Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-05-03 22:55:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into gxs_mail_experiments

Browse source
This commit is contained in:
Gioacchino Mazzurco 2017-02-27 08:43:29 +01:00
commit 9a3af092eb
136 changed files with 5570 additions and 3846 deletions
Download patch file Download diff file Expand all files Collapse all files

24
libretroshare/src/crypto/chacha20.cpp
View file

@ -537,6 +537,7 @@ bool AEAD_chacha20_sha256(uint8_t key[32], uint8_t nonce[12],uint8_t *data,uint3
uint8_t computed_tag[EVP_MAX_MD_SIZE];
unsigned int md_size ;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
HMAC_CTX hmac_ctx ;
HMAC_CTX_init(&hmac_ctx) ;
@ -544,6 +545,17 @@ bool AEAD_chacha20_sha256(uint8_t key[32], uint8_t nonce[12],uint8_t *data,uint3
HMAC_Update(&hmac_ctx,aad,aad_size) ;
HMAC_Update(&hmac_ctx,data,data_size) ;
HMAC_Final(&hmac_ctx,computed_tag,&md_size) ;
#else
HMAC_CTX *hmac_ctx = HMAC_CTX_new();
HMAC_Init_ex(hmac_ctx,key,32,EVP_sha256(),NULL) ;
HMAC_Update(hmac_ctx,aad,aad_size) ;
HMAC_Update(hmac_ctx,data,data_size) ;
HMAC_Final(hmac_ctx,computed_tag,&md_size) ;
HMAC_CTX_free(hmac_ctx) ;
hmac_ctx=NULL;
#endif
assert(md_size >= 16);
@ -556,6 +568,7 @@ bool AEAD_chacha20_sha256(uint8_t key[32], uint8_t nonce[12],uint8_t *data,uint3
uint8_t computed_tag[EVP_MAX_MD_SIZE];
unsigned int md_size ;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
HMAC_CTX hmac_ctx ;
HMAC_CTX_init(&hmac_ctx) ;
@ -563,6 +576,17 @@ bool AEAD_chacha20_sha256(uint8_t key[32], uint8_t nonce[12],uint8_t *data,uint3
HMAC_Update(&hmac_ctx,aad,aad_size) ;
HMAC_Update(&hmac_ctx,data,data_size) ;
HMAC_Final(&hmac_ctx,computed_tag,&md_size) ;
#else
HMAC_CTX *hmac_ctx = HMAC_CTX_new();
HMAC_Init_ex(hmac_ctx,key,32,EVP_sha256(),NULL) ;
HMAC_Update(hmac_ctx,aad,aad_size) ;
HMAC_Update(hmac_ctx,data,data_size) ;
HMAC_Final(hmac_ctx,computed_tag,&md_size) ;
HMAC_CTX_free(hmac_ctx) ;
hmac_ctx=NULL;
#endif
// decrypt

34
libretroshare/src/file_sharing/directory_updater.cc
View file

@ -70,24 +70,28 @@ void LocalDirectoryUpdater::setEnabled(bool b)
void LocalDirectoryUpdater::data_tick()
{
time_t now = time(NULL) ;
if(now > mDelayBetweenDirectoryUpdates + mLastSweepTime)
if (mIsEnabled)
{
if(sweepSharedDirectories())
{
mNeedsFullRecheck = false ;
mLastSweepTime = now;
mSharedDirectories->notifyTSChanged() ;
}
else
std::cerr << "(WW) sweepSharedDirectories() failed. Will do it again in a short time." << std::endl;
if(now > mDelayBetweenDirectoryUpdates + mLastSweepTime)
{
if(sweepSharedDirectories())
{
mNeedsFullRecheck = false;
mLastSweepTime = now ;
mSharedDirectories->notifyTSChanged();
}
else
std::cerr << "(WW) sweepSharedDirectories() failed. Will do it again in a short time." << std::endl;
}
if(now > DELAY_BETWEEN_LOCAL_DIRECTORIES_TS_UPDATE + mLastTSUpdateTime)
{
mSharedDirectories->updateTimeStamps() ;
mLastTSUpdateTime = now ;
}
}
if(now > DELAY_BETWEEN_LOCAL_DIRECTORIES_TS_UPDATE + mLastTSUpdateTime)
{
mSharedDirectories->updateTimeStamps() ;
mLastTSUpdateTime = now ;
}
usleep(10*1000*1000);
}

