You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

189 lines
5.2 KiB

  1. From c794bbd16d2f39c656478608eb1314055e877370 Mon Sep 17 00:00:00 2001
  2. From: Eneas U de Queiroz <cote2004-github@yahoo.com>
  3. Date: Sat, 26 May 2018 23:44:54 -0300
  4. Subject: [PATCH] ibrdtnd: added openssl compatibility
  5. This patch adds compatibility with openssl 1.1.0 to ibrdtnd.
  6. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
  7. ---
  8. ibrdtn/daemon/src/security/exchange/DHProtocol.cpp | 36 ++++++++++---
  9. ibrdtn/daemon/src/security/exchange/Makefile.am | 2 +
  10. .../src/security/exchange/openssl_compat.cpp | 62 ++++++++++++++++++++++
  11. .../daemon/src/security/exchange/openssl_compat.h | 13 +++++
  12. 4 files changed, 107 insertions(+), 6 deletions(-)
  13. create mode 100644 ibrdtn/daemon/src/security/exchange/openssl_compat.cpp
  14. create mode 100644 ibrdtn/daemon/src/security/exchange/openssl_compat.h
  15. --- a/src/security/exchange/DHProtocol.cpp
  16. +++ b/src/security/exchange/DHProtocol.cpp
  17. @@ -30,6 +30,7 @@
  18. #include <openssl/rand.h>
  19. #include <openssl/pem.h>
  20. +#include "openssl_compat.h"
  21. #define DH_KEY_LENGTH 1024
  22. @@ -132,6 +133,7 @@ namespace dtn
  23. void DHProtocol::begin(KeyExchangeSession &session, KeyExchangeData &data)
  24. {
  25. + const BIGNUM *pub_key, *p, *g;
  26. // get session state
  27. DHState &state = session.getState<DHState>();
  28. @@ -159,9 +161,12 @@ namespace dtn
  29. // prepare request
  30. KeyExchangeData request(KeyExchangeData::REQUEST, session);
  31. - write(request, state.dh->pub_key);
  32. - write(request, state.dh->p);
  33. - write(request, state.dh->g);
  34. + DH_get0_pqg(state.dh, &p, NULL, &g);
  35. + DH_get0_key(state.dh, &pub_key, NULL);
  36. +
  37. + write(request, pub_key);
  38. + write(request, p);
  39. + write(request, g);
  40. manager.submit(session, request);
  41. }
  42. @@ -177,6 +182,15 @@ namespace dtn
  43. {
  44. if (data.getAction() == KeyExchangeData::REQUEST)
  45. {
  46. + BIGNUM *p = BN_new();
  47. + BIGNUM *g = BN_new();
  48. + if (p == NULL || g == NULL)
  49. + {
  50. + BN_free(p);
  51. + BN_free(g);
  52. + throw ibrcommon::Exception("Error while allocating space for DH parameters");
  53. + }
  54. +
  55. BIGNUM* pub_key = BN_new();
  56. read(data, &pub_key);
  57. @@ -184,8 +198,16 @@ namespace dtn
  58. state.dh = DH_new();
  59. // read p and g paramter from message
  60. - read(data, &state.dh->p);
  61. - read(data, &state.dh->g);
  62. + read(data, &p);
  63. + read(data, &g);
  64. +
  65. + if (DH_set0_pqg(state.dh, p, NULL, g))
  66. + {
  67. + BN_free(p);
  68. + BN_free(g);
  69. + BN_free(pub_key);
  70. + throw ibrcommon::Exception("Error while setting DH parameters");
  71. + }
  72. int codes;
  73. if (!DH_check(state.dh, &codes))
  74. @@ -213,7 +235,9 @@ namespace dtn
  75. state.secret.assign((const char*)secret, length);
  76. KeyExchangeData response(KeyExchangeData::RESPONSE, session);
  77. - write(response, state.dh->pub_key);
  78. + const BIGNUM *state_dh_pub_key;
  79. + DH_get0_key(state.dh, &state_dh_pub_key, NULL);
  80. + write(response, state_dh_pub_key);
  81. manager.submit(session, response);
  82. --- a/src/security/exchange/Makefile.am
  83. +++ b/src/security/exchange/Makefile.am
  84. @@ -22,6 +22,8 @@ exchange_SOURCES += \
  85. NFCProtocol.cpp \
  86. NoneProtocol.h \
  87. NoneProtocol.cpp \
  88. + openssl_compat.h \
  89. + openssl_compat.cpp \
  90. QRCodeProtocol.h \
  91. QRCodeProtocol.cpp
  92. --- /dev/null
  93. +++ b/src/security/exchange/openssl_compat.cpp
  94. @@ -0,0 +1,62 @@
  95. +/*
  96. + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  97. + *
  98. + * Licensed under the OpenSSL license (the "License"). You may not use
  99. + * this file except in compliance with the License. You can obtain a copy
  100. + * in the file LICENSE in the source distribution or at
  101. + * https://www.openssl.org/source/license.html
  102. + */
  103. +
  104. +#include "openssl_compat.h"
  105. +
  106. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  107. +
  108. +void DH_get0_pqg(const DH *dh,
  109. + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
  110. +{
  111. + if (p != NULL)
  112. + *p = dh->p;
  113. + if (q != NULL)
  114. + *q = dh->q;
  115. + if (g != NULL)
  116. + *g = dh->g;
  117. +}
  118. +
  119. +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
  120. +{
  121. + /* If the fields p and g in d are NULL, the corresponding input
  122. + * parameters MUST be non-NULL. q may remain NULL.
  123. + */
  124. + if ((dh->p == NULL && p == NULL)
  125. + || (dh->g == NULL && g == NULL))
  126. + return 0;
  127. +
  128. + if (p != NULL) {
  129. + BN_free(dh->p);
  130. + dh->p = p;
  131. + }
  132. + if (q != NULL) {
  133. + BN_free(dh->q);
  134. + dh->q = q;
  135. + }
  136. + if (g != NULL) {
  137. + BN_free(dh->g);
  138. + dh->g = g;
  139. + }
  140. +
  141. + if (q != NULL) {
  142. + dh->length = BN_num_bits(q);
  143. + }
  144. +
  145. + return 1;
  146. +}
  147. +
  148. +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
  149. +{
  150. + if (pub_key != NULL)
  151. + *pub_key = dh->pub_key;
  152. + if (priv_key != NULL)
  153. + *priv_key = dh->priv_key;
  154. +}
  155. +
  156. +#endif /* OPENSSL_VERSION_NUMBER */
  157. --- /dev/null
  158. +++ b/src/security/exchange/openssl_compat.h
  159. @@ -0,0 +1,13 @@
  160. +#ifndef LIBCRYPTO_COMPAT_H
  161. +#define LIBCRYPTO_COMPAT_H
  162. +
  163. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  164. +
  165. +#include <openssl/dh.h>
  166. +
  167. +void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
  168. +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
  169. +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
  170. +
  171. +#endif /* OPENSSL_VERSION_NUMBER */
  172. +#endif /* LIBCRYPTO_COMPAT_H */