You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

494 lines
14 KiB

  1. --- a/sources/applications/applestreamingclient/include/protocols/aes/inboundaesprotocol.h
  2. +++ b/sources/applications/applestreamingclient/include/protocols/aes/inboundaesprotocol.h
  3. @@ -30,7 +30,7 @@ namespace app_applestreamingclient {
  4. private:
  5. IOBuffer _tempBuffer;
  6. IOBuffer _inputBuffer;
  7. - EVP_CIPHER_CTX _decContex;
  8. + EVP_CIPHER_CTX *_decContex;
  9. bool _lastChunk;
  10. uint8_t *_pIV;
  11. uint8_t *_pKey;
  12. --- a/sources/applications/applestreamingclient/src/protocols/aes/inboundaesprotocol.cpp
  13. +++ b/sources/applications/applestreamingclient/src/protocols/aes/inboundaesprotocol.cpp
  14. @@ -31,13 +31,12 @@ InboundAESProtocol::InboundAESProtocol()
  15. memset(_pIV, 0, 16);
  16. _pKey = new uint8_t[16];
  17. memset(_pKey, 0, 16);
  18. - memset(&_decContex, 0, sizeof (EVP_CIPHER_CTX));
  19. + _decContex = EVP_CIPHER_CTX_new();
  20. _totalDecrypted = 0;
  21. }
  22. InboundAESProtocol::~InboundAESProtocol() {
  23. - EVP_CIPHER_CTX_cleanup(&_decContex);
  24. - memset(&_decContex, 0, sizeof (EVP_CIPHER_CTX));
  25. + EVP_CIPHER_CTX_free(_decContex);
  26. delete[] _pIV;
  27. delete[] _pKey;
  28. }
  29. @@ -60,11 +59,9 @@ bool InboundAESProtocol::Initialize(Variant &parameters) {
  30. _inputBuffer.IgnoreAll();
  31. _tempBuffer.IgnoreAll();
  32. - EVP_CIPHER_CTX_cleanup(&_decContex);
  33. - memset(&_decContex, 0, sizeof (EVP_CIPHER_CTX));
  34. - EVP_CIPHER_CTX_init(&_decContex);
  35. - EVP_DecryptInit_ex(&_decContex, EVP_aes_128_cbc(), NULL, _pKey, _pIV);
  36. - EVP_CIPHER_CTX_set_padding(&_decContex, 0);
  37. + EVP_CIPHER_CTX_reset(_decContex);
  38. + EVP_DecryptInit_ex(_decContex, EVP_aes_128_cbc(), NULL, _pKey, _pIV);
  39. + EVP_CIPHER_CTX_set_padding(_decContex, 0);
  40. return true;
  41. }
  42. @@ -105,14 +102,14 @@ bool InboundAESProtocol::SignalInputData(IOBuffer &buffer) {
  43. int decryptedFinalSize = 0;
  44. uint32_t padding = 0;
  45. - EVP_DecryptUpdate(&_decContex, pTempData, &decryptedSize, GETIBPOINTER(buffer), safeSize);
  46. + EVP_DecryptUpdate(_decContex, pTempData, &decryptedSize, GETIBPOINTER(buffer), safeSize);
  47. _totalDecrypted += decryptedSize;
  48. //6. Decrypt leftovers
  49. bool transferCompleted = false;
  50. if (((HTTPBufferProtocol *) GetFarProtocol())->TransferCompleted()) {
  51. transferCompleted = true;
  52. - EVP_DecryptFinal_ex(&_decContex,
  53. + EVP_DecryptFinal_ex(_decContex,
  54. pTempData + decryptedSize,
  55. &decryptedFinalSize);
  56. _totalDecrypted += decryptedFinalSize;
  57. --- a/sources/common/include/utils/misc/crypto.h
  58. +++ b/sources/common/include/utils/misc/crypto.h
  59. @@ -33,6 +33,7 @@
  60. #include <openssl/aes.h>
  61. #include <openssl/engine.h>
  62. #include <openssl/conf.h>
  63. +#include "utils/misc/libcrypto-compat.h"
  64. /*!
