From 774f970781c6e515d9f62fb16595ef123a2b17b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mustafa=20Bing=C3=BCl?= Date: Tue, 31 Jul 2018 13:40:19 +0300 Subject: [PATCH 1/6] Adding a encryption logic for the password of MySQL DB user. Co-authored-by: Erdem Duman Co-authored-by: mashary --- examples/etc/turnserver.conf | 11 + src/apps/relay/dbdrivers/dbd_mysql.c | 52 ++++ src/apps/relay/mainrelay.c | 438 +++++++++++++++++++-------- src/apps/relay/mainrelay.h | 18 ++ 4 files changed, 401 insertions(+), 118 deletions(-) diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf index 6f50ea5..7a2ef65 100644 --- a/examples/etc/turnserver.conf +++ b/examples/etc/turnserver.conf @@ -276,6 +276,17 @@ # #mysql-userdb="host= dbname= user= password= port= connect_timeout= read_timeout=" +#If you want to use password as encrpyted in the mysql connection string MySQL encrypted connection, this is key path. +#It must be. +#This is the file path which contain secret key of aes encryption while using password encryption. +#This attribute should be use if allow-encoding-with-aes set to 1. +#secret-key-file=/path/ + +#If you want to use password as encrpyted in the mysql connection string. Set allow-encoding-with-aes to 1. +#If you want to use clearteaxt password in the mysql connection string. Set allow-encoding-with-aes to 0. +#You have to enable secret-key-file attribute above as a key location. +#allow-encoding-with-aes=1 or 0 + # MongoDB database connection string in the case that we are using MongoDB # as the user database. # This database can be used for long-term credential mechanism diff --git a/src/apps/relay/dbdrivers/dbd_mysql.c b/src/apps/relay/dbdrivers/dbd_mysql.c index f9eaa71..26e925a 100644 --- a/src/apps/relay/dbdrivers/dbd_mysql.c +++ b/src/apps/relay/dbdrivers/dbd_mysql.c @@ -34,6 +34,7 @@ #if !defined(TURN_NO_MYSQL) #include +#include /////////////////////////////////////////////////////////////////////////////////////////////////////////// @@ -73,6 +74,50 @@ static void MyconninfoFree(Myconninfo *co) { } } +struct ctr_state { + unsigned char ivec[16]; + unsigned int num; + unsigned char ecount[16]; +}; + + +struct ctr_state state; + +char* decryptPassword(unsigned char* in, unsigned char* mykey){ + + unsigned char* out; + unsigned char iv[8] = {0}; + AES_KEY key; + unsigned char outdata[256]; + AES_set_encrypt_key(mykey, 128, &key); + char total[256] = ""; + int size=0; + int bytes_to_decode = strlen(in); + unsigned char *encryptedText = base64decode(in, bytes_to_decode); + char temp[256]; + char last[1024]=""; + int i=0; + + while(1){ + init_ctr(&state, iv); + memset(temp,'\0', sizeof(temp)); + sprintf(temp,"%.16s",&encryptedText[i*16]); + size=strlen(temp); + if(size==0){break;} + AES_ctr128_encrypt(temp, outdata, strlen(temp), &key, state.ivec, state.ecount, &state.num); + strcat(last,outdata); + ++i; + if (size < 16){break;} + memset(outdata,'\0', sizeof(outdata)); + } + + strcpy(out,last); + + return out; + +} + + static Myconninfo *MyconninfoParse(char *userdb, char **errmsg) { Myconninfo *co = (Myconninfo*)turn_malloc(sizeof(Myconninfo)); ns_bzero(co,sizeof(Myconninfo)); @@ -234,6 +279,9 @@ static MYSQL *get_mydb_connection(void) { if(co->ca || co->capath || co->cert || co->cipher || co->key) { mysql_ssl_set(mydbconnection, co->key, co->cert, co->ca, co->capath, co->cipher); } + if(turn_params.allow_encoding){ + co->password = decryptPassword(co->password, turn_params.secret_key); + } MYSQL *conn = mysql_real_connect(mydbconnection, co->host, co->user, co->password, co->dbname, co->port, NULL, CLIENT_IGNORE_SIGPIPE); if(!conn) { TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot open MySQL DB connection: <%s>, runtime error\n",pud->userdb); @@ -245,6 +293,10 @@ static MYSQL *get_mydb_connection(void) { mydbconnection=NULL; } else if(!donot_print_connection_success) { TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "MySQL DB connection success: %s\n",pud->userdb); + if(turn_params.allow_encoding) + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Connection is secure.\n"); + else + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Connection is not secure.\n"); donot_print_connection_success = 1; } } diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index e8d740d..c3f257d 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -114,7 +114,7 @@ DEFAULT_STUN_PORT,DEFAULT_STUN_TLS_PORT,0,0,1, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,0,0,NULL,NULL,NULL }, {NULL, 0},{NULL, 0}, -NEV_UNKNOWN, +NEV_UNKNOWN, { "Unknown", "UDP listening socket per session", "UDP thread per network endpoint", "UDP thread per CPU core" }, //////////////// Relay servers ////////////////////////////////// LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,0,"", @@ -647,6 +647,8 @@ static char AdminUsage[] = "Usage: turnadmin [command] [options]\n" " -I, --list-origins List origin-to-realm relations.\n" " -g, --set-realm-option Set realm params: max-bps, total-quota, user-quota.\n" " -G, --list-realm-options List realm params.