You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
148 lines
5.4 KiB
148 lines
5.4 KiB
From c842faae63b562acc7d989a9cdc815def9ee2ed6 Mon Sep 17 00:00:00 2001
|
|
From: Sven-Haegar Koch <haegar@sdinet.de>
|
|
Date: Wed, 2 Nov 2016 23:08:24 +0100
|
|
Subject: [PATCH] OpenSSL 1.1.0 compile fix.
|
|
|
|
---
|
|
crypto.c | 53 +++++++++++++++++++++++++++++++++++------------------
|
|
1 file changed, 35 insertions(+), 18 deletions(-)
|
|
|
|
diff --git a/crypto.c b/crypto.c
|
|
index e476611..e8b72d3 100644
|
|
--- a/crypto.c
|
|
+++ b/crypto.c
|
|
@@ -46,6 +46,10 @@ openssl dgst \
|
|
|
|
*/
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+#define EVP_PKEY_get0_RSA(a) ((a)->pkey.rsa)
|
|
+#endif
|
|
+
|
|
EVP_PKEY *
|
|
crypto_load_key(const char *key, const bool is_private)
|
|
{
|
|
@@ -80,7 +84,7 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature,
|
|
{
|
|
int err;
|
|
bool retval;
|
|
- EVP_MD_CTX md_ctx;
|
|
+ EVP_MD_CTX *md_ctx;
|
|
EVP_PKEY *pkey;
|
|
|
|
/* load public key into openssl structure */
|
|
@@ -89,15 +93,22 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature,
|
|
log_err("crypto_verify_signature: key loading failed\n");
|
|
return false;
|
|
}
|
|
-
|
|
+
|
|
+ md_ctx = EVP_MD_CTX_create();
|
|
+ if (!md_ctx) {
|
|
+ log_err("crypto_verify_signature: md_ctx alloc failed\n");
|
|
+ return false;
|
|
+ }
|
|
+
|
|
/* Verify the signature */
|
|
- if (EVP_VerifyInit(&md_ctx, EVP_sha512()) != 1) {
|
|
+ if (EVP_VerifyInit(md_ctx, EVP_sha512()) != 1) {
|
|
log_err("crypto_verify_signature: libcrypto verify init failed\n");
|
|
+ EVP_MD_CTX_destroy(md_ctx);
|
|
EVP_PKEY_free(pkey);
|
|
return false;
|
|
}
|
|
- EVP_VerifyUpdate(&md_ctx, string_get(databuffer), string_length(databuffer));
|
|
- err = EVP_VerifyFinal(&md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
|
|
+ EVP_VerifyUpdate(md_ctx, string_get(databuffer), string_length(databuffer));
|
|
+ err = EVP_VerifyFinal(md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
|
|
EVP_PKEY_free(pkey);
|
|
|
|
if (err != 1) {
|
|
@@ -110,7 +121,7 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature,
|
|
retval = true;
|
|
|
|
bailout_ctx_cleanup:
|
|
- EVP_MD_CTX_cleanup(&md_ctx);
|
|
+ EVP_MD_CTX_destroy(md_ctx);
|
|
|
|
//log_info("Signature Verified Ok.\n");
|
|
return retval;
|
|
@@ -146,7 +157,7 @@ crypto_rsa_decrypt(struct string *ciphertext, const char *privkey, struct string
|
|
len = RSA_private_decrypt(string_length(ciphertext),
|
|
(unsigned char*)string_get(ciphertext),
|
|
(unsigned char*)string_get(decrypted),
|
|
- pkey->pkey.rsa,
|
|
+ EVP_PKEY_get0_RSA(pkey),
|
|
RSA_PKCS1_OAEP_PADDING);
|
|
if (len >= 0) {
|
|
/* TODO: need cleaner way: */
|
|
@@ -167,28 +178,33 @@ bool
|
|
crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct string *aes_iv, struct string *decrypted)
|
|
{
|
|
bool retval = false;
|
|
- EVP_CIPHER_CTX ctx;
|
|
+ EVP_CIPHER_CTX *ctx;
|
|
int decryptspace;
|
|
int decryptdone;
|
|
|
|
- EVP_CIPHER_CTX_init(&ctx);
|
|
- if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL,
|
|
+ ctx = EVP_CIPHER_CTX_new();
|
|
+ if (!ctx) {
|
|
+ log_err("crypto_aes_decrypt: ctx alloc failed\n");
|
|
+ goto bail_out;
|
|
+ }
|
|
+
|
|
+ if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
|
|
(unsigned char *)string_get(aes_key),
|
|
(unsigned char *)string_get(aes_iv))) {
|
|
log_err("crypto_aes_decrypt: init failed\n");
|
|
ERR_print_errors_fp(stderr);
|
|
goto bail_out;
|
|
}
|
|
- EVP_CIPHER_CTX_set_padding(&ctx, 1);
|
|
+ EVP_CIPHER_CTX_set_padding(ctx, 1);
|
|
|
|
- if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(&ctx)) {
|
|
+ if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(ctx)) {
|
|
log_err("crypto_aes_decrypt: invalid key size (%" PRIuPTR " vs expected %d)\n",
|
|
- string_length(aes_key), EVP_CIPHER_CTX_key_length(&ctx));
|
|
+ string_length(aes_key), EVP_CIPHER_CTX_key_length(ctx));
|
|
goto bail_out;
|
|
}
|
|
- if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(&ctx)) {
|
|
+ if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(ctx)) {
|
|
log_err("crypto_aes_decrypt: invalid iv size (%" PRIuPTR " vs expected %d)\n",
|
|
- string_length(aes_iv), EVP_CIPHER_CTX_iv_length(&ctx));
|
|
+ string_length(aes_iv), EVP_CIPHER_CTX_iv_length(ctx));
|
|
goto bail_out;
|
|
}
|
|
|
|
@@ -201,7 +217,7 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str
|
|
goto bail_out;
|
|
}
|
|
|
|
- if (EVP_DecryptUpdate(&ctx, (unsigned char*)string_get(decrypted),
|
|
+ if (EVP_DecryptUpdate(ctx, (unsigned char*)string_get(decrypted),
|
|
&decryptdone, (unsigned char*)string_get(ciphertext),
|
|
string_length(ciphertext))) {
|
|
/* TODO: need cleaner way: */
|
|
@@ -212,7 +228,7 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str
|
|
goto bail_out;
|
|
}
|
|
|
|
- if (EVP_DecryptFinal_ex(&ctx,
|
|
+ if (EVP_DecryptFinal_ex(ctx,
|
|
(unsigned char*)string_get(decrypted)+string_length(decrypted),
|
|
&decryptdone)) {
|
|
/* TODO: need cleaner way: */
|
|
@@ -226,7 +242,8 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str
|
|
retval = true;
|
|
|
|
bail_out:
|
|
- EVP_CIPHER_CTX_cleanup(&ctx);
|
|
+ if (ctx)
|
|
+ EVP_CIPHER_CTX_free(ctx);
|
|
return retval;
|
|
}
|
|
|