This is a new patch version with the unnecessary changes removed.
From: Bastian Germann <[email protected]>
Subject: Revert "use wolfssl instead of openssl"
This reverts commit 0fb0df7be2a95904d5558544828516a33bff0813.
---
CMakeLists.txt | 6 ++--
libvdeplug_agno.c | 71 ++++++++++-------------------------------------
2 files changed, 18 insertions(+), 59 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 318750d..1361f57 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -10,8 +10,8 @@ include(CheckIncludeFile)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_FORTIFY_SOURCE=2 -O2 -pedantic -Wall -Wextra")
set(CMAKE_REQUIRED_QUIET TRUE)
-set(LIBS_REQUIRED vdeplug_mod wolfssl)
-set(HEADERS_REQUIRED strcase.h libvdeplug.h strcase.h wolfssl/options.h wolfssl/wolfcrypt/aes.h wolfssl/wolfcrypt/random.h)
+set(LIBS_REQUIRED vdeplug_mod crypto)
+set(HEADERS_REQUIRED strcase.h libvdeplug.h openssl/aes.h openssl/rand.h)
foreach(THISLIB IN LISTS LIBS_REQUIRED)
find_library(LIB${THISLIB}_OK ${THISLIB})
@@ -31,7 +31,7 @@ add_definitions(-D_GNU_SOURCE)
include_directories(${CMAKE_CURRENT_SOURCE_DIR})
add_library(vdeplug_agno SHARED libvdeplug_agno.c)
-target_link_libraries(vdeplug_agno vdeplug_mod wolfssl)
+target_link_libraries(vdeplug_agno vdeplug_mod crypto)
install(TARGETS vdeplug_agno DESTINATION ${CMAKE_INSTALL_LIBDIR}/vdeplug)
diff --git a/libvdeplug_agno.c b/libvdeplug_agno.c
index 28c0e3e..c2ab56e 100644
--- a/libvdeplug_agno.c
+++ b/libvdeplug_agno.c
@@ -35,9 +35,8 @@
#include <net/ethernet.h>
#include <arpa/inet.h>
#ifndef DEBUG_DISABLE_ENCRYPTION
-#include <wolfssl/options.h>
-#include <wolfssl/wolfcrypt/aes.h>
-#include <wolfssl/wolfcrypt/random.h>
+#include <openssl/aes.h>
+#include <openssl/rand.h>
#endif
#include <libvdeplug.h>
#include <libvdeplug_mod.h>
@@ -81,9 +80,8 @@ struct vde_agno_conn {
struct vdeplug_module *module;
VDECONN *conn;
uint16_t ether_type;
- Aes ekey; /* Encryption key */
- Aes dkey; /* Decryption key */
- WC_RNG rng;
+ AES_KEY ekey; /* Encryption key */
+ AES_KEY dkey; /* Decryption key */
};
/* Declaration of the module sructure */
@@ -240,9 +238,8 @@ static VDECONN *vde_agno_open(char *vde_url, char *descr, int interface_version,
}
/* Set key as encryption and decryption key */
#ifndef DEBUG_DISABLE_ENCRYPTION
- wc_AesSetKey(&newconn->ekey, cryptkey, sizeof(cryptkey), NULL, AES_ENCRYPTION);
- wc_AesSetKey(&newconn->dkey, cryptkey, sizeof(cryptkey), NULL, AES_DECRYPTION);
- wc_InitRng(&newconn->rng);
+ AES_set_encrypt_key(cryptkey, sizeof(cryptkey) * 8, &newconn->ekey);
+ AES_set_decrypt_key(cryptkey, sizeof(cryptkey) * 8, &newconn->dkey);
#endif
return (VDECONN *) newconn;
@@ -251,40 +248,6 @@ error:
return NULL;
}
-/* wc_AesCbcEncrypt + padding */
-static inline int pad_AesCbcEncrypt(Aes* aes, byte* out,
- const byte* in, word32 sz) {
- int rv;
- word32 szcomplete = sz & ~(AES_BLOCK_SIZE - 1);
- rv = wc_AesCbcEncrypt(aes, out, in, szcomplete);
- if (szcomplete != sz && rv == 0) {
- word32 i;
- byte buf[AES_BLOCK_SIZE];
- for (i = 0; szcomplete + i < sz; i++)
- buf[i] = in[szcomplete + i];
- for( ; i < AES_BLOCK_SIZE; i++)
- buf[i] = 0;
- rv = wc_AesCbcEncrypt(aes, out + szcomplete, buf, AES_BLOCK_SIZE);
- }
- return rv;
