Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-01-13 16:39:43 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

compilation fix for openssl-1.1.0 (pqissl+authssl part)

Browse Source
This commit is contained in:
csoler 2017-02-19 22:38:02 +01:00
parent 57bbd15893
commit 5c95b88095
9 changed files with 190 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libretroshare/src/crypto/chacha20.cpp
View File

@ -583,6 +583,9 @@ bool AEAD_chacha20_sha256(uint8_t key[32], uint8_t nonce[12],uint8_t *data,uint3
HMAC_Update(hmac_ctx,aad,aad_size) ;
HMAC_Update(hmac_ctx,data,data_size) ;
HMAC_Final(hmac_ctx,computed_tag,&md_size) ;
HMAC_CTX_free(hmac_ctx) ;
hmac_ctx=NULL;
#endif
// decrypt

149
libretroshare/src/pqi/authssl.cc
View File

@ -245,12 +245,18 @@ sslcert::sslcert(X509 *x509, const RsPeerId& pid)
{
certificate = x509;
id = pid;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
name = getX509CNString(x509->cert_info->subject);
org = getX509OrgString(x509->cert_info->subject);
location = getX509LocString(x509->cert_info->subject);
email = "";
issuer = RsPgpId(std::string(getX509CNString(x509->cert_info->issuer)));
#else
name = getX509CNString(X509_get_subject_name(x509));
org = getX509OrgString(X509_get_subject_name(x509));
location = getX509LocString(X509_get_subject_name(x509));
issuer = RsPgpId(std::string(getX509CNString(X509_get_issuer_name(x509))));
#endif
email = "";
authed = false;
}
@ -371,8 +377,17 @@ static int initLib = 0;
if (dh)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
BN_hex2bn(&dh->p,dh_prime_4096_hex.c_str()) ;
BN_hex2bn(&dh->g,"5") ;
#else
BIGNUM *pp=NULL,*gg=NULL ;
BN_hex2bn(&pp,dh_prime_4096_hex.c_str()) ;
BN_hex2bn(&gg,"5");
DH_set0_pqg(dh,pp,NULL,gg) ;
#endif
std::cout.flush() ;
@ -776,47 +791,74 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long /*days*/)
std::cerr << "X509 Cert, prepared for signing" << std::endl;
/*** NOW The Manual signing bit (HACKED FROM asn1/a_sign.c) ***/
//
// The code has been copied in order to use the PGP signing instead of supplying the
// private EVP_KEY to ASN1_sign(), which would be another alternative.
int (*i2d)(X509_CINF*, unsigned char**) = i2d_X509_CINF;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
X509_ALGOR *algor1 = x509->cert_info->signature;
X509_ALGOR *algor2 = x509->sig_alg;
ASN1_BIT_STRING *signature = x509->signature;
X509_CINF *data = x509->cert_info;
#else
const X509_ALGOR *algor1 = X509_get0_tbs_sigalg(x509) ;
const X509_ALGOR *algor2 = NULL ;
const ASN1_BIT_STRING *tmp_signature = NULL ;
X509_get0_signature(&tmp_signature,&algor2,x509);
ASN1_BIT_STRING *signature = const_cast<ASN1_BIT_STRING*>(tmp_signature);
#endif
//EVP_PKEY *pkey = NULL;
const EVP_MD *type = EVP_sha1();
EVP_MD_CTX ctx;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
unsigned char *p,*buf_in=NULL;
unsigned char *buf_hashout=NULL,*buf_sigout=NULL;
int inl=0,hashoutl=0;
int sigoutl=0;
X509_ALGOR *a;
EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_init(ctx);
/* FIX ALGORITHMS */
a = algor1;
a = const_cast<X509_ALGOR*>(algor1);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ASN1_TYPE_free(a->parameter);
a->parameter=ASN1_TYPE_new();
a->parameter->type=V_ASN1_NULL;
ASN1_OBJECT_free(a->algorithm);
a->algorithm=OBJ_nid2obj(type->pkey_type);
#else
X509_ALGOR_set0(a,OBJ_nid2obj(EVP_MD_pkey_type(type)),V_ASN1_NULL,NULL);
#endif
a = algor2;
a = const_cast<X509_ALGOR*>(algor2);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ASN1_TYPE_free(a->parameter);
a->parameter=ASN1_TYPE_new();
a->parameter->type=V_ASN1_NULL;
ASN1_OBJECT_free(a->algorithm);
a->algorithm=OBJ_nid2obj(type->pkey_type);
a->algorithm=OBJ_nid2obj(type->pkey_type);
#else
X509_ALGOR_set0(a,OBJ_nid2obj(EVP_MD_pkey_type(type)),V_ASN1_NULL,NULL);
#endif
std::cerr << "Algorithms Fixed" << std::endl;
/* input buffer */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
inl=i2d(data,NULL);
buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
#else
inl=i2d_re_X509_tbs(x509,&buf_in) ; // this does the i2d over x509->cert_info
#endif
hashoutl=EVP_MD_size(type);
buf_hashout=(unsigned char *)OPENSSL_malloc((unsigned int)hashoutl);
@ -831,15 +873,17 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long /*days*/)