  65. @class DHWrapper
  66. @@ -83,7 +84,7 @@ public:
  67. bool CopySharedKey(uint8_t *pDst, int32_t dstLength);
  68. private:
  69. void Cleanup();
  70. - bool CopyKey(BIGNUM *pNum, uint8_t *pDst, int32_t dstLength);
  71. + bool CopyKey(const BIGNUM *pNum, uint8_t *pDst, int32_t dstLength);
  72. };
  73. DLLEXP void InitRC4Encryption(uint8_t *secretKey, uint8_t *pubKeyIn, uint8_t *pubKeyOut,
  74. --- /dev/null
  75. +++ b/sources/common/include/utils/misc/libcrypto-compat.h
  76. @@ -0,0 +1,26 @@
  77. +#ifndef LIBCRYPTO_COMPAT_H
  78. +#define LIBCRYPTO_COMPAT_H
  79. +
  80. +#include <openssl/opensslv.h>
  81. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  82. +
  83. +#include <openssl/bn.h>
  84. +#include <openssl/dh.h>
  85. +#include <openssl/evp.h>
  86. +#include <openssl/hmac.h>
  87. +
  88. +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
  89. +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
  90. +int DH_set_length(DH *dh, long length);
  91. +
  92. +EVP_MD_CTX *EVP_MD_CTX_new(void);
  93. +void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
  94. +#define EVP_MD_CTX_reset EVP_MD_CTX_cleanup
  95. +
  96. +HMAC_CTX *HMAC_CTX_new(void);
  97. +void HMAC_CTX_free(HMAC_CTX *ctx);
  98. +#define HMAC_CTX_reset HMAC_CTX_cleanup
  99. +
  100. +#endif /* OPENSSL_VERSION_NUMBER */
  101. +
  102. +#endif /* LIBCRYPTO_COMPAT_H */
  103. --- a/sources/common/src/utils/misc/crypto.cpp
  104. +++ b/sources/common/src/utils/misc/crypto.cpp
  105. @@ -35,6 +35,7 @@ DHWrapper::~DHWrapper() {
  106. }
  107. bool DHWrapper::Initialize() {
  108. + BIGNUM *p = NULL, *g = NULL;
  109. Cleanup();
  110. //1. Create the DH
  111. @@ -46,42 +47,53 @@ bool DHWrapper::Initialize() {
  112. }
  113. //2. Create his internal p and g
  114. - _pDH->p = BN_new();
  115. - if (_pDH->p == NULL) {
  116. + p = BN_new();
  117. + if (p == NULL) {
  118. FATAL("Unable to create p");
  119. - Cleanup();
  120. - return false;
  121. + goto return_error;
  122. }
  123. - _pDH->g = BN_new();
  124. - if (_pDH->g == NULL) {
  125. + g = BN_new();
  126. + if (g == NULL) {
  127. FATAL("Unable to create g");
  128. - Cleanup();
  129. - return false;
  130. + goto return_error;
  131. }
  132. //3. initialize p, g and key length
  133. - if (BN_hex2bn(&_pDH->p, P1024) == 0) {
  134. + if (BN_hex2bn(&p, P1024) == 0) {
  135. FATAL("Unable to parse P1024");
  136. - Cleanup();
  137. - return false;
  138. + goto return_error;
  139. }
  140. - if (BN_set_word(_pDH->g, 2) != 1) {
  141. + if (BN_set_word(g, 2) != 1) {
  142. FATAL("Unable to set g");
  143. - Cleanup();
  144. - return false;
  145. + goto return_error;
  146. + }
  147. +
  148. + //4. Set internal p and g
  149. + if (DH_set0_pqg(_pDH, p, NULL, g) != 1) {
  150. + FATAL("Unable to set internal p and g");
  151. + goto return_error;
  152. }
  153. + p = g = NULL;
  154. - //4. Set the key length
  155. - _pDH->length = _bitsCount;
  156. + //5. Set the key length
  157. + if (DH_set_length(_pDH, _bitsCount) != 1) {
  158. + FATAL("Unable to set length");
  159. + goto return_error;
  160. + }
  161. - //5. Generate private and public key
  162. + //6. Generate private and public key
  163. if (DH_generate_key(_pDH) != 1) {
  164. FATAL("Unable to generate DH public/private keys");
  165. - Cleanup();
  166. - return false;
  167. + goto return_error;
  168. }
  169. return true;
  170. +
  171. +return_error:
  172. + if (p != NULL) BN_free(p);
  173. + if (g != NULL) BN_free(g);
