mac os x compilation fixed
This commit is contained in:
mom040267
parent
475e4c22e3
commit
901c80d4af
50
configure
vendored
50
configure
vendored
@ -9,6 +9,8 @@ cleanup() {
|
||||
rm -rf ${TH_TMPCPROGB}
|
||||
rm -rf ${DTLS_TMPCPROGC}
|
||||
rm -rf ${DTLS_TMPCPROGB}
|
||||
rm -rf ${GCM_TMPCPROGC}
|
||||
rm -rf ${GCM_TMPCPROGB}
|
||||
rm -rf ${PQ_TMPCPROGC}
|
||||
rm -rf ${PQ_TMPCPROGB}
|
||||
rm -rf ${MYSQL_TMPCPROGC}
|
||||
@ -237,6 +239,21 @@ dtls_testlib() {
|
||||
fi
|
||||
}
|
||||
|
||||
gcm_testlib() {
|
||||
|
||||
if [ -z "${TURN_NO_GCM}" ] ; then
|
||||
${CC} ${GCM_TMPCPROGC} -o ${GCM_TMPCPROGB} ${OSCFLAGS} ${OSLIBS} 2>>/dev/null
|
||||
ER=$?
|
||||
if [ ${ER} -eq 0 ] ; then
|
||||
return 1
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
}
|
||||
|
||||
testdaemon() {
|
||||
|
||||
${CC} ${D_TMPCPROGC} -o ${D_TMPCPROGB} ${OSCFLAGS} ${OSLIBS} 2>>/dev/null
|
||||
@ -628,6 +645,19 @@ int main(int argc, char** argv) {
|
||||
}
|
||||
!
|
||||
|
||||
GCM_TMPCPROG=__test__ccomp__gcm__$$
|
||||
GCM_TMPCPROGC=${TMPDIR}/${GCM_TMPCPROG}.c
|
||||
GCM_TMPCPROGB=${TMPDIR}/${GCM_TMPCPROG}
|
||||
|
||||
cat > ${GCM_TMPCPROGC} <<!
|
||||
#include <stdlib.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/evp.h>
|
||||
int main(int argc, char** argv) {
|
||||
return (int)EVP_CIPH_GCM_MODE;
|
||||
}
|
||||
!
|
||||
|
||||
D_TMPCPROG=__test__ccomp__daemon__$$
|
||||
D_TMPCPROGC=${TMPDIR}/${D_TMPCPROG}.c
|
||||
D_TMPCPROGB=${TMPDIR}/${D_TMPCPROG}
|
||||
@ -885,6 +915,24 @@ else
|
||||
TURN_NO_DTLS="-DTURN_NO_DTLS"
|
||||
fi
|
||||
|
||||
###########################
|
||||
# Can we use GCM cipher ?
|
||||
###########################
|
||||
|
||||
if [ -z ${TURN_NO_GCM} ] ; then
|
||||
|
||||
gcm_testlib
|
||||
ER=$?
|
||||
if [ ${ER} -eq 0 ] ; then
|
||||
${ECHO_CMD} "WARNING: Cannot find GCM support."
|
||||
${ECHO_CMD} "Turning GCM off."
|
||||
TURN_NO_GCM="-DTURN_NO_GCM"
|
||||
fi
|
||||
|
||||
else
|
||||
TURN_NO_GCM="-DTURN_NO_GCM"
|
||||
fi
|
||||
|
||||
###########################
|
||||
# Test Libevent2 setup
|
||||
###########################
|
||||
@ -1044,7 +1092,7 @@ fi
|
||||
# So, what we have now:
|
||||
###############################
|
||||
|
||||
OSCFLAGS="${OSCFLAGS} ${TURN_NO_THREAD_BARRIERS} ${TURN_NO_DTLS} ${TURN_NO_TLS} -DINSTALL_PREFIX=${PREFIX}"
|
||||
OSCFLAGS="${OSCFLAGS} ${TURN_NO_THREAD_BARRIERS} ${TURN_NO_DTLS} ${TURN_NO_GCM} ${TURN_NO_TLS} -DINSTALL_PREFIX=${PREFIX}"
|
||||
|
||||
if ! [ -z "${TURN_ACCEPT_RPATH}" ] ; then
|
||||
if [ -z "${TURN_DISABLE_RPATH}" ] ; then
|
||||
|
||||
@ -39,6 +39,8 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
///////////
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
///////////
|
||||
@ -1678,7 +1680,7 @@ static size_t calculate_enc_key_length(ENC_ALG a)
|
||||
{
|
||||
switch(a) {
|
||||
case AES_128_CBC:
|
||||
#if !defined(TURN_NO_GCM_SUPPORT)
|
||||
#if !defined(TURN_NO_GCM)
|
||||
case AEAD_AES_128_GCM:
|
||||
#endif
|
||||
return 16;
|
||||
@ -1838,7 +1840,7 @@ int convert_oauth_key_data(oauth_key_data *oakd, oauth_key *key, char *err_msg,
|
||||
key->as_rs_alg = AES_128_CBC;
|
||||
} else if(!strcmp(oakd->as_rs_alg,"AES-256-CBC")) {
|
||||
key->as_rs_alg = AES_256_CBC;
|
||||