fprintf(stderr, "AuthSSLimpl::SignX509Req: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE)\n");
goto err;
}
p=buf_in;
std::cerr << "Buffers Allocated" << std::endl;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
p=buf_in;
i2d(data,&p);
#endif
/* data in buf_in, ready to be hashed */
EVP_DigestInit_ex(&ctx,type, NULL);
EVP_DigestUpdate(&ctx,(unsigned char *)buf_in,inl);
if (!EVP_DigestFinal(&ctx,(unsigned char *)buf_hashout,
EVP_DigestInit_ex(ctx,type, NULL);
EVP_DigestUpdate(ctx,(unsigned char *)buf_in,inl);
if (!EVP_DigestFinal(ctx,(unsigned char *)buf_hashout,
(unsigned int *)&hashoutl))
{
hashoutl=0;
@ -879,6 +923,8 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long /*days*/)
std::cerr << "Certificate Complete" << std::endl;
EVP_MD_CTX_free(ctx) ;
return x509;
/* XXX CLEANUP */
@ -915,7 +961,11 @@ bool AuthSSLimpl::AuthX509WithGPG(X509 *x509,uint32_t& diagnostic)
}
/* extract CN for peer Id */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RsPgpId issuer(std::string(getX509CNString(x509->cert_info->issuer)));
#else
RsPgpId issuer(std::string(getX509CNString(X509_get_issuer_name(x509))));
#endif
RsPeerDetails pd;
#ifdef AUTHSSL_DEBUG
std::cerr << "Checking GPG issuer : " << issuer.toStdString() << std::endl ;
@ -930,22 +980,33 @@ bool AuthSSLimpl::AuthX509WithGPG(X509 *x509,uint32_t& diagnostic)
/*** NOW The Manual signing bit (HACKED FROM asn1/a_sign.c) ***/
int (*i2d)(X509_CINF*, unsigned char**) = i2d_X509_CINF;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ASN1_BIT_STRING *signature = x509->signature;
X509_CINF *data = x509->cert_info;
#else
const ASN1_BIT_STRING *signature = NULL ;
const X509_ALGOR *algor2=NULL;
X509_get0_signature(&signature,&algor2,x509);
#endif
const EVP_MD *type = EVP_sha1();
EVP_MD_CTX ctx;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
unsigned char *p,*buf_in=NULL;
unsigned char *buf_hashout=NULL,*buf_sigout=NULL;
int inl=0,hashoutl=0;
int sigoutl=0;
//X509_ALGOR *a;
EVP_MD_CTX_init(&ctx);
/* input buffer */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
inl=i2d(data,NULL);
buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
#else
inl=i2d_re_X509_tbs(x509,&buf_in) ; // this does the i2d over x509->cert_info
#endif
hashoutl=EVP_MD_size(type);
buf_hashout=(unsigned char *)OPENSSL_malloc((unsigned int)hashoutl);
@ -973,11 +1034,13 @@ bool AuthSSLimpl::AuthX509WithGPG(X509 *x509,uint32_t& diagnostic)
std::cerr << "Buffers Allocated" << std::endl;
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L
i2d(data,&p);
#endif
/* data in buf_in, ready to be hashed */
EVP_DigestInit_ex(&ctx,type, NULL);
EVP_DigestUpdate(&ctx,(unsigned char *)buf_in,inl);
if (!EVP_DigestFinal(&ctx,(unsigned char *)buf_hashout,
EVP_DigestInit_ex(ctx,type, NULL);
EVP_DigestUpdate(ctx,(unsigned char *)buf_in,inl);
if (!EVP_DigestFinal(ctx,(unsigned char *)buf_hashout,
(unsigned int *)&hashoutl))
{
hashoutl=0;
@ -1017,6 +1080,7 @@ bool AuthSSLimpl::AuthX509WithGPG(X509 *x509,uint32_t& diagnostic)
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSLimpl::AuthX509() X509 authenticated" << std::endl;
#endif
EVP_MD_CTX_free(ctx) ;
OPENSSL_free(buf_in) ;
OPENSSL_free(buf_hashout) ;
@ -1093,21 +1157,34 @@ static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx)
if(x509 != NULL)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RsPgpId gpgid (std::string(getX509CNString(x509->cert_info->issuer)));
#else
RsPgpId gpgid (std::string(getX509CNString(X509_get_issuer_name(x509))));
#endif
if(gpgid.isNull())
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
std::cerr << "verify_x509_callback(): wrong PGP id \"" << std::string(getX509CNString(x509->cert_info->issuer)) << "\"" << std::endl;
#else
std::cerr << "verify_x509_callback(): wrong PGP id \"" << std::string(getX509CNString(X509_get_issuer_name(x509))) << "\"" << std::endl;
#endif
return false ;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
std::string sslcn = getX509CNString(x509->cert_info->subject);
#else
std::string sslcn = getX509CNString(X509_get_subject_name(x509));
#endif
RsPeerId sslid ;
getX509id(x509,sslid);
if(sslid.isNull())
{
std::cerr << "verify_x509_callback(): wrong SSL id \"" << std::string(getX509CNString(x509->cert_info->subject)) << "\"" << std::endl;
