Mirror/frr
0
0
Fork 1
mirror of https://github.com/FRRouting/frr.git synced 2025-04-30 13:37:17 +02:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

ospfd,ripd: Enabling build with openssl

Browse source 
Enabling openssl library for md5 authentication in RIP and OSPF

Signed-off-by: Michal Ruprich <michalruprich@gmail.com>
This commit is contained in:
Michal Ruprich 2019-07-11 11:28:15 +02:00
parent 76eb017923
commit 0513a27153
4 changed files with 78 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
configure.ac
View file

@ -572,6 +572,20 @@ AC_ARG_ENABLE([thread-sanitizer],
AS_HELP_STRING([--enable-thread-sanitizer], [enable ThreadSanitizer support for detecting data races])) AS_HELP_STRING([--enable-thread-sanitizer], [enable ThreadSanitizer support for detecting data races]))
AC_ARG_ENABLE([memory-sanitizer], AC_ARG_ENABLE([memory-sanitizer],
AS_HELP_STRING([--enable-memory-sanitizer], [enable MemorySanitizer support for detecting uninitialized memory reads])) AS_HELP_STRING([--enable-memory-sanitizer], [enable MemorySanitizer support for detecting uninitialized memory reads]))
AC_ARG_WITH([crypto],
AS_HELP_STRING([--with-crypto=<internal|openssl>], [choose between different implementations of cryptographic functions(default value is --with-crypto=internal)]))
#if openssl, else use the internal
AS_IF([test x"${with_crypto}" = x"openssl"], [
AC_CHECK_LIB([crypto], [EVP_DigestInit], [LIBS="$LIBS -lcrypto"], [], [])
if test $ac_cv_lib_crypto_EVP_DigestInit = no; then
AC_MSG_ERROR([build with openssl has been specified but openssl library was not found on your system])
else
AC_DEFINE([CRYPTO_OPENSSL], [1], [Compile with openssl support])
fi
], [test x"${with_crypto}" = x"internal" || test x"${with_crypto}" = x"" ], [AC_DEFINE([CRYPTO_INTERNAL], [1], [Compile with internal cryptographic implementation])
], [AC_MSG_ERROR([Unknown value for --with-crypto])]
)
AS_IF([test "${enable_clippy_only}" != "yes"], [ AS_IF([test "${enable_clippy_only}" != "yes"], [
AC_CHECK_HEADERS([json-c/json.h]) AC_CHECK_HEADERS([json-c/json.h])

4
lib/zebra.h
View file

@ -134,6 +134,10 @@ typedef unsigned char uint8_t;
#endif #endif
#endif #endif
#ifdef CRYPTO_OPENSSL
#include <openssl/evp.h>
#endif
#include "openbsd-tree.h" #include "openbsd-tree.h"
#include <netinet/in.h> #include <netinet/in.h>

