking sha2 AC_SUBST(CRYPTOBJS) AC_CHECK_HEADER(openssl/sha2.h, [], [ --- ipsec-tools-0.2.2-orig/src/racoon/crypto_openssl.c 2003-03-04 01:56:56.000000000 +0200 +++ ipsec-tools-0.2.2/src/racoon/crypto_openssl.c 2003-04-09 16:42:25.000000000 +0300 @@ -74,7 +74,9 @@ #endif #include <openssl/cast.h> #include <openssl/err.h> -#ifdef HAVE_OPENSSL_RIJNDAEL_H +#ifdef HAVE_OPENSSL_AES_H +#include <openssl/aes.h> +#elif HAVE_OPENSSL_RIJNDAEL_H #include <openssl/rijndael.h> #else #include "crypto/rijndael/rijndael-api-fst.h" @@ -1384,6 +1386,7 @@ /* * AES(RIJNDAEL)-CBC */ +#ifndef HAVE_OPENSSL_AES_H vchar_t * eay_aes_encrypt(data, key, iv) vchar_t *data, *key, *iv; @@ -1435,6 +1438,47 @@ return res; } +#else +/*My part*/ + +vchar_t * +eay_aes_encrypt(data, key, iv) + vchar_t *data, *key, *iv; +{ + vchar_t *res; + AES_KEY ks; + + AES_set_encrypt_key(key->v, key->l, &ks); + + /* allocate buffer for result */ + if ((res = vmalloc(data->l)) == NULL) + return NULL; + + /* encryption data */ + AES_cbc_encrypt(data->v, res->v, data->l, + &ks, iv->v, AES_ENCRYPT); + return res; +} + +vchar_t * +eay_aes_decrypt(data, key, iv) + vchar_t *data, *key, *iv; +{ + vchar_t *res; + AES_KEY ks; + + AES_set_decrypt_key(key->v, key->l, &ks); + + /* allocate buffer for result */ + if ((res = vmalloc(data->l)) == NULL) + return NULL; + + /* decryption data */ + AES_cbc_encrypt(data->v, res->v, data->l, + &ks, iv->v, AES_DECRYPT); + return res; +} +#endif int eay_aes_weakkey(key) > -----Original Message----- > From: Derek Atkins [mailto:de...@ih...] > Sent: Tuesday, April 08, 2003 11:49 PM > To: Kostadin Karaivanov > Cc: ips...@li... > Subject: Re: [Ipsec-tools-devel] aes in openssl 0.9.7 > > > Yes, rijndael is AES, so yes, it should probably check for both. > However, I don't know if it will properly use both. > > In either case, send me a patch. I don't have openssl-0.9.7 so I > can't make/test this change myself. > > -derek > > Kostadin Karaivanov <la...@mi...> writes: > > > Hi Derek, > > As I'm compiling ipsec-tools (all versions till now) I'have notised > > that racoon still checks only for openssl/rijndael.h > > From version 0.9.7 of openssl, it supports this but by the name aes > > (i beleave that rijndael=aes:-) > > My question is - is it apropriate in further versions of ipsec-tools > > racoon to checks this too ? > > > > wwell larry > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for > > just $79/mo with 500 GB of bandwidth! No other company gives more > > support or power for your dedicated server > > http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ > > _______________________________________________ > > Ipsec-tools-devel mailing list > > Ips...@li... > > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel > > -- > Derek Atkins > Computer and Internet Security Consultant > de...@ih... www.ihtfp.com Kostadin Karaivanov Senior System Administrator @ Ministry Of Finance tel: +359 2 98592062 la...@mi... |