std::cerr << "verify_x509_callback(): wrong PGP id \"" << sslcn << "\"" << std::endl;
return false ;
}
@ -1185,7 +1262,11 @@ int AuthSSLimpl::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
std::cerr << "(WW) Certificate was rejected because authentication failed. Diagnostic = " << auth_diagnostic << std::endl;
return false;
}
RsPgpId pgpid = RsPgpId(std::string(getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer)));
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RsPgpId pgpid(std::string(getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer)));
#else
RsPgpId pgpid(std::string(getX509CNString(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)))));
#endif
if (pgpid != AuthGPG::getAuthGPG()->getGPGOwnId() && !AuthGPG::getAuthGPG()->isGPGAccepted(pgpid))
{
@ -1258,15 +1339,18 @@ bool AuthSSLimpl::encrypt(void *&out, int &outlen, const void *in, int inlen,
#endif
return false;
} else {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
public_key = mCerts[peerId]->certificate->cert_info->key->pkey;
#else
public_key = X509_get0_pubkey(mCerts[peerId]->certificate) ;
#endif
}
}
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
int eklen, net_ekl;
unsigned char *ek;
unsigned char iv[EVP_MAX_IV_LENGTH];
EVP_CIPHER_CTX_init(&ctx);
int out_currOffset = 0;
int out_offset = 0;
@ -1283,7 +1367,7 @@ bool AuthSSLimpl::encrypt(void *&out, int &outlen, const void *in, int inlen,
int max_outlen = inlen + cipher_block_size + EVP_MAX_IV_LENGTH + max_evp_key_size + size_net_ekl;
// intialize context and send store encrypted cipher in ek
if(!EVP_SealInit(&ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) {
if(!EVP_SealInit(ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) {
free(ek);
return false;
}
@ -1307,7 +1391,7 @@ bool AuthSSLimpl::encrypt(void *&out, int &outlen, const void *in, int inlen,
out_offset += EVP_MAX_IV_LENGTH;
// now encrypt actual data
if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen)) {
if(!EVP_SealUpdate(ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen)) {
free(ek);
free(out);
out = NULL;
@ -1318,7 +1402,7 @@ bool AuthSSLimpl::encrypt(void *&out, int &outlen, const void *in, int inlen,
out_offset += out_currOffset;
// add padding
if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset)) {
if(!EVP_SealFinal(ctx, (unsigned char*) out + out_offset, &out_currOffset)) {
free(ek);
free(out) ;
out = NULL;
@ -1334,7 +1418,7 @@ bool AuthSSLimpl::encrypt(void *&out, int &outlen, const void *in, int inlen,
// free encrypted key data
free(ek);
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
outlen = out_offset;
@ -1358,7 +1442,7 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
// out = malloc(inlen);
// memcpy(out, in, inlen);
// outlen = inlen;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
int eklen = 0, net_ekl = 0;
unsigned char *ek = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
@ -1370,7 +1454,6 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
std::cerr << "(EE) Cannot allocate memory for " << ek_mkl << " bytes in " << __PRETTY_FUNCTION__ << std::endl;
return false ;
}
EVP_CIPHER_CTX_init(&ctx);
int in_offset = 0, out_currOffset = 0;
int size_net_ekl = sizeof(net_ekl);
@ -1402,7 +1485,7 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
const EVP_CIPHER* cipher = EVP_aes_128_cbc();
if(0 == EVP_OpenInit(&ctx, cipher, ek, eklen, iv, mOwnPrivateKey)) {
if(0 == EVP_OpenInit(ctx, cipher, ek, eklen, iv, mOwnPrivateKey)) {
free(ek);
return false;
}
@ -1414,7 +1497,7 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
free(ek) ;
return false ;
}
if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset)) {
if(!EVP_OpenUpdate(ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset)) {
free(ek);
free(out) ;
out = NULL;
@ -1424,7 +1507,7 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
in_offset += out_currOffset;
outlen += out_currOffset;
if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset)) {
if(!EVP_OpenFinal(ctx, (unsigned char*)out + out_currOffset, &out_currOffset)) {
free(ek);
free(out) ;
out = NULL;
@ -1436,7 +1519,7 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
if(ek != NULL)
free(ek);
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSLimpl::decrypt() finished with outlen : " << outlen << std::endl;