  174. + Cleanup();
  175. + return false;
  176. }
  177. bool DHWrapper::CopyPublicKey(uint8_t *pDst, int32_t dstLength) {
  178. @@ -90,7 +102,9 @@ bool DHWrapper::CopyPublicKey(uint8_t *pDst, int32_t dstLength) {
  179. return false;
  180. }
  181. - return CopyKey(_pDH->pub_key, pDst, dstLength);
  182. + const BIGNUM *pub_key;
  183. + DH_get0_key(_pDH, &pub_key, NULL);
  184. + return CopyKey(pub_key, pDst, dstLength);
  185. }
  186. bool DHWrapper::CopyPrivateKey(uint8_t *pDst, int32_t dstLength) {
  187. @@ -99,7 +113,9 @@ bool DHWrapper::CopyPrivateKey(uint8_t *pDst, int32_t dstLength) {
  188. return false;
  189. }
  190. - return CopyKey(_pDH->priv_key, pDst, dstLength);
  191. + const BIGNUM *priv_key;
  192. + DH_get0_key(_pDH, NULL, &priv_key);
  193. + return CopyKey(priv_key, pDst, dstLength);
  194. }
  195. bool DHWrapper::CreateSharedKey(uint8_t *pPeerPublicKey, int32_t length) {
  196. @@ -153,14 +169,6 @@ bool DHWrapper::CopySharedKey(uint8_t *pDst, int32_t dstLength) {
  197. void DHWrapper::Cleanup() {
  198. if (_pDH != NULL) {
  199. - if (_pDH->p != NULL) {
  200. - BN_free(_pDH->p);
  201. - _pDH->p = NULL;
  202. - }
  203. - if (_pDH->g != NULL) {
  204. - BN_free(_pDH->g);
  205. - _pDH->g = NULL;
  206. - }
  207. DH_free(_pDH);
  208. _pDH = NULL;
  209. }
  210. @@ -177,7 +185,7 @@ void DHWrapper::Cleanup() {
  211. }
  212. }
  213. -bool DHWrapper::CopyKey(BIGNUM *pNum, uint8_t *pDst, int32_t dstLength) {
  214. +bool DHWrapper::CopyKey(const BIGNUM *pNum, uint8_t *pDst, int32_t dstLength) {
  215. int32_t keySize = BN_num_bytes(pNum);
  216. if ((keySize <= 0) || (dstLength <= 0) || (keySize > dstLength)) {
  217. FATAL("CopyPublicKey failed due to either invalid DH state or invalid call");
  218. @@ -197,20 +205,21 @@ void InitRC4Encryption(uint8_t *secretKey, uint8_t *pubKeyIn, uint8_t *pubKeyOut
  219. uint8_t digest[SHA256_DIGEST_LENGTH];
  220. unsigned int digestLen = 0;
  221. - HMAC_CTX ctx;
  222. - HMAC_CTX_init(&ctx);
  223. - HMAC_Init_ex(&ctx, secretKey, 128, EVP_sha256(), 0);
  224. - HMAC_Update(&ctx, pubKeyIn, 128);
  225. - HMAC_Final(&ctx, digest, &digestLen);
  226. - HMAC_CTX_cleanup(&ctx);
  227. + HMAC_CTX *ctx;
  228. + ctx = HMAC_CTX_new();
  229. + if (ctx == NULL)
  230. + return;
  231. + HMAC_Init_ex(ctx, secretKey, 128, EVP_sha256(), 0);
  232. + HMAC_Update(ctx, pubKeyIn, 128);
  233. + HMAC_Final(ctx, digest, &digestLen);
  234. + HMAC_CTX_reset(ctx);
  235. RC4_set_key(rc4keyOut, 16, digest);
  236. - HMAC_CTX_init(&ctx);
  237. - HMAC_Init_ex(&ctx, secretKey, 128, EVP_sha256(), 0);
  238. - HMAC_Update(&ctx, pubKeyOut, 128);
  239. - HMAC_Final(&ctx, digest, &digestLen);
  240. - HMAC_CTX_cleanup(&ctx);
  241. + HMAC_Init_ex(ctx, secretKey, 128, EVP_sha256(), 0);
  242. + HMAC_Update(ctx, pubKeyOut, 128);
  243. + HMAC_Final(ctx, digest, &digestLen);
  244. + HMAC_CTX_free(ctx);
  245. RC4_set_key(rc4keyIn, 16, digest);
  246. }
  247. @@ -220,14 +229,17 @@ string md5(string source, bool textResult) {
  248. }
  249. string md5(uint8_t *pBuffer, uint32_t length, bool textResult) {
  250. - EVP_MD_CTX mdctx;
  251. + EVP_MD_CTX *mdctx;
  252. unsigned char md_value[EVP_MAX_MD_SIZE];
  253. unsigned int md_len;
  254. - EVP_DigestInit(&mdctx, EVP_md5());
  255. - EVP_DigestUpdate(&mdctx, pBuffer, length);
  256. - EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
  257. - EVP_MD_CTX_cleanup(&mdctx);
  258. + mdctx = EVP_MD_CTX_new();
  259. + if (mdctx == NULL)
  260. + return "";
  261. + EVP_DigestInit(mdctx, EVP_md5());