2
libretroshare/src/file_sharing/p3filelists.cc
View file

@ -179,7 +179,7 @@ int p3FileDatabase::tick()
#endif
last_print_time = now ;
//#warning this should be removed, but it's necessary atm for updating the GUI
#warning mr-alice 2016-08-19: This should be removed, but it's necessary atm for updating the GUI
RsServer::notify()->notifyListChange(NOTIFY_LIST_DIRLIST_LOCAL, 0);
}

353
libretroshare/src/gxs/gxssecurity.cc
View file

@ -41,20 +41,31 @@ static const uint32_t MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE = 256 ;
static RsGxsId getRsaKeyFingerprint_old_insecure_method(RSA *pubkey)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
int lenn = BN_num_bytes(pubkey -> n);
RsTemporaryMemory tmp(lenn) ;
BN_bn2bin(pubkey -> n, tmp);
#else
const BIGNUM *nn=NULL,*ee=NULL ;
RSA_get0_key(pubkey,&nn,&ee,NULL) ;
int lenn = BN_num_bytes(nn);
RsTemporaryMemory tmp(lenn) ;
BN_bn2bin(nn, tmp);
#endif
// Copy first CERTSIGNLEN bytes from the hash of the public modulus and exponent
// We should not be using strings here, but a real ID. To be done later.
// We should not be using strings here, but a real ID. To be done later.
assert(lenn >= CERTSIGNLEN) ;
assert(lenn >= CERTSIGNLEN) ;
return RsGxsId((unsigned char*)tmp) ;
return RsGxsId((unsigned char*)tmp) ;
}
static RsGxsId getRsaKeyFingerprint(RSA *pubkey)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
int lenn = BN_num_bytes(pubkey -> n);
int lene = BN_num_bytes(pubkey -> e);
@ -62,6 +73,18 @@ static RsGxsId getRsaKeyFingerprint(RSA *pubkey)
BN_bn2bin(pubkey -> n, tmp);
BN_bn2bin(pubkey -> e, &tmp[lenn]);
#else
const BIGNUM *nn=NULL,*ee=NULL ;
RSA_get0_key(pubkey,&nn,&ee,NULL) ;
int lenn = BN_num_bytes(nn);
int lene = BN_num_bytes(ee);
RsTemporaryMemory tmp(lenn+lene) ;
BN_bn2bin(nn, tmp);
BN_bn2bin(ee, &tmp[lenn]);
#endif
Sha1CheckSum s = RsDirUtil::sha1sum(tmp,lenn+lene) ;
@ -530,11 +553,10 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
return false;
}
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
int eklen, net_ekl;
unsigned char *ek;
unsigned char iv[EVP_MAX_IV_LENGTH];
EVP_CIPHER_CTX_init(&ctx);
int out_currOffset = 0;
int out_offset = 0;
@ -551,7 +573,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
int max_outlen = inlen + cipher_block_size + EVP_MAX_IV_LENGTH + max_evp_key_size + size_net_ekl;
// intialize context and send store encrypted cipher in ek
if(!EVP_SealInit(&ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) return false;
if(!EVP_SealInit(ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) return false;
// now assign memory to out accounting for data, and cipher block size, key length, and key length val
out = (uint8_t*)rs_malloc(inlen + cipher_block_size + size_net_ekl + eklen + EVP_MAX_IV_LENGTH) ;
@ -570,7 +592,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
out_offset += EVP_MAX_IV_LENGTH;
// now encrypt actual data
if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen))
if(!EVP_SealUpdate(ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen))
{
free(out) ;
out = NULL ;
@ -581,7 +603,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
out_offset += out_currOffset;
// add padding
if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset))
if(!EVP_SealFinal(ctx, (unsigned char*) out + out_offset, &out_currOffset))
{
free(out) ;
out = NULL ;
@ -602,7 +624,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
// free encrypted key data
free(ek);
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
outlen = out_offset;
return true;
@ -613,152 +635,151 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
#ifdef DISTRIB_DEBUG
std::cerr << "GxsSecurity::encrypt() " << std::endl;
#endif
// Encrypts (in,inlen) into (out,outlen) using the given RSA public key.
// The format of the encrypted data is:
//
// [--- ID ---|--- number of encrypted keys---| n * (--- Encrypted session keys ---) |--- IV ---|---- Encrypted data ---]