9
libretroshare/src/pqi/pqissl.cc
View File

@ -361,7 +361,11 @@ void pqissl::getCryptoParams(RsPeerCryptoParams& params)
bool pqissl::actAsServer()
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
return (bool)ssl_connection->server;
#else
return (bool)SSL_is_server(ssl_connection);
#endif
}
/* returns ...
@ -1226,8 +1230,13 @@ int pqissl::Extract_Failed_SSL_Certificate()
RsPeerId sslid ;
getX509id(peercert, sslid) ;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RsPgpId gpgid(getX509CNString(peercert->cert_info->issuer));
std::string sslcn = getX509CNString(peercert->cert_info->subject);
#else
RsPgpId gpgid(getX509CNString(X509_get_issuer_name(peercert)));
std::string sslcn = getX509CNString(X509_get_subject_name(peercert));
#endif
AuthSSL::getAuthSSL()->FailedCertificate(peercert, gpgid,sslid,sslcn,remote_addr, false);
mLinkMgr->notifyDeniedConnection(gpgid, sslid, sslcn, remote_addr, false);

9
libretroshare/src/pqi/pqissllistener.cc
View File

@ -494,8 +494,13 @@ int pqissllistenbase::continueSSL(IncomingSSLInfo& incoming_connexion_info, bool
#endif
if(x509 != NULL)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
incoming_connexion_info.gpgid = RsPgpId(std::string(getX509CNString(x509->cert_info->issuer)));
incoming_connexion_info.sslcn = getX509CNString(x509->cert_info->subject);
#else
incoming_connexion_info.gpgid = RsPgpId(std::string(getX509CNString(X509_get_issuer_name(x509))));
incoming_connexion_info.sslcn = getX509CNString(X509_get_subject_name(x509));
#endif
getX509id(x509,incoming_connexion_info.sslid);
@ -888,7 +893,11 @@ int pqissllistener::completeConnection(int fd, IncomingSSLInfo& info)
AuthSSL::getAuthSSL()->CheckCertificate(newPeerId, peercert);
/* now need to get GPG id too */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RsPgpId pgpid(std::string(getX509CNString(peercert->cert_info->issuer)));
#else
RsPgpId pgpid(std::string(getX509CNString(X509_get_issuer_name(peercert))));
#endif
mPeerMgr->addFriend(newPeerId, pgpid);
X509_free(peercert);