#if !defined(TURN_NO_GCM_SUPPORT)
|
||||
#if !defined(TURN_NO_GCM)
|
||||
} else if(!strcmp(oakd->as_rs_alg,"AEAD-AES-128-GCM")) {
|
||||
key->as_rs_alg = AEAD_AES_128_GCM;
|
||||
} else if(!strcmp(oakd->as_rs_alg,"AEAD-AES-256-GCM")) {
|
||||
@ -1880,7 +1882,7 @@ static const EVP_CIPHER *get_cipher_type(ENC_ALG enc_alg)
|
||||
return EVP_aes_256_cbc();
|
||||
case AES_128_CBC:
|
||||
return EVP_aes_128_cbc();
|
||||
#if !defined(TURN_NO_GCM_SUPPORT)
|
||||
#if !defined(TURN_NO_GCM)
|
||||
case AEAD_AES_128_GCM:
|
||||
return EVP_aes_128_gcm();
|
||||
case AEAD_AES_256_GCM:
|
||||
@ -1911,7 +1913,7 @@ static void update_hmac_len(AUTH_ALG aa, unsigned int *hmac_len)
|
||||
if(hmac_len) {
|
||||
switch(aa) {
|
||||
case AUTH_ALG_HMAC_SHA_256_128:
|
||||
*hmac_len = *hmac_len >> 1;
|
||||
*hmac_len = 16;
|
||||
break;
|
||||
default:
|
||||
;
|
||||
@ -1982,7 +1984,7 @@ static int decode_oauth_token_normal(u08bits *server_name, encoded_oauth_token *
|
||||
if(server_name && etoken && key && dtoken) {
|
||||
|
||||
size_t mac_size = calculate_auth_output_length(key->auth_alg);
|
||||
size_t min_encoded_field_size = 2+4+8+calculate_auth_output_length(AUTH_ALG_HMAC_SHA_256_128);
|
||||
size_t min_encoded_field_size = 2+4+8+calculate_auth_output_length(AUTH_ALG_HMAC_SHA_1);
|
||||
if(etoken->size < mac_size+min_encoded_field_size) {
|
||||
return -1;
|
||||
}
|
||||
@ -2045,7 +2047,7 @@ static int decode_oauth_token_normal(u08bits *server_name, encoded_oauth_token *
|
||||
return -1;
|
||||
}
|
||||
|
||||
#if !defined(TURN_NO_GCM_SUPPORT)
|
||||
#if !defined(TURN_NO_GCM)
|
||||
|
||||
static void generate_random_nonce(unsigned char *nonce, size_t sz) {
|
||||
if(!RAND_bytes(nonce, sz)) {
|
||||
@ -2087,7 +2089,7 @@ static int encode_oauth_token_aead(u08bits *server_name, encoded_oauth_token *et
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
|
||||
/* Initialise the encryption operation. */
|
||||
/* Initialize the encryption operation. */
|
||||
if(1 != EVP_EncryptInit_ex(&ctx, cipher, NULL, NULL, NULL))
|
||||
return -1;
|
||||
|
||||
@ -2129,9 +2131,75 @@ static int encode_oauth_token_aead(u08bits *server_name, encoded_oauth_token *et
|
||||
|
||||
static int decode_oauth_token_aead(u08bits *server_name, encoded_oauth_token *etoken, oauth_key *key, oauth_token *dtoken)
|
||||
{
|
||||
if(server_name && etoken && key && dtoken && (dtoken->enc_block.key_length<128)) {
|
||||
if(server_name && etoken && key && dtoken) {
|
||||
|
||||
//TODO
|
||||
size_t min_encoded_field_size = 2+4+8+OAUTH_AEAD_NONCE_SIZE+OAUTH_AEAD_TAG_SIZE+calculate_auth_output_length(AUTH_ALG_HMAC_SHA_1);
|
||||
if(etoken->size < min_encoded_field_size) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
unsigned char* encoded_field = (unsigned char*)etoken->token;
|
||||
unsigned int encoded_field_size = (unsigned int)etoken->size-OAUTH_AEAD_NONCE_SIZE;
|
||||
unsigned char* nonce = ((unsigned char*)etoken->token) + encoded_field_size;
|
||||
unsigned char* tag = ((unsigned char*)etoken->token) + encoded_field_size - OAUTH_AEAD_TAG_SIZE;
|
||||
|
||||
dtoken->mac_size = 0;
|
||||
|
||||
unsigned char decoded_field[MAX_ENCODED_OAUTH_TOKEN_SIZE];
|
||||
|
||||
const EVP_CIPHER * cipher = get_cipher_type(key->as_rs_alg);