// 2 bytes 2 byte = n 256 bytes EVP_MAX_IV_LENGTH Rest of packet
//
// Encrypts (in,inlen) into (out,outlen) using the given RSA public key.
// The format of the encrypted data is:
//
// [--- ID ---|--- number of encrypted keys---| n * (--- Encrypted session keys ---) |--- IV ---|---- Encrypted data ---]
// 2 bytes 2 byte = n 256 bytes EVP_MAX_IV_LENGTH Rest of packet
//
out = NULL ;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
std::vector<EVP_PKEY *> public_keys(keys.size(),NULL);
try
{
for(uint32_t i=0;i<keys.size();++i)
{
RSA *tmpkey = ::extractPublicKey(keys[i]) ;
RSA *rsa_publish_pub = RSAPublicKey_dup(tmpkey) ;
RSA_free(tmpkey) ;
if(rsa_publish_pub != NULL)
{
public_keys[i] = EVP_PKEY_new();
EVP_PKEY_assign_RSA(public_keys[i], rsa_publish_pub);
}
else
{
std::cerr << "GxsSecurity(): Could not generate public key for key id " << keys[i].keyId << std::endl;
throw std::runtime_error("Cannot extract public key") ;
}
}
unsigned char iv[EVP_MAX_IV_LENGTH];
std::vector<unsigned char *> ek(keys.size(),NULL) ;
std::vector<int> eklen(keys.size(),0) ;
for(uint32_t i=0;i<keys.size();++i)
{
int max_evp_key_size = EVP_PKEY_size(public_keys[i]);
if(max_evp_key_size != MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE)
throw std::runtime_error("EVP_PKEY_size should be equal to 256. It's not!") ;
ek[i] = (unsigned char*)rs_malloc(max_evp_key_size);
if(ek[i] == NULL)
throw std::runtime_error("malloc error on encrypted keys") ;
}
const EVP_CIPHER *cipher = EVP_aes_128_cbc();
int cipher_block_size = EVP_CIPHER_block_size(cipher);
// intialize context and send store encrypted cipher in ek
if(!EVP_SealInit(&ctx, EVP_aes_128_cbc(), ek.data(), eklen.data(), iv, public_keys.data(), keys.size()))
return false;
// now we can release the encryption keys
for(uint32_t i=0;i<public_keys.size();++i)
EVP_PKEY_free(public_keys[i]) ;
public_keys.clear() ;
int total_ek_size = MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE * keys.size() ;
int max_outlen = MULTI_ENCRYPTION_FORMAT_v001_HEADER_SIZE + MULTI_ENCRYPTION_FORMAT_v001_NUMBER_OF_KEYS_SIZE + total_ek_size + EVP_MAX_IV_LENGTH + (inlen + cipher_block_size) ;
// now assign memory to out accounting for data, and cipher block size, key length, and key length val
out = (uint8_t*)rs_malloc(max_outlen);
if(out == NULL)
return false ;
int out_offset = 0;
// header
out[out_offset++] = MULTI_ENCRYPTION_FORMAT_v001_HEADER & 0xff ;
out[out_offset++] = (MULTI_ENCRYPTION_FORMAT_v001_HEADER >> 8) & 0xff ;
// number of keys
out[out_offset++] = keys.size() & 0xff ;
out[out_offset++] = (keys.size() >> 8) & 0xff ;
// encrypted keys, each preceeded with its length
for(uint32_t i=0;i<keys.size();++i)
{
if(eklen[i] != MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE)
{
std::cerr << "(EE) eklen[i]=" << eklen[i] << " in " << __PRETTY_FUNCTION__ << " for key id " << keys[i].keyId << ". This is unexpected. Cannot encrypt." << std::endl;
throw std::runtime_error("Encryption error") ;
}
memcpy((unsigned char*)out + out_offset, ek[i],eklen[i]) ;
out_offset += eklen[i] ;
}
memcpy((unsigned char*)out + out_offset, iv, EVP_MAX_IV_LENGTH);
out_offset += EVP_MAX_IV_LENGTH;
int out_currOffset = 0;
// now encrypt actual data
if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen))
throw std::runtime_error("Encryption error in SealUpdate()") ;
// move along to partial block space
out_offset += out_currOffset;
// add padding
if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset))
throw std::runtime_error("Encryption error in SealFinal()") ;
// move to end
out_offset += out_currOffset;
// make sure offset has not gone passed valid memory bounds
if(out_offset > max_outlen)
throw std::runtime_error("Memory used by encryption exceeds allocated memory block") ;
// free encrypted key data
for(uint32_t i=0;i<keys.size();++i)
if(ek[i]) free(ek[i]);
outlen = out_offset;
EVP_CIPHER_CTX_cleanup(&ctx);
return true;
}