\n" + " -E, --generate-encrypted-password-aes Generate and print to the standard\n" + " output an encrypted form of password with AES-128\n" "\nOptions with mandatory values:\n\n" #if !defined(TURN_NO_SQLITE) " -b, --db, --userdb SQLite database file, default value is /var/db/turndb or\n" @@ -667,6 +669,9 @@ static char AdminUsage[] = "Usage: turnadmin [command] [options]\n" " -u, --user Username\n" " -r, --realm Realm\n" " -p, --password Password\n" + " -x, --key-path Generates a 128 bit key into the given path.\n" + " -f, --file-key-path Contains a 128 bit key in the given path.\n" + " -v, --verify Verify a given base64 encrypted type password.\n" #if !defined(TURN_NO_SQLITE) || !defined(TURN_NO_PQ) || !defined(TURN_NO_MYSQL) || !defined(TURN_NO_MONGO) || !defined(TURN_NO_HIREDIS) " -o, --origin Origin\n" #endif @@ -679,8 +684,8 @@ static char AdminUsage[] = "Usage: turnadmin [command] [options]\n" " -h, --help Help\n"; #define OPTIONS "c:d:p:L:E:X:i:m:l:r:u:b:B:e:M:J:N:O:q:Q:s:C:vVofhznaAS" - -#define ADMIN_OPTIONS "PgGORIHKYlLkaADSdb:e:M:J:N:u:r:p:s:X:o:h" + +#define ADMIN_OPTIONS "PEgGORIHKYlLkaADSdb:e:M:J:N:u:r:p:s:X:o:h:x:v:f:" enum EXTRA_OPTS { NO_UDP_OPT=256, @@ -748,7 +753,9 @@ enum EXTRA_OPTS { SERVER_NAME_OPT, OAUTH_OPT, PROD_OPT, - NO_HTTP_OPT + NO_HTTP_OPT, + SECRET_KEY_OPT, + ALLOW_ENCODING_OPT }; struct myoption { @@ -867,11 +874,14 @@ static const struct myoption long_options[] = { { "no-tlsv1", optional_argument, NULL, NO_TLSV1_OPT }, { "no-tlsv1_1", optional_argument, NULL, NO_TLSV1_1_OPT }, { "no-tlsv1_2", optional_argument, NULL, NO_TLSV1_2_OPT }, + { "secret-key-file", required_argument, NULL, SECRET_KEY_OPT }, + { "allow-encoding-with-aes", required_argument, NULL, ALLOW_ENCODING_OPT}, { NULL, no_argument, NULL, 0 } }; static const struct myoption admin_long_options[] = { {"generate-encrypted-password", no_argument, NULL, 'P' }, + {"generate-encrypted-password-aes", no_argument, NULL, 'E'}, { "key", no_argument, NULL, 'k' }, { "add", no_argument, NULL, 'a' }, { "delete", no_argument, NULL, 'd' }, @@ -903,6 +913,9 @@ static const struct myoption admin_long_options[] = { { "user", required_argument, NULL, 'u' }, { "realm", required_argument, NULL, 'r' }, { "password", required_argument, NULL, 'p' }, + { "file-key-path", required_argument, NULL, 'f' }, + { "verify", required_argument, NULL, 'v' }, + { "key-path", required_argument, NULL, 'x'}, { "add-origin", no_argument, NULL, 'O' }, { "del-origin", no_argument, NULL, 'R' }, { "list-origins", required_argument, NULL, 'I' }, @@ -916,6 +929,139 @@ static const struct myoption admin_long_options[] = { { NULL, no_argument, NULL, 0 } }; + +struct ctr_state { + unsigned char ivec[16]; + unsigned int num; + unsigned char ecount[16]; +}; +struct ctr_state state; +int init_ctr(struct ctr_state *state, const unsigned char iv[8]){ + state->num = 0; + memset(state->ecount, 0, 16); + memset(state->ivec + 8, 0, 8); + memcpy(state->ivec, iv, 8); +} +unsigned char *base64encode (const void *b64_encode_this, int encode_this_many_bytes){ + BIO *b64_bio, *mem_bio; //Declares two OpenSSL BIOs: a base64 filter and a memory BIO. + BUF_MEM *mem_bio_mem_ptr; //Pointer to a "memory BIO" structure holding our base64 data. + b64_bio = BIO_new(BIO_f_base64()); //Initialize our base64 filter BIO. + mem_bio = BIO_new(BIO_s_mem()); //Initialize our memory sink BIO. + BIO_push(b64_bio, mem_bio); //Link the BIOs by creating a filter-sink BIO chain. + BIO_set_flags(b64_bio, BIO_FLAGS_BASE64_NO_NL); //No newlines every 64 characters or less. + BIO_write(b64_bio, b64_encode_this, encode_this_many_bytes); //Records base64 encoded data. + BIO_flush(b64_bio); //Flush data. Necessary for b64 encoding, because of pad characters. + BIO_get_mem_ptr(mem_bio, &mem_bio_mem_ptr); //Store address of mem_bio's memory structure. + BIO_set_close(mem_bio, BIO_NOCLOSE); //Permit access to mem_ptr after BIOs are destroyed. + BIO_free_all(b64_bio); //Destroys all BIOs in chain, starting with b64 (i.e. the 1st one). + BUF_MEM_grow(mem_bio_mem_ptr, (*mem_bio_mem_ptr).length + 1); //Makes space for end null. + (*mem_bio_mem_ptr).data[(*mem_bio_mem_ptr).length] = '\0'; //Adds null-terminator to tail. + return (*mem_bio_mem_ptr).data; //Returns base-64 encoded data. (See: "buf_mem_st" struct). +} +void encrypt(char* in, char* mykey){ + + + AES_KEY key; + int size=0; + char iv[8] = {0}; //changed + char out[256]; //changed + AES_set_encrypt_key(mykey, 128, &key); + char total[256]=""; + char tempinput[20]; + int i=0; + while(1){ + init_ctr(&state, iv); + sprintf(tempinput,"%.16s",&in[i*16]); + size=strlen(tempinput); + if(size==0){break;} + AES_ctr128_encrypt(tempinput, out, strlen(tempinput), &key, state.ivec, state.ecount, &state.num); + strcat(total,out); + ++i; + if (size <16){ break;} + } + + int bytes_to_encode = strlen((char*)total); + signed char *base64_encoded = base64encode(total, bytes_to_encode); + printf("%s\n",base64_encoded); +} +void generate_aes_128_key(char* filePath, char* returnedKey){ + int i; + int part; + FILE* fptr; + char key[16]; + struct timespec times; + clock_gettime(CLOCK_REALTIME,×); + srand(times.tv_nsec); + + for (i = 0; i < sizeof(key); i++) { + part = (rand() % 3); + if(part == 0){ + key[i] = (rand() % 10) + 48; + } + + else if(part == 1){ + key[i] = (rand() % 26) + 65; + } + + else if(part == 2){ + key[i] = (rand() % 26) + 97; + } + } + fptr = fopen(filePath, "w"); + for(i = 0; i < 16; i++){ + fputc(key[i], fptr); + } + strcpy(returnedKey, key); + fclose(fptr); + + +} + +unsigned char *base64decode (const void *b64_decode_this, int decode_this_many_bytes){ + BIO *b64_bio, *mem_bio; //Declares two OpenSSL BIOs: a base64 filter and a memory BIO. + char *base64_decoded = calloc( (decode_this_many_bytes*3)/4+1, sizeof(char) ); //+1 = null. + b64_bio = BIO_new(BIO_f_base64()); //Initialize our base64 filter BIO. + mem_bio = BIO_new(BIO_s_mem()); //Initialize our memory source BIO. + BIO_write(mem_bio, b64_decode_this, decode_this_many_bytes); //Base64 data saved in source. + BIO_push(b64_bio, mem_bio); //Link the BIOs by creating a filter-source BIO chain. + BIO_set_flags(b64_bio, BIO_FLAGS_BASE64_NO_NL); //Don't require trailing newlines. + int decoded_byte_index = 0; //Index where the next base64_decoded byte should be written. + while ( 0 < BIO_read(b64_bio, base64_decoded+decoded_byte_index, 1) ){ //Read byte-by-byte. + decoded_byte_index++; //Increment the index until read of BIO decoded data is complete. + } //Once we're done reading decoded data, BIO_read returns -1 even though there's no error. + BIO_free_all(b64_bio); //Destroys all BIOs in chain, starting with b64 (i.e. the 1st one). + return base64_decoded; //Returns base-64 decoded data with trailing null terminator. +} +void decrypt(char* in, char* mykey){ + + + char iv[8] = {0}; //changed + AES_KEY key; + char outdata[256]; //changed + AES_set_encrypt_key(mykey, 128, &key); + int size=0; + int bytes_to_decode = strlen(in); + //printf("byte_to_decode: %d\n",bytes_to_decode); + char *encryptedText = base64decode(in, bytes_to_decode); //changed + //printf("encryptedText: %s\n",encryptedText); + char temp[256]; + char last[1024]=""; + int i=0; + while(1){ + init_ctr(&state, iv); + sprintf(temp,"%.16s",&encryptedText[i*16]); + size=strlen(temp); + if(size==0){break;} + AES_ctr128_encrypt(temp, outdata, strlen(temp), &key, state.ivec, state.ecount, &state.num); + strcat(last,outdata); + ++i; + if (size < 16){break;} + } + + printf("%s\n",last); + +} + static int get_int_value(const char* s, int default_value) { if (!s || !(s[0])) @@ -1302,6 +1448,12 @@ static void set_option(int c, char *value) case DH_FILE_OPT: STRCPY(turn_params.dh_file,value); break; + case SECRET_KEY_OPT: + STRCPY(turn_params.secret_key_file,value); + break; + case ALLOW_ENCODING_OPT: + turn_params.allow_encoding = atoi(value); + break; case PKEY_FILE_OPT: STRCPY(turn_params.pkey_file,value); break; @@ -1489,6 +1641,10 @@ static int adminmain(int argc, char **argv) TURNADMIN_COMMAND_TYPE ct = TA_COMMAND_UNKNOWN; int is_admin = 0; + FILE* fptr; + char generated_key[20]; //changed + int counter; + char ch; u08bits user[STUN_MAX_USERNAME_SIZE+1]="\0"; u08bits realm[STUN_MAX_REALM_SIZE+1]="\0"; @@ -1501,84 +1657,88 @@ static int adminmain(int argc, char **argv) uo.u.m = admin_long_options; int print_enc_password = 0; + int print_enc_aes_password = 0; while (((c = getopt_long(argc, argv, ADMIN_OPTIONS, uo.u.o, NULL)) != -1)) { switch (c){ - case 'P': - if(pwd[0]) { - char result[257]; - generate_new_enc_password((char*)pwd, result); - printf("%s\n",result); - exit(0); - } - print_enc_password = 1; - break; - case 'g': - ct = TA_SET_REALM_OPTION; - break; - case 'G': - ct = TA_LIST_REALM_OPTIONS; - break; - case ADMIN_USER_QUOTA_OPT: - po.user_quota = (vint)atoi(optarg); - break; - case ADMIN_TOTAL_QUOTA_OPT: - po.total_quota = (vint)atoi(optarg); - break; - case ADMIN_MAX_BPS_OPT: - po.max_bps = (vint)atoi(optarg); - break; - case 'O': - ct = TA_ADD_ORIGIN; - break; - case 'R': - ct = TA_DEL_ORIGIN; - break; - case 'I': - ct = TA_LIST_ORIGINS; - break; - case 'o': - STRCPY(origin,optarg); - break; - case 'k': - ct = TA_PRINT_KEY; - break; - case 'a': - ct = TA_UPDATE_USER; - break; - case 'd': - ct = TA_DELETE_USER; - break; - case 'A': - ct = TA_UPDATE_USER; - is_admin = 1; - break; - case 'D': - ct = TA_DELETE_USER; - is_admin = 1; - break; - case 'l': - ct = TA_LIST_USERS; - break; - case 'L': - ct = TA_LIST_USERS; - is_admin = 1; - break; - case 's': - ct = TA_SET_SECRET; - STRCPY(secret,optarg); - break; - case 'S': - ct = TA_SHOW_SECRET; - break; - case 'X': - ct = TA_DEL_SECRET; - if(optarg) - STRCPY(secret,optarg); - break; - case DEL_ALL_AUTH_SECRETS_OPT: - ct = TA_DEL_SECRET; - break; + case 'P': + if(pwd[0]) { + char result[257]; + generate_new_enc_password((char*)pwd, result); + printf("%s\n",result); + exit(0); + } + print_enc_password = 1; + break; + case 'E': + print_enc_aes_password = 1; + break; + case 'g': + ct = TA_SET_REALM_OPTION; + break; + case 'G': + ct = TA_LIST_REALM_OPTIONS; + break; + case ADMIN_USER_QUOTA_OPT: + po.user_quota = (vint)atoi(optarg); + break; + case ADMIN_TOTAL_QUOTA_OPT: + po.total_quota = (vint)atoi(optarg); + break; + case ADMIN_MAX_BPS_OPT: + po.max_bps = (vint)atoi(optarg); + break; + case 'O': + ct = TA_ADD_ORIGIN; + break; + case 'R': + ct = TA_DEL_ORIGIN; + break; + case 'I': + ct = TA_LIST_ORIGINS; + break; + case 'o': + STRCPY(origin,optarg); + break; + case 'k': + ct = TA_PRINT_KEY; + break; + case 'a': + ct = TA_UPDATE_USER; + break; + case 'd': + ct = TA_DELETE_USER; + break; + case 'A': + ct = TA_UPDATE_USER; + is_admin = 1; + break; + case 'D': + ct = TA_DELETE_USER; + is_admin = 1; + break; + case 'l': + ct = TA_LIST_USERS; + break; + case 'L': + ct = TA_LIST_USERS; + is_admin = 1; + break; + case 's': + ct = TA_SET_SECRET; + STRCPY(secret,optarg); + break; + case 'S': + ct = TA_SHOW_SECRET; + break; + case 'X': + ct = TA_DEL_SECRET; + if(optarg) + STRCPY(secret,optarg); + break; + case DEL_ALL_AUTH_SECRETS_OPT: + ct = TA_DEL_SECRET; + break; #if !defined(TURN_NO_SQLITE) case 'b': STRCPY(turn_params.default_users_db.persistent_users_db.userdb,optarg); @@ -1609,45 +1769,70 @@ static int adminmain(int argc, char **argv) turn_params.default_users_db.userdb_type = TURN_USERDB_TYPE_REDIS; break; #endif - case 'u': - STRCPY(user,optarg); - if(!is_secure_username((u08bits*)user)) { - TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong user name structure or symbols, choose another name: %s\n",user); - exit(-1); - } - if(SASLprep((u08bits*)user)<0) { - TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong user name: %s\n",user); - exit(-1); - } - break; - case 'r': - set_default_realm_name(optarg); - STRCPY(realm,optarg); - if(SASLprep((u08bits*)realm)<0) { - TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong realm: %s\n",realm); - exit(-1); - } - break; - case 'p': - STRCPY(pwd,optarg); - if(SASLprep((u08bits*)pwd)<0) { - TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong password: %s\n",pwd); - exit(-1); - } - if(print_enc_password) { - char result[257]; - generate_new_enc_password((char*)pwd, result); - printf("%s\n",result); - exit(0); - } - break; - case 'h': - printf("\n%s\n", AdminUsage); - exit(0); - break; - default: - fprintf(stderr,"\n%s\n", AdminUsage); - exit(-1); + case 'u': + STRCPY(user,optarg); + if(!is_secure_username((u08bits*)user)) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong user name structure or symbols, choose another name: %s\n",user); + exit(-1); + } + if(SASLprep((u08bits*)user)<0) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong user name: %s\n",user); + exit(-1); + } + break; + case 'r': + set_default_realm_name(optarg); + STRCPY(realm,optarg); + if(SASLprep((u08bits*)realm)<0) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong realm: %s\n",realm); + exit(-1); + } + break; + case 'p': + STRCPY(pwd,optarg); + if(SASLprep((u08bits*)pwd)<0) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong password: %s\n",pwd); + exit(-1); + } + if(print_enc_password) { + char result[257]; + generate_new_enc_password((char*)pwd, result); + printf("%s\n",result); + exit(0); + } + + if(print_enc_aes_password){ + encrypt((unsigned char*)pwd, generated_key); + exit(0); + } + break; + + case 'x': + generate_aes_128_key(optarg, generated_key); + exit(0); + break; + case 'f': + fptr = fopen((char*)optarg, "r"); + if(fptr == NULL){ + printf("No such file like %s\n", (char*)optarg); + } + else{ + for(counter = 0; (ch = fgetc(fptr)) != EOF; counter++){ + generated_key[counter] = ch; + } + fclose(fptr); + } + break; + case 'v': + decrypt((char*)optarg, generated_key); + exit(0); + case 'h': + printf("\n%s\n", AdminUsage); + exit(0); + break; + default: + fprintf(stderr,"\n%s\n", AdminUsage); + exit(-1); } } @@ -2638,6 +2823,23 @@ static void set_ctx(SSL_CTX* ctx, const char *protocol) } } + {//secret key + + if(turn_params.secret_key_file[0]) { + FILE *f = fopen(turn_params.secret_key_file, "r"); + + if (!f) { + perror("Cannot open Secret-Key file"); + } else { + fseek (f, 0, SEEK_SET); + fread (turn_params.secret_key, sizeof(char), 16, f); + fclose (f); + + } + + } + } + { int op = 0; diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h index 544a3bc..ed05dff 100644 --- a/src/apps/relay/mainrelay.h +++ b/src/apps/relay/mainrelay.h @@ -77,6 +77,11 @@ #include "ns_ioalib_impl.h" +#include +#include +#include +#include + #ifdef __cplusplus extern "C" { #endif @@ -306,6 +311,11 @@ typedef struct _turn_params_ { unsigned long cpus; + ///////// Encryption ///////// + char secret_key_file[1025]; + char secret_key[1025]; + int allow_encoding; + } turn_params_t; extern turn_params_t turn_params; @@ -354,6 +364,14 @@ void set_bps_capacity(band_limit_t value); band_limit_t get_max_bps(void); void set_max_bps(band_limit_t value); +///////// AES ENCRYPTION AND DECRYPTION //////// + +void generate_aes_128_key(char* filePath, char* returnedKey); +unsigned char *base64encode (const void *b64_encode_this, int encode_this_many_bytes); +void encrypt(char* in, char* mykey); +unsigned char *base64decode (const void *b64_decode_this, int decode_this_many_bytes); +void decrypt(char* in, char* mykey); + /////////////////////////////// #ifdef __cplusplus From 875886168f7ef93623063cf700a0e97abfc4962f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mustafa=20Bing=C3=BCl?