30
ospfd/ospf_packet.c
View file

@ -33,7 +33,9 @@
#include "log.h" #include "log.h"
#include "sockopt.h" #include "sockopt.h"
#include "checksum.h" #include "checksum.h"
#ifdef CRYPTO_INTERNAL
#include "md5.h" #include "md5.h"
#endif
#include "vrf.h" #include "vrf.h"
#include "lib_errors.h" #include "lib_errors.h"
@ -332,7 +334,11 @@ static unsigned int ospf_packet_max(struct ospf_interface *oi)
static int ospf_check_md5_digest(struct ospf_interface *oi, static int ospf_check_md5_digest(struct ospf_interface *oi,
struct ospf_header *ospfh) struct ospf_header *ospfh)
{ {
#ifdef CRYPTO_OPENSSL
EVP_MD_CTX *ctx;
#elif CRYPTO_INTERNAL
MD5_CTX ctx; MD5_CTX ctx;
#endif
unsigned char digest[OSPF_AUTH_MD5_SIZE]; unsigned char digest[OSPF_AUTH_MD5_SIZE];
struct crypt_key *ck; struct crypt_key *ck;
struct ospf_neighbor *nbr; struct ospf_neighbor *nbr;
@ -361,11 +367,21 @@ static int ospf_check_md5_digest(struct ospf_interface *oi,
} }
/* Generate a digest for the ospf packet - their digest + our digest. */ /* Generate a digest for the ospf packet - their digest + our digest. */
#ifdef CRYPTO_OPENSSL
unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_md5());
EVP_DigestUpdate(ctx, ospfh, length);
EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
EVP_DigestFinal(ctx, digest, &md5_size);
EVP_MD_CTX_free(ctx);
#elif CRYPTO_INTERNAL
memset(&ctx, 0, sizeof(ctx)); memset(&ctx, 0, sizeof(ctx));
MD5Init(&ctx); MD5Init(&ctx);
MD5Update(&ctx, ospfh, length); MD5Update(&ctx, ospfh, length);
MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE); MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
MD5Final(digest, &ctx); MD5Final(digest, &ctx);
#endif
/* compare the two */ /* compare the two */
if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) { if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
@ -389,7 +405,11 @@ static int ospf_make_md5_digest(struct ospf_interface *oi,
{ {
struct ospf_header *ospfh; struct ospf_header *ospfh;
unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0}; unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
#ifdef CRYPTO_OPENSSL
EVP_MD_CTX *ctx;
#elif CRYPTO_INTERNAL
MD5_CTX ctx; MD5_CTX ctx;
#endif
void *ibuf; void *ibuf;
uint32_t t; uint32_t t;
struct crypt_key *ck; struct crypt_key *ck;
@ -422,11 +442,21 @@ static int ospf_make_md5_digest(struct ospf_interface *oi,
} }
/* Generate a digest for the entire packet + our secret key. */ /* Generate a digest for the entire packet + our secret key. */
#ifdef CRYPTO_OPENSSL
unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_md5());
EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
EVP_DigestFinal(ctx, digest, &md5_size);
EVP_MD_CTX_free(ctx);
#elif CRYPTO_INTERNAL
memset(&ctx, 0, sizeof(ctx)); memset(&ctx, 0, sizeof(ctx));
MD5Init(&ctx); MD5Init(&ctx);
MD5Update(&ctx, ibuf, ntohs(ospfh->length)); MD5Update(&ctx, ibuf, ntohs(ospfh->length));
MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE); MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
MD5Final(digest, &ctx); MD5Final(digest, &ctx);
#endif
/* Append md5 digest to the end of the stream. */ /* Append md5 digest to the end of the stream. */
stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE); stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);