catch(std::exception& e)
{
std::cerr << "(EE) Exception caught while encrypting: " << e.what() << std::endl;
EVP_CIPHER_CTX_cleanup(&ctx);
if(out) free(out) ;
out = NULL ;
for(uint32_t i=0;i<public_keys.size();++i)
EVP_PKEY_free(public_keys[i]) ;
public_keys.clear() ;
return false ;
}
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
std::vector<EVP_PKEY *> public_keys(keys.size(),NULL);
try
{
for(uint32_t i=0;i<keys.size();++i)
{
RSA *tmpkey = ::extractPublicKey(keys[i]) ;
RSA *rsa_publish_pub = RSAPublicKey_dup(tmpkey) ;
RSA_free(tmpkey) ;
if(rsa_publish_pub != NULL)
{
public_keys[i] = EVP_PKEY_new();
EVP_PKEY_assign_RSA(public_keys[i], rsa_publish_pub);
}
else
{
std::cerr << "GxsSecurity(): Could not generate public key for key id " << keys[i].keyId << std::endl;
throw std::runtime_error("Cannot extract public key") ;
}
}
unsigned char iv[EVP_MAX_IV_LENGTH];
std::vector<unsigned char *> ek(keys.size(),NULL) ;
std::vector<int> eklen(keys.size(),0) ;
for(uint32_t i=0;i<keys.size();++i)
{
int max_evp_key_size = EVP_PKEY_size(public_keys[i]);
if(max_evp_key_size != MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE)
throw std::runtime_error("EVP_PKEY_size should be equal to 256. It's not!") ;
ek[i] = (unsigned char*)rs_malloc(max_evp_key_size);
if(ek[i] == NULL)
throw std::runtime_error("malloc error on encrypted keys") ;
}
const EVP_CIPHER *cipher = EVP_aes_128_cbc();
int cipher_block_size = EVP_CIPHER_block_size(cipher);
// intialize context and send store encrypted cipher in ek
if(!EVP_SealInit(ctx, EVP_aes_128_cbc(), ek.data(), eklen.data(), iv, public_keys.data(), keys.size()))
return false;
// now we can release the encryption keys
for(uint32_t i=0;i<public_keys.size();++i)
EVP_PKEY_free(public_keys[i]) ;
public_keys.clear() ;
int total_ek_size = MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE * keys.size() ;
int max_outlen = MULTI_ENCRYPTION_FORMAT_v001_HEADER_SIZE + MULTI_ENCRYPTION_FORMAT_v001_NUMBER_OF_KEYS_SIZE + total_ek_size + EVP_MAX_IV_LENGTH + (inlen + cipher_block_size) ;
// now assign memory to out accounting for data, and cipher block size, key length, and key length val
out = (uint8_t*)rs_malloc(max_outlen);
if(out == NULL)
return false ;
int out_offset = 0;
// header
out[out_offset++] = MULTI_ENCRYPTION_FORMAT_v001_HEADER & 0xff ;
out[out_offset++] = (MULTI_ENCRYPTION_FORMAT_v001_HEADER >> 8) & 0xff ;
// number of keys
out[out_offset++] = keys.size() & 0xff ;
out[out_offset++] = (keys.size() >> 8) & 0xff ;
// encrypted keys, each preceeded with its length
for(uint32_t i=0;i<keys.size();++i)
{
if(eklen[i] != MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE)
{
std::cerr << "(EE) eklen[i]=" << eklen[i] << " in " << __PRETTY_FUNCTION__ << " for key id " << keys[i].keyId << ". This is unexpected. Cannot encrypt." << std::endl;
throw std::runtime_error("Encryption error") ;
}
memcpy((unsigned char*)out + out_offset, ek[i],eklen[i]) ;
out_offset += eklen[i] ;
}
memcpy((unsigned char*)out + out_offset, iv, EVP_MAX_IV_LENGTH);
out_offset += EVP_MAX_IV_LENGTH;
int out_currOffset = 0;
// now encrypt actual data
if(!EVP_SealUpdate(ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen))
throw std::runtime_error("Encryption error in SealUpdate()") ;
// move along to partial block space
out_offset += out_currOffset;
// add padding
if(!EVP_SealFinal(ctx, (unsigned char*) out + out_offset, &out_currOffset))
throw std::runtime_error("Encryption error in SealFinal()") ;
// move to end
out_offset += out_currOffset;
// make sure offset has not gone passed valid memory bounds
if(out_offset > max_outlen)
throw std::runtime_error("Memory used by encryption exceeds allocated memory block") ;
// free encrypted key data
for(uint32_t i=0;i<keys.size();++i)
if(ek[i]) free(ek[i]);
outlen = out_offset;
EVP_CIPHER_CTX_free(ctx);
return true;
}
catch(std::exception& e)
{
std::cerr << "(EE) Exception caught while encrypting: " << e.what() << std::endl;