= Date: Wed, 8 Aug 2018 12:19:50 +0300 Subject: [PATCH 2/6] Removed unnecessary a line. Co-authored-by: erdemduman Co-authored-by: mashary --- examples/etc/turnserver.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf index 7a2ef65..01c0516 100644 --- a/examples/etc/turnserver.conf +++ b/examples/etc/turnserver.conf @@ -277,7 +277,6 @@ #mysql-userdb="host= dbname= user= password= port= connect_timeout= read_timeout=" #If you want to use password as encrpyted in the mysql connection string MySQL encrypted connection, this is key path. -#It must be. #This is the file path which contain secret key of aes encryption while using password encryption. #This attribute should be use if allow-encoding-with-aes set to 1. #secret-key-file=/path/ From a3b188a6ec4c969531e16fac9468dc71e3e17760 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mustafa=20Bing=C3=BCl?= Date: Thu, 9 Aug 2018 10:04:57 +0300 Subject: [PATCH 3/6] Changing file reading format. Co-authored-by: erdemduman Co-authored-by: mashary --- src/apps/relay/mainrelay.c | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index c3f257d..551b49c 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -1034,16 +1034,13 @@ unsigned char *base64decode (const void *b64_decode_this, int decode_this_many_b } void decrypt(char* in, char* mykey){ - char iv[8] = {0}; //changed AES_KEY key; char outdata[256]; //changed AES_set_encrypt_key(mykey, 128, &key); int size=0; int bytes_to_decode = strlen(in); - //printf("byte_to_decode: %d\n",bytes_to_decode); - char *encryptedText = base64decode(in, bytes_to_decode); //changed - //printf("encryptedText: %s\n",encryptedText); + char *encryptedText = base64decode(in, bytes_to_decode); //changed char temp[256]; char last[1024]=""; int i=0; @@ -1642,7 +1639,7 @@ static int adminmain(int argc, char **argv) int is_admin = 0; FILE* fptr; - char generated_key[20]; //changed + char generated_key[16]; //changed int counter; char ch; @@ -1800,13 +1797,11 @@ static int adminmain(int argc, char **argv) printf("%s\n",result); exit(0); } - if(print_enc_aes_password){ - encrypt((unsigned char*)pwd, generated_key); + encrypt((unsigned char*)pwd, generated_key); exit(0); } break; - case 'x': generate_aes_128_key(optarg, generated_key); exit(0); @@ -1817,14 +1812,13 @@ static int adminmain(int argc, char **argv) printf("No such file like %s\n", (char*)optarg); } else{ - for(counter = 0; (ch = fgetc(fptr)) != EOF; counter++){ - generated_key[counter] = ch; - } - fclose(fptr); + fseek (fptr, 0, SEEK_SET); + fread (generated_key, sizeof(char), 16, fptr); + fclose (fptr); } break; case 'v': - decrypt((char*)optarg, generated_key); + decrypt((char*)optarg, generated_key); exit(0); case 'h': printf("\n%s\n", AdminUsage); @@ -2834,9 +2828,7 @@ static void set_ctx(SSL_CTX* ctx, const char *protocol) fseek (f, 0, SEEK_SET); fread (turn_params.secret_key, sizeof(char), 16, f); fclose (f); - } - } } From 4c30226db6b8afdd455df103f77fe9d976b7e29c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mustafa=20Bing=C3=BCl?= Date: Mon, 13 Aug 2018 18:31:12 +0300 Subject: [PATCH 4/6] Changing aes encrypiton format. Co-authored-by: erdemduman Co-authored-by: mashary --- src/apps/relay/dbdrivers/dbd_mysql.c | 38 +++++++-------- src/apps/relay/mainrelay.c | 71 +++++++++++++++++----------- src/apps/relay/mainrelay.h | 1 + 3 files changed, 60 insertions(+), 50 deletions(-) diff --git a/src/apps/relay/dbdrivers/dbd_mysql.c b/src/apps/relay/dbdrivers/dbd_mysql.c index 26e925a..fb745fb 100644 --- a/src/apps/relay/dbdrivers/dbd_mysql.c +++ b/src/apps/relay/dbdrivers/dbd_mysql.c @@ -83,38 +83,30 @@ struct ctr_state { struct ctr_state state; -char* decryptPassword(unsigned char* in, unsigned char* mykey){ - unsigned char* out; - unsigned char iv[8] = {0}; +char* decryptPassword(char* in, char* mykey){ + + char *out; + int j=0,k=0; + int remainder,loop_count; + char iv[8] = {0}; //changed AES_KEY key; - unsigned char outdata[256]; + char outdata[256]; //changed AES_set_encrypt_key(mykey, 128, &key); - char total[256] = ""; int size=0; + int newTotalSize=decodedTextSize(in); int bytes_to_decode = strlen(in); - unsigned char *encryptedText = base64decode(in, bytes_to_decode); + char *encryptedText = base64decode(in, bytes_to_decode); //changed char temp[256]; char last[1024]=""; int i=0; - - while(1){ - init_ctr(&state, iv); - memset(temp,'\0', sizeof(temp)); - sprintf(temp,"%.16s",&encryptedText[i*16]); - size=strlen(temp); - if(size==0){break;} - AES_ctr128_encrypt(temp, outdata, strlen(temp), &key, state.ivec, state.ecount, &state.num); - strcat(last,outdata); - ++i; - if (size < 16){break;} - memset(outdata,'\0', sizeof(outdata)); - } - + init_ctr(&state, iv); + memset(outdata,'\0', sizeof(outdata)); + AES_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num); + strcat(last,outdata); + out=malloc(sizeof(char)*strlen(last)); strcpy(out,last); - return out; - } @@ -279,9 +271,11 @@ static MYSQL *get_mydb_connection(void) { if(co->ca || co->capath || co->cert || co->cipher || co->key) { mysql_ssl_set(mydbconnection, co->key, co->cert, co->ca, co->capath, co->cipher); } + if(turn_params.allow_encoding){ co->password = decryptPassword(co->password, turn_params.secret_key); } + MYSQL *conn = mysql_real_connect(mydbconnection, co->host, co->user, co->password, co->dbname, co->port, NULL, CLIENT_IGNORE_SIGPIPE); if(!conn) { TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot open MySQL DB connection: <%s>, runtime error\n",pud->userdb); diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 551b49c..e66f317 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -960,13 +960,14 @@ unsigned char *base64encode (const void *b64_encode_this, int encode_this_many_b } void encrypt(char* in, char* mykey){ - + int j=0,k=0; + int totalSize=0; AES_KEY key; int size=0; char iv[8] = {0}; //changed char out[256]; //changed AES_set_encrypt_key(mykey, 128, &key); - char total[256]=""; + char total[256]; char tempinput[20]; int i=0; while(1){ @@ -975,14 +976,17 @@ void encrypt(char* in, char* mykey){ size=strlen(tempinput); if(size==0){break;} AES_ctr128_encrypt(tempinput, out, strlen(tempinput), &key, state.ivec, state.ecount, &state.num); - strcat(total,out); + totalSize += strlen(tempinput); + for (j = 0; j< strlen(tempinput); j++) { + total[k++]=out[j]; + } ++i; if (size <16){ break;} } - int bytes_to_encode = strlen((char*)total); - signed char *base64_encoded = base64encode(total, bytes_to_encode); + unsigned char *base64_encoded = base64encode(total, totalSize); printf("%s\n",base64_encoded); + } void generate_aes_128_key(char* filePath, char* returnedKey){ int i; @@ -1032,31 +1036,38 @@ unsigned char *base64decode (const void *b64_decode_this, int decode_this_many_b BIO_free_all(b64_bio); //Destroys all BIOs in chain, starting with b64 (i.e. the 1st one). return base64_decoded; //Returns base-64 decoded data with trailing null terminator. } +int decodedTextSize(char *input){ + int i=0; + int result=0,padding=0; + for (i = 0; i < strlen(input); ++i) { + if(input[i]=='='){ + padding++; + } + } + result=(strlen(input)/4*3)-padding; + return result; + +} void decrypt(char* in, char* mykey){ - char iv[8] = {0}; //changed - AES_KEY key; - char outdata[256]; //changed - AES_set_encrypt_key(mykey, 128, &key); - int size=0; - int bytes_to_decode = strlen(in); - char *encryptedText = base64decode(in, bytes_to_decode); //changed - char temp[256]; - char last[1024]=""; - int i=0; - while(1){ - init_ctr(&state, iv); - sprintf(temp,"%.16s",&encryptedText[i*16]); - size=strlen(temp); - if(size==0){break;} - AES_ctr128_encrypt(temp, outdata, strlen(temp), &key, state.ivec, state.ecount, &state.num); - strcat(last,outdata); - ++i; - if (size < 16){break;} - } - - printf("%s\n",last); - + int j=0,k=0; + int remainder,loop_count; + char iv[8] = {0}; //changed + AES_KEY key; + char outdata[256]; //changed + AES_set_encrypt_key(mykey, 128, &key); + int size=0; + int newTotalSize=decodedTextSize(in); + int bytes_to_decode = strlen(in); + char *encryptedText = base64decode(in, bytes_to_decode); //changed + char temp[256]; + char last[1024]=""; + int i=0; + init_ctr(&state, iv); + memset(outdata,'\0', sizeof(outdata)); + AES_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num); + strcat(last,outdata); + printf("%s\n",last); } static int get_int_value(const char* s, int default_value) @@ -2126,6 +2137,10 @@ int main(int argc, char **argv) TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Domain name: %s\n",turn_params.domain); TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Default realm: %s\n",get_realm(NULL)->options.name); + if(turn_params.allow_encoding){ + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "allow-encoding-with-aes activated.\n"); + } + if(turn_params.oauth && turn_params.oauth_server_name[0]) { TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "oAuth server name: %s\n",turn_params.oauth_server_name); } diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h index ed05dff..1a2d7d8 100644 --- a/src/apps/relay/mainrelay.h +++ b/src/apps/relay/mainrelay.h @@ -371,6 +371,7 @@ unsigned char *base64encode (const void *b64_encode_this, int encode_this_many_b void encrypt(char* in, char* mykey); unsigned char *base64decode (const void *b64_decode_this, int decode_this_many_bytes); void decrypt(char* in, char* mykey); +int decodedTextSize(char *input); /////////////////////////////// From 23c84af26d294c3a6606f7be79514159b38dab73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mustafa=20Bing=C3=BCl?