|
||||
if(!cipher)
|
||||
return -1;
|
||||
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
/* Initialize the encryption operation. */
|
||||
if(1 != EVP_EncryptInit_ex(&ctx, cipher, NULL, NULL, NULL))
|
||||
return -1;
|
||||
|
||||
/* Set IV length if default 12 bytes (96 bits) is not appropriate */
|
||||
if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, OAUTH_AEAD_NONCE_SIZE, NULL))
|
||||
return -1;
|
||||
|
||||
/* Initialize key and IV */
|
||||
if(1 != EVP_EncryptInit_ex(&ctx, NULL, NULL, (unsigned char *)key->as_rs_key, nonce))
|
||||
return -1;
|
||||
|
||||
EVP_CIPHER_CTX_ctrl (&ctx, EVP_CTRL_GCM_SET_TAG, OAUTH_AEAD_TAG_SIZE, tag);
|
||||
|
||||
int outl=0;
|
||||
size_t sn_len = strlen((char*)server_name);
|
||||
|
||||
/* Provide any AAD data. This can be called zero or more times as
|
||||
* required
|
||||
*/
|
||||
if(1 != EVP_EncryptUpdate(&ctx, NULL, &outl, server_name, (int)sn_len))
|
||||
return -1;
|
||||
EVP_DecryptUpdate(&ctx, decoded_field, &outl, encoded_field, (int)encoded_field_size);
|
||||
int tmp_outl = 0;
|
||||
if(EVP_DecryptFinal_ex(&ctx, decoded_field + outl, &tmp_outl)<1)
|
||||
return -1;
|
||||
|
||||
outl += tmp_outl;
|
||||
|
||||
if(outl<(int)min_encoded_field_size)
|
||||
return -1;
|
||||
|
||||
size_t len = 0;
|
||||
|
||||
dtoken->enc_block.key_length = nswap16(*((uint16_t*)(decoded_field+len)));
|
||||
len += 2;
|
||||
|
||||
ns_bcopy(decoded_field+len,dtoken->enc_block.mac_key,dtoken->enc_block.key_length);
|
||||
len += dtoken->enc_block.key_length;
|
||||
|
||||
dtoken->enc_block.timestamp = nswap64(*((uint64_t*)(decoded_field+len)));
|
||||
len += 8;
|
||||
|
||||
dtoken->enc_block.lifetime = nswap32(*((uint32_t*)(decoded_field+len)));
|
||||
len += 4;
|
||||
|
||||
return 0;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
@ -2145,7 +2213,7 @@ int encode_oauth_token(u08bits *server_name, encoded_oauth_token *etoken, oauth_
|
||||
case AES_256_CBC:
|
||||
case AES_128_CBC:
|
||||
return encode_oauth_token_normal(server_name, etoken,key,dtoken);
|
||||
#if !defined(TURN_NO_GCM_SUPPORT)
|
||||
#if !defined(TURN_NO_GCM)
|
||||
case AEAD_AES_128_GCM:
|
||||
case AEAD_AES_256_GCM:
|
||||
return encode_oauth_token_aead(server_name, etoken,key,dtoken);
|
||||
@ -2164,7 +2232,7 @@ int decode_oauth_token(u08bits *server_name, encoded_oauth_token *etoken, oauth_
|
||||
case AES_256_CBC:
|
||||
case AES_128_CBC:
|
||||
return decode_oauth_token_normal(server_name, etoken,key,dtoken);
|
||||
#if !defined(TURN_NO_GCM_SUPPORT)
|
||||
#if !defined(TURN_NO_GCM)
|
||||
case AEAD_AES_128_GCM:
|
||||
case AEAD_AES_256_GCM:
|
||||
return decode_oauth_token_aead(server_name, etoken,key,dtoken);
|
||||
|
||||
@ -68,16 +68,12 @@ typedef enum _SHATYPE SHATYPE;
|
||||
|
||||
/* OAUTH TOKEN ENC ALG ==> */
|
||||
|
||||
#if !defined(EVP_CIPH_GCM_MODE)
|
||||
#define TURN_NO_GCM_SUPPORT
|
||||
#endif
|
||||
|
||||
enum _ENC_ALG {
|
||||
ENC_ALG_ERROR=-1,
|
||||
ENC_ALG_DEFAULT=0,
|
||||
AES_256_CBC=ENC_ALG_DEFAULT,
|
||||
AES_128_CBC,
|
||||
#if !defined(TURN_NO_GCM_SUPPORT)
|
||||
#if !defined(TURN_NO_GCM)
|
||||
AEAD_AES_128_GCM,
|
||||
AEAD_AES_256_GCM,
|
||||
#endif
|
||||
|
||||
Loading…
Reference in New Issue
Block a user