1
libretroshare/src/pqi/pqistreamer.cc
View File

@ -26,6 +26,7 @@
#include "pqi/pqistreamer.h"
#include <sys/time.h> // for gettimeofday
#include <stdlib.h> // for free, realloc, exit
#include <string.h> // for memcpy, memset, memcmp
#include <time.h> // for NULL, time, time_t

18
libretroshare/src/pqi/sslfns.cc
View File

@ -242,6 +242,7 @@ X509_REQ *GenerateX509Req(
#define SERIAL_RAND_BITS 64
#ifdef UNUSED_CODE
X509 *SignX509Certificate(X509_NAME *issuer, EVP_PKEY *privkey, X509_REQ *req, long days)
{
const EVP_MD *digest = EVP_sha1();
@ -369,6 +370,7 @@ X509 *SignX509Certificate(X509_NAME *issuer, EVP_PKEY *privkey, X509_REQ *req, l
return x509;
}
#endif
/********************************************************************************/
/********************************************************************************/
@ -600,7 +602,14 @@ bool getX509id(X509 *x509, RsPeerId& xid)
}
// get the signature from the cert, and copy to the array.
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ASN1_BIT_STRING *signature = x509->signature;
#else
const ASN1_BIT_STRING *signature = NULL ;
const X509_ALGOR *algor ;
X509_get0_signature(&signature,&algor,x509);
#endif
int signlen = ASN1_STRING_length(signature);
if (signlen < CERTSIGNLEN)
{
@ -612,12 +621,14 @@ bool getX509id(X509 *x509, RsPeerId& xid)
}
// else copy in the first CERTSIGNLEN.
unsigned char *signdata = ASN1_STRING_data(signature);
unsigned char *signdata = ASN1_STRING_data(const_cast<ASN1_BIT_STRING*>(signature));
/* switched to the other end of the signature. for
* more randomness
*/
#warning this is cryptographically horrible. We should do a hash of the public key here!!!
xid = RsPeerId(&signdata[signlen - CERTSIGNLEN]) ;
//for(int i = signlen - CERTSIGNLEN; i < signlen; i++)
@ -689,8 +700,13 @@ int LoadCheckX509(const char *cert_file, RsPgpId& issuerName, std::string &locat
if (valid)
{
// extract the name.
#if OPENSSL_VERSION_NUMBER < 0x10100000L
issuerName = RsPgpId(std::string(getX509CNString(x509->cert_info->issuer)));
location = getX509LocString(x509->cert_info->subject);
#else
issuerName = RsPgpId(std::string(getX509CNString(X509_get_issuer_name(x509))));
location = getX509LocString(X509_get_subject_name(x509));
#endif
}
#ifdef AUTHSSL_DEBUG