EVP_CIPHER_CTX_free(ctx);
if(out) free(out) ;
out = NULL ;
for(uint32_t i=0;i<public_keys.size();++i)
EVP_PKEY_free(public_keys[i]) ;
public_keys.clear() ;
return false ;
}
}
bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, uint32_t inlen, const RsTlvPrivateRSAKey &key)
@ -794,7 +815,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
}
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
int eklen = 0, net_ekl = 0;
unsigned char *ek = (unsigned char*)rs_malloc(EVP_PKEY_size(privateKey));
@ -802,7 +823,6 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
return false ;
unsigned char iv[EVP_MAX_IV_LENGTH];
EVP_CIPHER_CTX_init(&ctx);
int in_offset = 0, out_currOffset = 0;
int size_net_ekl = sizeof(net_ekl);
@ -827,7 +847,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
const EVP_CIPHER* cipher = EVP_aes_128_cbc();
if(!EVP_OpenInit(&ctx, cipher, ek, eklen, iv, privateKey))
if(!EVP_OpenInit(ctx, cipher, ek, eklen, iv, privateKey))
{
std::cerr << "(EE) Cannot decrypt data. Most likely reason: private GXS key is missing." << std::endl;
return false;
@ -843,7 +863,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
if(out == NULL)
return false;
if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset))
if(!EVP_OpenUpdate(ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset))
{
free(out) ;
out = NULL ;
@ -852,7 +872,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
outlen = out_currOffset;
if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset))
if(!EVP_OpenFinal(ctx, (unsigned char*)out + out_currOffset, &out_currOffset))
{
free(out) ;
out = NULL ;
@ -862,7 +882,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
outlen += out_currOffset;
free(ek);
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
return true;
}
@ -879,8 +899,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
#ifdef DISTRIB_DEBUG
std::cerr << "GxsSecurity::decrypt() " << std::endl;
#endif
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
try
{
@ -951,10 +970,10 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
for(uint32_t i=0;i<number_of_keys && !succeed;++i)
{
succeed = EVP_OpenInit(&ctx, EVP_aes_128_cbc(),in + encrypted_keys_offset + i*MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE , MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE, in+IV_offset, privateKey);
succeed = EVP_OpenInit(ctx, EVP_aes_128_cbc(),in + encrypted_keys_offset + i*MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE , MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE, in+IV_offset, privateKey);
if(!succeed)
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_cleanup(ctx);
#ifdef GXS_SECURITY_DEBUG
std::cerr << " encrypted key at offset " << encrypted_keys_offset + i*MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE << ": " << succeed << std::endl;
@ -978,12 +997,12 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
int out_currOffset = 0 ;
if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + encrypted_block_offset, encrypted_block_size))
if(!EVP_OpenUpdate(ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + encrypted_block_offset, encrypted_block_size))
throw std::runtime_error("Decryption error in EVP_OpenUpdate") ;
outlen = out_currOffset;
if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset))
if(!EVP_OpenFinal(ctx, (unsigned char*)out + out_currOffset, &out_currOffset))
throw std::runtime_error("Decryption error in EVP_OpenFinal") ;
outlen += out_currOffset;
@ -991,7 +1010,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
#ifdef GXS_SECURITY_DEBUG
std::cerr << " successfully decrypted block of size " << outlen << std::endl;
#endif
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
return true;
}
catch(std::exception& e)
@ -1007,7 +1026,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
out = NULL ;
}
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
return false;
}
}

