You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

146 lines
5.0 KiB

  1. From c842faae63b562acc7d989a9cdc815def9ee2ed6 Mon Sep 17 00:00:00 2001
  2. From: Sven-Haegar Koch <haegar@sdinet.de>
  3. Date: Wed, 2 Nov 2016 23:08:24 +0100
  4. Subject: [PATCH] OpenSSL 1.1.0 compile fix.
  5. ---
  6. crypto.c | 53 +++++++++++++++++++++++++++++++++++------------------
  7. 1 file changed, 35 insertions(+), 18 deletions(-)
  8. --- a/crypto.c
  9. +++ b/crypto.c
  10. @@ -46,6 +46,10 @@ openssl dgst \
  11. */
  12. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  13. +#define EVP_PKEY_get0_RSA(a) ((a)->pkey.rsa)
  14. +#endif
  15. +
  16. EVP_PKEY *
  17. crypto_load_key(const char *key, const bool is_private)
  18. {
  19. @@ -80,7 +84,7 @@ crypto_rsa_verify_signature(struct strin
  20. {
  21. int err;
  22. bool retval;
  23. - EVP_MD_CTX md_ctx;
  24. + EVP_MD_CTX *md_ctx;
  25. EVP_PKEY *pkey;
  26. /* load public key into openssl structure */
  27. @@ -89,15 +93,22 @@ crypto_rsa_verify_signature(struct strin
  28. log_err("crypto_verify_signature: key loading failed\n");
  29. return false;
  30. }
  31. -
  32. +
  33. + md_ctx = EVP_MD_CTX_create();
  34. + if (!md_ctx) {
  35. + log_err("crypto_verify_signature: md_ctx alloc failed\n");
  36. + return false;
  37. + }
  38. +
  39. /* Verify the signature */
  40. - if (EVP_VerifyInit(&md_ctx, EVP_sha512()) != 1) {
  41. + if (EVP_VerifyInit(md_ctx, EVP_sha512()) != 1) {
  42. log_err("crypto_verify_signature: libcrypto verify init failed\n");
  43. + EVP_MD_CTX_destroy(md_ctx);
  44. EVP_PKEY_free(pkey);
  45. return false;
  46. }
  47. - EVP_VerifyUpdate(&md_ctx, string_get(databuffer), string_length(databuffer));
  48. - err = EVP_VerifyFinal(&md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
  49. + EVP_VerifyUpdate(md_ctx, string_get(databuffer), string_length(databuffer));
  50. + err = EVP_VerifyFinal(md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
  51. EVP_PKEY_free(pkey);
  52. if (err != 1) {
  53. @@ -110,7 +121,7 @@ crypto_rsa_verify_signature(struct strin
  54. retval = true;
  55. bailout_ctx_cleanup:
  56. - EVP_MD_CTX_cleanup(&md_ctx);
  57. + EVP_MD_CTX_destroy(md_ctx);
  58. //log_info("Signature Verified Ok.\n");
  59. return retval;
  60. @@ -146,7 +157,7 @@ crypto_rsa_decrypt(struct string *cipher
  61. len = RSA_private_decrypt(string_length(ciphertext),
  62. (unsigned char*)string_get(ciphertext),
  63. (unsigned char*)string_get(decrypted),
  64. - pkey->pkey.rsa,
  65. + EVP_PKEY_get0_RSA(pkey),
  66. RSA_PKCS1_OAEP_PADDING);
  67. if (len >= 0) {
  68. /* TODO: need cleaner way: */
  69. @@ -167,28 +178,33 @@ bool
  70. crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct string *aes_iv, struct string *decrypted)
  71. {
  72. bool retval = false;
  73. - EVP_CIPHER_CTX ctx;
  74. + EVP_CIPHER_CTX *ctx;
  75. int decryptspace;
  76. int decryptdone;
  77. - EVP_CIPHER_CTX_init(&ctx);
  78. - if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL,
  79. + ctx = EVP_CIPHER_CTX_new();
  80. + if (!ctx) {
  81. + log_err("crypto_aes_decrypt: ctx alloc failed\n");
  82. + goto bail_out;
  83. + }
  84. +
  85. + if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
  86. (unsigned char *)string_get(aes_key),
  87. (unsigned char *)string_get(aes_iv))) {
  88. log_err("crypto_aes_decrypt: init failed\n");
  89. ERR_print_errors_fp(stderr);
  90. goto bail_out;
  91. }
  92. - EVP_CIPHER_CTX_set_padding(&ctx, 1);
  93. + EVP_CIPHER_CTX_set_padding(ctx, 1);
  94. - if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(&ctx)) {
  95. + if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(ctx)) {
  96. log_err("crypto_aes_decrypt: invalid key size (%" PRIuPTR " vs expected %d)\n",
  97. - string_length(aes_key), EVP_CIPHER_CTX_key_length(&ctx));
  98. + string_length(aes_key), EVP_CIPHER_CTX_key_length(ctx));
  99. goto bail_out;
  100. }
  101. - if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(&ctx)) {
  102. + if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(ctx)) {
  103. log_err("crypto_aes_decrypt: invalid iv size (%" PRIuPTR " vs expected %d)\n",
  104. - string_length(aes_iv), EVP_CIPHER_CTX_iv_length(&ctx));
  105. + string_length(aes_iv), EVP_CIPHER_CTX_iv_length(ctx));
  106. goto bail_out;
  107. }
  108. @@ -201,7 +217,7 @@ crypto_aes_decrypt(struct string *cipher
  109. goto bail_out;
  110. }
  111. - if (EVP_DecryptUpdate(&ctx, (unsigned char*)string_get(decrypted),
  112. + if (EVP_DecryptUpdate(ctx, (unsigned char*)string_get(decrypted),
  113. &decryptdone, (unsigned char*)string_get(ciphertext),
  114. string_length(ciphertext))) {
  115. /* TODO: need cleaner way: */
  116. @@ -212,7 +228,7 @@ crypto_aes_decrypt(struct string *cipher
  117. goto bail_out;
  118. }
  119. - if (EVP_DecryptFinal_ex(&ctx,
  120. + if (EVP_DecryptFinal_ex(ctx,
  121. (unsigned char*)string_get(decrypted)+string_length(decrypted),
  122. &decryptdone)) {
  123. /* TODO: need cleaner way: */
  124. @@ -226,7 +242,8 @@ crypto_aes_decrypt(struct string *cipher
  125. retval = true;
  126. bail_out:
  127. - EVP_CIPHER_CTX_cleanup(&ctx);
  128. + if (ctx)
  129. + EVP_CIPHER_CTX_free(ctx);
  130. return retval;
  131. }