30
ripd/ripd.c
View file

@ -37,7 +37,9 @@
#include "if_rmap.h" #include "if_rmap.h"
#include "plist.h" #include "plist.h"
#include "distribute.h" #include "distribute.h"
#ifdef CRYPTO_INTERNAL
#include "md5.h" #include "md5.h"
#endif
#include "keychain.h" #include "keychain.h"
#include "privs.h" #include "privs.h"
#include "lib_errors.h" #include "lib_errors.h"
@ -870,7 +872,11 @@ static int rip_auth_md5(struct rip_packet *packet, struct sockaddr_in *from,
struct rip_md5_data *md5data; struct rip_md5_data *md5data;
struct keychain *keychain; struct keychain *keychain;
struct key *key; struct key *key;
#ifdef CRYPTO_OPENSSL
EVP_MD_CTX *ctx;
#elif CRYPTO_INTERNAL
MD5_CTX ctx; MD5_CTX ctx;
#endif
uint8_t digest[RIP_AUTH_MD5_SIZE]; uint8_t digest[RIP_AUTH_MD5_SIZE];
uint16_t packet_len; uint16_t packet_len;
char auth_str[RIP_AUTH_MD5_SIZE] = {}; char auth_str[RIP_AUTH_MD5_SIZE] = {};
@ -934,11 +940,21 @@ static int rip_auth_md5(struct rip_packet *packet, struct sockaddr_in *from,
return 0; return 0;
/* MD5 digest authentication. */ /* MD5 digest authentication. */
#ifdef CRYPTO_OPENSSL
unsigned int md5_size = RIP_AUTH_MD5_SIZE;
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_md5());
EVP_DigestUpdate(ctx, packet, packet_len + RIP_HEADER_SIZE);
EVP_DigestUpdate(ctx, auth_str, RIP_AUTH_MD5_SIZE);
EVP_DigestFinal(ctx, digest, &md5_size);
EVP_MD_CTX_free(ctx);
#elif CRYPTO_INTERNAL
memset(&ctx, 0, sizeof(ctx)); memset(&ctx, 0, sizeof(ctx));
MD5Init(&ctx); MD5Init(&ctx);
MD5Update(&ctx, packet, packet_len + RIP_HEADER_SIZE); MD5Update(&ctx, packet, packet_len + RIP_HEADER_SIZE);
MD5Update(&ctx, auth_str, RIP_AUTH_MD5_SIZE); MD5Update(&ctx, auth_str, RIP_AUTH_MD5_SIZE);
MD5Final(digest, &ctx); MD5Final(digest, &ctx);
#endif
if (memcmp(md5data->digest, digest, RIP_AUTH_MD5_SIZE) == 0) if (memcmp(md5data->digest, digest, RIP_AUTH_MD5_SIZE) == 0)
return packet_len; return packet_len;
@ -1063,7 +1079,11 @@ static void rip_auth_md5_set(struct stream *s, struct rip_interface *ri,
size_t doff, char *auth_str, int authlen) size_t doff, char *auth_str, int authlen)
{ {
unsigned long len; unsigned long len;
#ifdef CRYPTO_OPENSSL
EVP_MD_CTX *ctx;
#elif CRYPTO_INTERNAL
MD5_CTX ctx; MD5_CTX ctx;
#endif
unsigned char digest[RIP_AUTH_MD5_SIZE]; unsigned char digest[RIP_AUTH_MD5_SIZE];
/* Make it sure this interface is configured as MD5 /* Make it sure this interface is configured as MD5
@ -1092,11 +1112,21 @@ static void rip_auth_md5_set(struct stream *s, struct rip_interface *ri,
stream_putw(s, RIP_AUTH_DATA); stream_putw(s, RIP_AUTH_DATA);
/* Generate a digest for the RIP packet. */ /* Generate a digest for the RIP packet. */
#ifdef CRYPTO_OPENSSL
unsigned int md5_size = RIP_AUTH_MD5_SIZE;
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_md5());
EVP_DigestUpdate(ctx, STREAM_DATA(s), stream_get_endp(s));
EVP_DigestUpdate(ctx, auth_str, RIP_AUTH_MD5_SIZE);
EVP_DigestFinal(ctx, digest, &md5_size);
EVP_MD_CTX_free(ctx);
#elif CRYPTO_INTERNAL
memset(&ctx, 0, sizeof(ctx)); memset(&ctx, 0, sizeof(ctx));
MD5Init(&ctx); MD5Init(&ctx);
MD5Update(&ctx, STREAM_DATA(s), stream_get_endp(s)); MD5Update(&ctx, STREAM_DATA(s), stream_get_endp(s));
MD5Update(&ctx, auth_str, RIP_AUTH_MD5_SIZE); MD5Update(&ctx, auth_str, RIP_AUTH_MD5_SIZE);
MD5Final(digest, &ctx); MD5Final(digest, &ctx);
#endif
/* Copy the digest to the packet. */ /* Copy the digest to the packet. */
stream_write(s, digest, RIP_AUTH_MD5_SIZE); stream_write(s, digest, RIP_AUTH_MD5_SIZE);