34
libretroshare/src/util/rsaes.cc
View File

@ -52,9 +52,8 @@ bool RsAES::aes_crypt_8_16(const uint8_t *input_data,uint32_t input_data_length,
return false ;
}
EVP_CIPHER_CTX e_ctx ;
EVP_CIPHER_CTX_init(&e_ctx);
EVP_EncryptInit_ex(&e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
EVP_CIPHER_CTX *e_ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
/* max ciphertext len for a n bytes of plaintext is n + AES_BLOCK_SIZE -1 bytes */
int c_len = input_data_length + AES_BLOCK_SIZE ;
@ -62,31 +61,31 @@ bool RsAES::aes_crypt_8_16(const uint8_t *input_data,uint32_t input_data_length,
if(output_data_length < (uint32_t)c_len)
{
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return false ;
}
/* update ciphertext, c_len is filled with the length of ciphertext generated,
*len is the size of plaintext in bytes */
if(!EVP_EncryptUpdate(&e_ctx, output_data, &c_len, input_data, input_data_length))
if(!EVP_EncryptUpdate(e_ctx, output_data, &c_len, input_data, input_data_length))
{
std::cerr << "RsAES: decryption failed at end. Check padding." << std::endl;
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return false ;
}
/* update ciphertext with the final remaining bytes */
if(!EVP_EncryptFinal_ex(&e_ctx, output_data+c_len, &f_len))
if(!EVP_EncryptFinal_ex(e_ctx, output_data+c_len, &f_len))
{
std::cerr << "RsAES: decryption failed at end. Check padding." << std::endl;
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return false ;
}
output_data_length = c_len + f_len;
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return true;
}
@ -108,9 +107,8 @@ bool RsAES::aes_decrypt_8_16(const uint8_t *input_data,uint32_t input_data_lengt
return false ;
}
EVP_CIPHER_CTX e_ctx ;
EVP_CIPHER_CTX_init(&e_ctx);
EVP_DecryptInit_ex(&e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
EVP_CIPHER_CTX *e_ctx = EVP_CIPHER_CTX_new();
EVP_DecryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
/* max ciphertext len for a n bytes of plaintext is n + AES_BLOCK_SIZE -1 bytes */
int c_len = input_data_length + AES_BLOCK_SIZE ;
@ -118,7 +116,7 @@ bool RsAES::aes_decrypt_8_16(const uint8_t *input_data,uint32_t input_data_lengt
if(output_data_length < (uint32_t)c_len)
{
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return false ;
}
@ -127,24 +125,24 @@ bool RsAES::aes_decrypt_8_16(const uint8_t *input_data,uint32_t input_data_lengt
/* update ciphertext, c_len is filled with the length of ciphertext generated,
*len is the size of plaintext in bytes */
if(! EVP_DecryptUpdate(&e_ctx, output_data, &c_len, input_data, input_data_length))
if(! EVP_DecryptUpdate(e_ctx, output_data, &c_len, input_data, input_data_length))
{
std::cerr << "RsAES: decryption failed." << std::endl;
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return false ;
}
/* update ciphertext with the final remaining bytes */
if(!EVP_DecryptFinal_ex(&e_ctx, output_data+c_len, &f_len))
if(!EVP_DecryptFinal_ex(e_ctx, output_data+c_len, &f_len))
{
std::cerr << "RsAES: decryption failed at end. Check padding." << std::endl;
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return false ;
}
output_data_length = c_len + f_len;
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return true;
}

16
libretroshare/src/util/rsrecogn.cc
View File

@ -28,6 +28,7 @@
#include "util/rsrecogn.h"
#include "util/radix64.h"
#include "util/rsstring.h"
#include "util/rsdir.h"
#include "gxs/gxssecurity.h"
@ -507,9 +508,23 @@ bool RsRecogn::itemToRadix64(RsItem *item, std::string &radstr)
std::string RsRecogn::getRsaKeyId(RSA *pubkey)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
int len = BN_num_bytes(pubkey -> n);
unsigned char tmp[len];
BN_bn2bin(pubkey -> n, tmp);
#else
const BIGNUM *nn=NULL ;
RSA_get0_key(pubkey,&nn,NULL,NULL) ;
int len = BN_num_bytes(nn);
unsigned char tmp[len];
BN_bn2bin(nn, tmp);
#endif
return RsDirUtil::sha1sum(tmp,len).toStdString();
#ifdef OLD_VERSION_REMOVED
// (cyril) I removed this because this is cryptographically insane, as it allows to easily forge a RSA key with the same ID.
// copy first CERTSIGNLEN bytes...
if (len > CERTSIGNLEN)
@ -524,6 +539,7 @@ std::string RsRecogn::getRsaKeyId(RSA *pubkey)
}
return id;
#endif
}

3
retroshare.pri
View File

@ -60,6 +60,9 @@ rs_nodeprecatedwarning:CONFIG -= no_rs_nodeprecatedwarning
CONFIG *= no_rs_nocppwarning
rs_nocppwarning:CONFIG -= no_rs_nocppwarning
INCLUDEPATH += /usr/local/openssl/include
LIBS += -L/usr/local/openssl/lib
unix {
isEmpty(PREFIX) { PREFIX = "/usr" }
isEmpty(BIN_DIR) { BIN_DIR = "$${PREFIX}/bin" }