  262. + EVP_DigestUpdate(mdctx, pBuffer, length);
  263. + EVP_DigestFinal_ex(mdctx, md_value, &md_len);
  264. + EVP_MD_CTX_free(mdctx);
  265. if (textResult) {
  266. string result = "";
  267. @@ -259,12 +271,12 @@ void HMACsha256(const void *pData, uint32_t dataLength,
  268. const void *pKey, uint32_t keyLength, void *pResult) {
  269. unsigned int digestLen;
  270. - HMAC_CTX ctx;
  271. - HMAC_CTX_init(&ctx);
  272. - HMAC_Init_ex(&ctx, (unsigned char*) pKey, keyLength, EVP_sha256(), NULL);
  273. - HMAC_Update(&ctx, (unsigned char *) pData, dataLength);
  274. - HMAC_Final(&ctx, (unsigned char *) pResult, &digestLen);
  275. - HMAC_CTX_cleanup(&ctx);
  276. + HMAC_CTX *ctx;
  277. + ctx = HMAC_CTX_new();
  278. + HMAC_Init_ex(ctx, (unsigned char*) pKey, keyLength, EVP_sha256(), NULL);
  279. + HMAC_Update(ctx, (unsigned char *) pData, dataLength);
  280. + HMAC_Final(ctx, (unsigned char *) pResult, &digestLen);
  281. + HMAC_CTX_free(ctx);
  282. o_assert(digestLen == 32);
  283. }
  284. @@ -397,8 +409,8 @@ string unhex(const uint8_t *pBuffer, uint32_t length) {
  285. }
  286. void CleanupSSL() {
  287. -#ifndef NO_SSL_ENGINE_CLEANUP
  288. - ERR_remove_state(0);
  289. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  290. + ERR_remove_thread_state(NULL);
  291. ENGINE_cleanup();
  292. CONF_modules_unload(1);
  293. ERR_free_strings();
  294. --- /dev/null
  295. +++ b/sources/common/src/utils/misc/libcrypto-compat.cpp
  296. @@ -0,0 +1,90 @@
  297. +/*
  298. + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  299. + *
  300. + * Licensed under the OpenSSL license (the "License"). You may not use
  301. + * this file except in compliance with the License. You can obtain a copy
  302. + * in the file LICENSE in the source distribution or at
  303. + * https://www.openssl.org/source/license.html
  304. + */
  305. +
  306. +#include "utils/misc/libcrypto-compat.h"
  307. +
  308. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  309. +
  310. +#include <string.h>
  311. +
  312. +static void *OPENSSL_zalloc(size_t num)
  313. +{
  314. + void *ret = OPENSSL_malloc(num);
  315. +
  316. + if (ret != NULL)
  317. + memset(ret, 0, num);
  318. + return ret;
  319. +}
  320. +
  321. +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
  322. +{
  323. + /* If the fields p and g in d are NULL, the corresponding input
  324. + * parameters MUST be non-NULL. q may remain NULL.
  325. + */
  326. + if ((dh->p == NULL && p == NULL)
  327. + || (dh->g == NULL && g == NULL))
  328. + return 0;
  329. +
  330. + if (p != NULL) {
  331. + BN_free(dh->p);
  332. + dh->p = p;
  333. + }
  334. + if (q != NULL) {
  335. + BN_free(dh->q);
  336. + dh->q = q;
  337. + }
  338. + if (g != NULL) {
  339. + BN_free(dh->g);
  340. + dh->g = g;
  341. + }
  342. +
  343. + if (q != NULL) {
  344. + dh->length = BN_num_bits(q);
  345. + }
  346. +
  347. + return 1;
  348. +}
  349. +
  350. +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
  351. +{
  352. + if (pub_key != NULL)
  353. + *pub_key = dh->pub_key;
  354. + if (priv_key != NULL)
  355. + *priv_key = dh->priv_key;
  356. +}
  357. +
  358. +int DH_set_length(DH *dh, long length)
  359. +{
  360. + dh->length = length;
  361. + return 1;
  362. +}
  363. +
  364. +EVP_MD_CTX *EVP_MD_CTX_new(void)
  365. +{
  366. + return (EVP_MD_CTX *)OPENSSL_zalloc(sizeof(EVP_MD_CTX));
  367. +}
  368. +
  369. +void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
  370. +{