16
libretroshare/src/gxstunnel/p3gxstunnel.cc
View file

@ -1055,7 +1055,13 @@ bool p3GxsTunnelService::locked_sendDHPublicKey(const DH *dh,const RsGxsId& own_
}
RsGxsTunnelDHPublicKeyItem *dhitem = new RsGxsTunnelDHPublicKeyItem ;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
dhitem->public_key = BN_dup(dh->pub_key) ;
#else
const BIGNUM *pub_key=NULL ;
DH_get0_key(dh,&pub_key,NULL) ;
dhitem->public_key = BN_dup(pub_key) ;
#endif
// we should also sign the data and check the signature on the other end.
//
@ -1133,8 +1139,18 @@ bool p3GxsTunnelService::locked_initDHSessionKey(DH *& dh)
return false ;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
BN_hex2bn(&dh->p,dh_prime_2048_hex.c_str()) ;
BN_hex2bn(&dh->g,"5") ;
#else
BIGNUM *pp=NULL ;
BIGNUM *gg=NULL ;
BN_hex2bn(&pp,dh_prime_2048_hex.c_str()) ;
BN_hex2bn(&gg,"5") ;
DH_set0_pqg(dh,pp,NULL,gg) ;
#endif
int codes = 0 ;

17
libretroshare/src/pgp/rscertificate.cc
View file

@ -431,12 +431,25 @@ unsigned short RsCertificate::loc_port_us() const
return (int)ipv4_internal_ip_and_port[4]*256 + (int)ipv4_internal_ip_and_port[5] ;
}
bool RsCertificate::cleanCertificate(const std::string& input,std::string& output,Format& format,int& error_code)
bool RsCertificate::cleanCertificate(const std::string& input,std::string& output,Format& format,int& error_code,bool check_content)
{
if(cleanCertificate(input,output,error_code))
{
format = RS_CERTIFICATE_RADIX ;
return true ;
if(!check_content)
return true ;
try
{
RsCertificate c(input) ;
return true ;
}
catch(uint32_t err_code)
{
error_code = err_code ;
return false;
}
}
return false ;

2
libretroshare/src/pgp/rscertificate.h
View file

@ -41,7 +41,7 @@ class RsCertificate
const unsigned char *pgp_key() const { return binary_pgp_key ; }
size_t pgp_key_size() const { return binary_pgp_key_size ; }
static bool cleanCertificate(const std::string& input,std::string& output,RsCertificate::Format& format,int& error_code) ;
static bool cleanCertificate(const std::string& input, std::string& output, RsCertificate::Format& format, int& error_code, bool check_content) ;
private:
static bool cleanCertificate(const std::string& input,std::string& output,int&) ; // new radix format