= Date: Tue, 14 Aug 2018 17:06:45 +0300 Subject: [PATCH 5/6] Changing aes encrypiton format. Co-authored-by: erdemduman Co-authored-by: mashary --- src/apps/relay/dbdrivers/dbd_mysql.c | 27 +++-------- src/apps/relay/mainrelay.c | 70 +++++++++++----------------- src/apps/relay/mainrelay.h | 18 +++++-- 3 files changed, 45 insertions(+), 70 deletions(-) diff --git a/src/apps/relay/dbdrivers/dbd_mysql.c b/src/apps/relay/dbdrivers/dbd_mysql.c index fb745fb..b4b0f92 100644 --- a/src/apps/relay/dbdrivers/dbd_mysql.c +++ b/src/apps/relay/dbdrivers/dbd_mysql.c @@ -34,7 +34,7 @@ #if !defined(TURN_NO_MYSQL) #include -#include + /////////////////////////////////////////////////////////////////////////////////////////////////////////// @@ -73,37 +73,22 @@ static void MyconninfoFree(Myconninfo *co) { ns_bzero(co,sizeof(Myconninfo)); } } - -struct ctr_state { - unsigned char ivec[16]; - unsigned int num; - unsigned char ecount[16]; -}; - - struct ctr_state state; - - -char* decryptPassword(char* in, char* mykey){ +char* decryptPassword(char* in, const unsigned char* mykey){ char *out; - int j=0,k=0; - int remainder,loop_count; - char iv[8] = {0}; //changed + unsigned char iv[8] = {0}; //changed AES_KEY key; - char outdata[256]; //changed + unsigned char outdata[256]; //changed AES_set_encrypt_key(mykey, 128, &key); - int size=0; int newTotalSize=decodedTextSize(in); int bytes_to_decode = strlen(in); - char *encryptedText = base64decode(in, bytes_to_decode); //changed - char temp[256]; + unsigned char *encryptedText = base64decode(in, bytes_to_decode); //changed char last[1024]=""; - int i=0; init_ctr(&state, iv); memset(outdata,'\0', sizeof(outdata)); AES_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num); - strcat(last,outdata); + strcat(last,(char*)outdata); out=malloc(sizeof(char)*strlen(last)); strcpy(out,last); return out; diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index e66f317..949a96a 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -930,17 +930,13 @@ static const struct myoption admin_long_options[] = { }; -struct ctr_state { - unsigned char ivec[16]; - unsigned int num; - unsigned char ecount[16]; -}; struct ctr_state state; int init_ctr(struct ctr_state *state, const unsigned char iv[8]){ state->num = 0; memset(state->ecount, 0, 16); memset(state->ivec + 8, 0, 8); memcpy(state->ivec, iv, 8); + return 1; } unsigned char *base64encode (const void *b64_encode_this, int encode_this_many_bytes){ BIO *b64_bio, *mem_bio; //Declares two OpenSSL BIOs: a base64 filter and a memory BIO. @@ -956,39 +952,31 @@ unsigned char *base64encode (const void *b64_encode_this, int encode_this_many_b BIO_free_all(b64_bio); //Destroys all BIOs in chain, starting with b64 (i.e. the 1st one). BUF_MEM_grow(mem_bio_mem_ptr, (*mem_bio_mem_ptr).length + 1); //Makes space for end null. (*mem_bio_mem_ptr).data[(*mem_bio_mem_ptr).length] = '\0'; //Adds null-terminator to tail. - return (*mem_bio_mem_ptr).data; //Returns base-64 encoded data. (See: "buf_mem_st" struct). + return (unsigned char*)(*mem_bio_mem_ptr).data; //Returns base-64 encoded data. (See: "buf_mem_st" struct). } -void encrypt(char* in, char* mykey){ +void encrypt(unsigned char* in, const unsigned char* mykey){ int j=0,k=0; int totalSize=0; AES_KEY key; - int size=0; - char iv[8] = {0}; //changed - char out[256]; //changed + unsigned char iv[8] = {0}; //changed + unsigned char out[1024]; //changed AES_set_encrypt_key(mykey, 128, &key); char total[256]; - char tempinput[20]; - int i=0; - while(1){ - init_ctr(&state, iv); - sprintf(tempinput,"%.16s",&in[i*16]); - size=strlen(tempinput); - if(size==0){break;} - AES_ctr128_encrypt(tempinput, out, strlen(tempinput), &key, state.ivec, state.ecount, &state.num); - totalSize += strlen(tempinput); - for (j = 0; j< strlen(tempinput); j++) { - total[k++]=out[j]; - } - ++i; - if (size <16){ break;} - } + int size=0; + init_ctr(&state, iv); + AES_ctr128_encrypt(in, out, strlen((char*)in), &key, state.ivec, state.ecount, &state.num); + totalSize += strlen((char*)in); + size = strlen((char*)in); + for (j = 0; j< size; j++) { + total[k++]=out[j]; + } unsigned char *base64_encoded = base64encode(total, totalSize); printf("%s\n",base64_encoded); } -void generate_aes_128_key(char* filePath, char* returnedKey){ +void generate_aes_128_key(char* filePath, unsigned char* returnedKey){ int i; int part; FILE* fptr; @@ -997,7 +985,7 @@ void generate_aes_128_key(char* filePath, char* returnedKey){ clock_gettime(CLOCK_REALTIME,×); srand(times.tv_nsec); - for (i = 0; i < sizeof(key); i++) { + for (i = 0; i < 16; i++) { part = (rand() % 3); if(part == 0){ key[i] = (rand() % 10) + 48; @@ -1015,7 +1003,7 @@ void generate_aes_128_key(char* filePath, char* returnedKey){ for(i = 0; i < 16; i++){ fputc(key[i], fptr); } - strcpy(returnedKey, key); + strcpy((char*)returnedKey, key); fclose(fptr); @@ -1023,7 +1011,7 @@ void generate_aes_128_key(char* filePath, char* returnedKey){ unsigned char *base64decode (const void *b64_decode_this, int decode_this_many_bytes){ BIO *b64_bio, *mem_bio; //Declares two OpenSSL BIOs: a base64 filter and a memory BIO. - char *base64_decoded = calloc( (decode_this_many_bytes*3)/4+1, sizeof(char) ); //+1 = null. + unsigned char *base64_decoded = calloc( (decode_this_many_bytes*3)/4+1, sizeof(char) ); //+1 = null. b64_bio = BIO_new(BIO_f_base64()); //Initialize our base64 filter BIO. mem_bio = BIO_new(BIO_s_mem()); //Initialize our memory source BIO. BIO_write(mem_bio, b64_decode_this, decode_this_many_bytes); //Base64 data saved in source. @@ -1039,34 +1027,30 @@ unsigned char *base64decode (const void *b64_decode_this, int decode_this_many_b int decodedTextSize(char *input){ int i=0; int