-}
-
-/* pad_AesCbcDecrypt + padding */
-static inline int pad_AesCbcDecrypt(Aes* aes, byte* out,
- const byte* in, word32 sz) {
- int rv;
- word32 szcomplete = sz & ~(AES_BLOCK_SIZE - 1);
- rv = wc_AesCbcDecrypt(aes, out, in, szcomplete);
- if (szcomplete != sz && rv == 0) {
- word32 i;
- byte buf[AES_BLOCK_SIZE];
- rv = pad_AesCbcDecrypt(aes, buf, in + szcomplete, AES_BLOCK_SIZE);
- for (i = 0; szcomplete + i < sz; i++)
- out[szcomplete + i] = buf[i];
- }
- return rv;
-}
-
static ssize_t vde_agno_recv(VDECONN *conn, void *buf, size_t len, int flags) {
struct vde_agno_conn *vde_conn = (struct vde_agno_conn *)conn;
/* */
@@ -306,7 +269,7 @@ static ssize_t vde_agno_recv(VDECONN *conn, void *buf, size_t len, int flags) {
#ifdef DEBUG_DISABLE_ENCRYPTION
memcpy(&ahdr, encbuf + sizeof(*ehdr), sizeof(ahdr));
#else
- wc_AesEcbDecrypt(&vde_conn->dkey, (unsigned char *)&ahdr, encbuf + sizeof(*ehdr), AES_BLOCK_SIZE);
+ AES_ecb_encrypt(encbuf + sizeof(*ehdr), (unsigned char *)&ahdr, &vde_conn->dkey, AES_DECRYPT);
#endif
/* Tag check */
if (ahdr.tag != AGNO_TAG)
@@ -320,10 +283,10 @@ static ssize_t vde_agno_recv(VDECONN *conn, void *buf, size_t len, int flags) {
#ifdef DEBUG_DISABLE_ENCRYPTION
memcpy(((unsigned char *) buf) + ETH_HEADER_SIZE, encbuf + sizeof(*ehdr) + sizeof(ahdr), retval - ETH_HEADER_SIZE); //Decrypt 2
#else
- wc_AesSetIV(&vde_conn->dkey, iv_dec);
- pad_AesCbcDecrypt(&vde_conn->dkey, ((unsigned char *) buf) + ETH_HEADER_SIZE,
+ AES_cbc_encrypt(
encbuf + sizeof(*ehdr) + sizeof(ahdr),
- retval - ETH_HEADER_SIZE);
+ ((unsigned char *) buf) + ETH_HEADER_SIZE,
+ retval - ETH_HEADER_SIZE, &vde_conn->dkey, iv_dec, AES_DECRYPT);
#endif
return retval;
error:
@@ -368,24 +331,23 @@ static ssize_t vde_agno_send(VDECONN *conn, const void *buf, size_t len, int fla
}
/* Complete initialization of agno header */
#ifndef DEBUG_DISABLE_ENCRYPTION
- wc_RNG_GenerateBlock(&vde_conn->rng, ahdr.rand, 4);
+ RAND_bytes(ahdr.rand, 4);
#endif
/* Encrypt agno header */
#ifdef DEBUG_DISABLE_ENCRYPTION
memcpy(encbuf + sizeof(*ehdr), &ahdr, sizeof(ahdr));
#else
- wc_AesEcbEncrypt(&vde_conn->ekey, encbuf + sizeof(*ehdr), (unsigned char *)&ahdr, AES_BLOCK_SIZE);
+ AES_ecb_encrypt((unsigned char *)&ahdr, encbuf + sizeof(*ehdr), &vde_conn->ekey, AES_ENCRYPT);
#endif
memcpy(iv_enc, &ahdr, sizeof(iv_enc));
/* Encrypt payload */
#ifdef DEBUG_DISABLE_ENCRYPTION
memcpy(encbuf + sizeof(*ehdr) + sizeof(ahdr), ((const unsigned char *) buf) + ETH_HEADER_SIZE, len - ETH_HEADER_SIZE);
#else
- wc_AesSetIV(&vde_conn->ekey, iv_enc);
- pad_AesCbcEncrypt(&vde_conn->ekey,
+ AES_cbc_encrypt(
+ ((const unsigned char *) buf) + ETH_HEADER_SIZE,
encbuf + sizeof(*ehdr) + sizeof(ahdr),
- ((unsigned char *) buf) + ETH_HEADER_SIZE,
- len - ETH_HEADER_SIZE);
+ len - ETH_HEADER_SIZE, &vde_conn->ekey, iv_enc, AES_ENCRYPT);
#endif
retval = vde_send(vde_conn->conn, encbuf, enclen, flags);
if (retval == enclen)
@@ -407,9 +369,6 @@ static int vde_agno_ctlfd(VDECONN *conn) {
static int vde_agno_close(VDECONN *conn) {
struct vde_agno_conn *vde_conn = (struct vde_agno_conn *)conn;
int rv;
-#ifndef DEBUG_DISABLE_ENCRYPTION
- wc_FreeRng(&vde_conn->rng);
-#endif
rv = vde_close(vde_conn->conn);
free(vde_conn);
return rv;