  371. + EVP_MD_CTX_cleanup(ctx);
  372. + OPENSSL_free(ctx);
  373. +}
  374. +
  375. +HMAC_CTX *HMAC_CTX_new(void)
  376. +{
  377. + return (HMAC_CTX *)OPENSSL_zalloc(sizeof(HMAC_CTX));
  378. +}
  379. +
  380. +void HMAC_CTX_free(HMAC_CTX *ctx)
  381. +{
  382. + HMAC_CTX_cleanup(ctx);
  383. + OPENSSL_free(ctx);
  384. +}
  385. +
  386. +#endif /* OPENSSL_VERSION_NUMBER */
  387. --- a/sources/thelib/src/protocols/ssl/basesslprotocol.cpp
  388. +++ b/sources/thelib/src/protocols/ssl/basesslprotocol.cpp
  389. @@ -43,6 +43,7 @@ BaseSSLProtocol::~BaseSSLProtocol() {
  390. bool BaseSSLProtocol::Initialize(Variant &parameters) {
  391. //1. Initialize the SSL library
  392. if (!_libraryInitialized) {
  393. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  394. //3. This is the first time we use the library. So we have to
  395. //initialize it first
  396. SSL_library_init();
  397. @@ -55,6 +56,7 @@ bool BaseSSLProtocol::Initialize(Variant &parameters) {
  398. OpenSSL_add_all_algorithms();
  399. OpenSSL_add_all_ciphers();
  400. OpenSSL_add_all_digests();
  401. +#endif
  402. //initialize the random numbers generator
  403. InitRandGenerator();
  404. @@ -211,6 +213,7 @@ string BaseSSLProtocol::GetSSLErrors() {
  405. string BaseSSLProtocol::DumpBIO(BIO *pBIO) {
  406. string formatString;
  407. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  408. formatString = "method: %p\n";
  409. formatString += "callback: %p\n";
  410. formatString += "cb_arg: %p\n";
  411. @@ -240,6 +243,39 @@ string BaseSSLProtocol::DumpBIO(BIO *pBIO) {
  412. pBIO->references,
  413. (int64_t) pBIO->num_read,
  414. (int64_t) pBIO->num_write);
  415. +#else
  416. +// Some of these are problematic in openssl >= 1.1, since
  417. +// the BIO struct is opaque.
  418. + formatString = "method: %s\n";
  419. + formatString += "callback: %p\n";
  420. + formatString += "cb_arg: %p\n";
  421. + formatString += "init: %d\n";
  422. + formatString += "shutdown: %d\n";
  423. + formatString += "flags: %d\n";
  424. + formatString += "retry_reason: %d\n";
  425. + formatString += "num: %d\n";
  426. + formatString += "ptr: %p\n";
  427. + formatString += "next_bio: %p\n";
  428. + formatString += "prev_bio: %s\n";
  429. + formatString += "references: %s\n";
  430. + formatString += "num_read: %"PRId64"\n";
  431. + formatString += "num_write: %"PRId64;
  432. + return format(STR(formatString),
  433. + BIO_method_name(pBIO),
  434. + BIO_get_callback(pBIO),
  435. + BIO_get_callback_arg(pBIO),
  436. + BIO_get_init(pBIO),
  437. + BIO_get_shutdown(pBIO),
  438. + BIO_get_flags(pBIO),
  439. + BIO_get_retry_reason(pBIO),
  440. + BIO_get_fd(pBIO, NULL),
  441. + BIO_get_data(pBIO),
  442. + BIO_next(pBIO),
  443. + "unknown", //prev_bio
  444. + "unknown", //references
  445. + BIO_number_read(pBIO),
  446. + BIO_number_written(pBIO));
  447. +#endif
  448. }
  449. void BaseSSLProtocol::InitRandGenerator() {
  450. --- a/sources/thelib/src/protocols/ssl/outboundsslprotocol.cpp
  451. +++ b/sources/thelib/src/protocols/ssl/outboundsslprotocol.cpp
  452. @@ -33,7 +33,7 @@ bool OutboundSSLProtocol::InitGlobalContext(Variant &parameters) {
  453. _pGlobalSSLContext = _pGlobalContexts[hash];
  454. if (_pGlobalSSLContext == NULL) {
  455. //2. prepare the global ssl context
  456. - _pGlobalSSLContext = SSL_CTX_new(TLSv1_method());
  457. + _pGlobalSSLContext = SSL_CTX_new(SSLv23_method());
  458. if (_pGlobalSSLContext == NULL) {
  459. FATAL("Unable to create global SSL context");
  460. return false;