result=0,padding=0; - for (i = 0; i < strlen(input); ++i) { + int size=strlen(input); + for (i = 0; i < size; ++i) { if(input[i]=='='){ padding++; } } result=(strlen(input)/4*3)-padding; return result; - } -void decrypt(char* in, char* mykey){ +void decrypt(char* in, const unsigned char* mykey){ - int j=0,k=0; - int remainder,loop_count; - char iv[8] = {0}; //changed + unsigned char iv[8] = {0}; AES_KEY key; - char outdata[256]; //changed + unsigned char outdata[256]; AES_set_encrypt_key(mykey, 128, &key); - int size=0; int newTotalSize=decodedTextSize(in); int bytes_to_decode = strlen(in); - char *encryptedText = base64decode(in, bytes_to_decode); //changed - char temp[256]; + unsigned char *encryptedText = base64decode(in, bytes_to_decode); char last[1024]=""; int i=0; init_ctr(&state, iv); memset(outdata,'\0', sizeof(outdata)); AES_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num); - strcat(last,outdata); + strcat(last,(char*)outdata); printf("%s\n",last); } @@ -1650,9 +1634,7 @@ static int adminmain(int argc, char **argv) int is_admin = 0; FILE* fptr; - char generated_key[16]; //changed - int counter; - char ch; + unsigned char generated_key[16]; //changed u08bits user[STUN_MAX_USERNAME_SIZE+1]="\0"; u08bits realm[STUN_MAX_REALM_SIZE+1]="\0"; @@ -1809,7 +1791,7 @@ static int adminmain(int argc, char **argv) exit(0); } if(print_enc_aes_password){ - encrypt((unsigned char*)pwd, generated_key); + encrypt(pwd, generated_key); exit(0); } break; diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h index 1a2d7d8..ab1246c 100644 --- a/src/apps/relay/mainrelay.h +++ b/src/apps/relay/mainrelay.h @@ -77,7 +77,6 @@ #include "ns_ioalib_impl.h" -#include #include #include #include @@ -313,7 +312,7 @@ typedef struct _turn_params_ { ///////// Encryption ///////// char secret_key_file[1025]; - char secret_key[1025]; + unsigned char secret_key[1025]; int allow_encoding; } turn_params_t; @@ -366,12 +365,21 @@ void set_max_bps(band_limit_t value); ///////// AES ENCRYPTION AND DECRYPTION //////// -void generate_aes_128_key(char* filePath, char* returnedKey); +struct ctr_state { + unsigned char ivec[16]; + unsigned int num; + unsigned char ecount[16]; +}; +void generate_aes_128_key(char* filePath, unsigned char* returnedKey); unsigned char *base64encode (const void *b64_encode_this, int encode_this_many_bytes); -void encrypt(char* in, char* mykey); +void encrypt(unsigned char* in, const unsigned char* mykey); unsigned char *base64decode (const void *b64_decode_this, int decode_this_many_bytes); -void decrypt(char* in, char* mykey); +void decrypt(char* in, const unsigned char* mykey); int decodedTextSize(char *input); +char* decryptPassword(char* in, const unsigned char* mykey); +int init_ctr(struct ctr_state *state, const unsigned char iv[8]); + + /////////////////////////////// From 337960002333d4bcfc48c3a6e0d647360f2f38bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mustafa=20Bing=C3=BCl?= Date: Tue, 14 Aug 2018 17:15:04 +0300 Subject: [PATCH 6/6] Edited aes encrypiton format. Co-authored-by: erdemduman Co-authored-by: mashary --- src/apps/relay/dbdrivers/dbd_mysql.c | 6 ++++++ src/apps/relay/mainrelay.c | 13 ++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/apps/relay/dbdrivers/dbd_mysql.c b/src/apps/relay/dbdrivers/dbd_mysql.c index b4b0f92..3953796 100644 --- a/src/apps/relay/dbdrivers/dbd_mysql.c +++ b/src/apps/relay/dbdrivers/dbd_mysql.c @@ -87,7 +87,13 @@ char* decryptPassword(char* in, const unsigned char* mykey){ char last[1024]=""; init_ctr(&state, iv); memset(outdata,'\0', sizeof(outdata)); + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + CRYPTO_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num,(block128_f)AES_encrypt); +#else AES_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num); +#endif + strcat(last,(char*)outdata); out=malloc(sizeof(char)*strlen(last)); strcpy(out,last); diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 949a96a..3fd5404 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -965,7 +965,13 @@ void encrypt(unsigned char* in, const unsigned char* mykey){ char total[256]; int size=0; init_ctr(&state, iv); + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + CRYPTO_ctr128_encrypt(in, out, strlen((char*)in), &key, state.ivec, state.ecount, &state.num,(block128_f)AES_encrypt); +#else AES_ctr128_encrypt(in, out, strlen((char*)in), &key, state.ivec, state.ecount, &state.num); +#endif + totalSize += strlen((char*)in); size = strlen((char*)in); for (j = 0; j< size; j++) { @@ -1046,10 +1052,15 @@ void decrypt(char* in, const unsigned char* mykey){ int bytes_to_decode = strlen(in); unsigned char *encryptedText = base64decode(in, bytes_to_decode); char last[1024]=""; - int i=0; init_ctr(&state, iv); memset(outdata,'\0', sizeof(outdata)); + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + CRYPTO_ctr128_encrypt(encryptedText,outdata,newTotalSize,&key, state.ivec, state.ecount, &state.num,(block128_f)AES_encrypt)); +#else AES_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num); +#endif + strcat(last,(char*)outdata); printf("%s\n",last); }