149
libretroshare/src/pqi/authssl.cc
View file

@ -245,12 +245,18 @@ sslcert::sslcert(X509 *x509, const RsPeerId& pid)
{
certificate = x509;
id = pid;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
name = getX509CNString(x509->cert_info->subject);
org = getX509OrgString(x509->cert_info->subject);
location = getX509LocString(x509->cert_info->subject);
email = "";
issuer = RsPgpId(std::string(getX509CNString(x509->cert_info->issuer)));
#else
name = getX509CNString(X509_get_subject_name(x509));
org = getX509OrgString(X509_get_subject_name(x509));
location = getX509LocString(X509_get_subject_name(x509));
issuer = RsPgpId(std::string(getX509CNString(X509_get_issuer_name(x509))));
#endif
email = "";
authed = false;
}
@ -371,8 +377,17 @@ static int initLib = 0;
if (dh)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
BN_hex2bn(&dh->p,dh_prime_4096_hex.c_str()) ;
BN_hex2bn(&dh->g,"5") ;
#else
BIGNUM *pp=NULL,*gg=NULL ;
BN_hex2bn(&pp,dh_prime_4096_hex.c_str()) ;
BN_hex2bn(&gg,"5");
DH_set0_pqg(dh,pp,NULL,gg) ;
#endif
std::cout.flush() ;
@ -776,47 +791,72 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long /*days*/)
std::cerr << "X509 Cert, prepared for signing" << std::endl;
/*** NOW The Manual signing bit (HACKED FROM asn1/a_sign.c) ***/
//
// The code has been copied in order to use the PGP signing instead of supplying the
// private EVP_KEY to ASN1_sign(), which would be another alternative.
#if OPENSSL_VERSION_NUMBER < 0x10100000L
int (*i2d)(X509_CINF*, unsigned char**) = i2d_X509_CINF;
X509_ALGOR *algor1 = x509->cert_info->signature;
X509_ALGOR *algor2 = x509->sig_alg;
ASN1_BIT_STRING *signature = x509->signature;
X509_CINF *data = x509->cert_info;
#else
const X509_ALGOR *algor1 = X509_get0_tbs_sigalg(x509) ;
const X509_ALGOR *algor2 = NULL ;
const ASN1_BIT_STRING *tmp_signature = NULL ;
X509_get0_signature(&tmp_signature,&algor2,x509);
ASN1_BIT_STRING *signature = const_cast<ASN1_BIT_STRING*>(tmp_signature);
#endif
//EVP_PKEY *pkey = NULL;
const EVP_MD *type = EVP_sha1();
EVP_MD_CTX ctx;
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
unsigned char *p,*buf_in=NULL;
unsigned char *buf_hashout=NULL,*buf_sigout=NULL;
int inl=0,hashoutl=0;
int sigoutl=0;
X509_ALGOR *a;
EVP_MD_CTX_init(&ctx);
/* FIX ALGORITHMS */
a = algor1;
a = const_cast<X509_ALGOR*>(algor1);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ASN1_TYPE_free(a->parameter);
a->parameter=ASN1_TYPE_new();
a->parameter->type=V_ASN1_NULL;
ASN1_OBJECT_free(a->algorithm);
a->algorithm=OBJ_nid2obj(type->pkey_type);
#else
X509_ALGOR_set0(a,OBJ_nid2obj(EVP_MD_pkey_type(type)),V_ASN1_NULL,NULL);
#endif
a = algor2;
a = const_cast<X509_ALGOR*>(algor2);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ASN1_TYPE_free(a->parameter);
a->parameter=ASN1_TYPE_new();
a->parameter->type=V_ASN1_NULL;
ASN1_OBJECT_free(a->algorithm);
a->algorithm=OBJ_nid2obj(type->pkey_type);
a->algorithm=OBJ_nid2obj(type->pkey_type);
#else
X509_ALGOR_set0(a,OBJ_nid2obj(EVP_MD_pkey_type(type)),V_ASN1_NULL,NULL);
#endif
std::cerr << "Algorithms Fixed" << std::endl;
/* input buffer */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
inl=i2d(data,NULL);
buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
#else
inl=i2d_re_X509_tbs(x509,&buf_in) ; // this does the i2d over x509->cert_info
#endif
hashoutl=EVP_MD_size(type);
buf_hashout=(unsigned char *)OPENSSL_malloc((unsigned int)hashoutl);
@ -831,15 +871,17 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long /*days*/)
fprintf(stderr, "AuthSSLimpl::SignX509Req: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE)\n");
goto err;
}
p=buf_in;
std::cerr << "Buffers Allocated" << std::endl;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
p=buf_in;
i2d(data,&p);
#endif
/* data in buf_in, ready to be hashed */
EVP_DigestInit_ex(&ctx,type, NULL);
EVP_DigestUpdate(&ctx,(unsigned char *)buf_in,inl);
if (!EVP_DigestFinal(&ctx,(unsigned char *)buf_hashout,
EVP_DigestInit_ex(ctx,type, NULL);
EVP_DigestUpdate(ctx,(unsigned char *)buf_in,inl);
if (!EVP_DigestFinal(ctx,(unsigned char *)buf_hashout,
(unsigned int *)&hashoutl))
{
hashoutl=0;
@ -879,6 +921,8 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long /*days*/)
std::cerr << "Certificate Complete" << std::endl;
EVP_MD_CTX_destroy(ctx) ;
return x509;
/* XXX CLEANUP */
@ -915,7 +959,11 @@ bool AuthSSLimpl::AuthX509WithGPG(X509 *x509,uint32_t& diagnostic)
}
/* extract CN for peer Id */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RsPgpId issuer(std::string(getX509CNString(x509->cert_info->issuer)));
#else
RsPgpId issuer(std::string(getX509CNString(X509_get_issuer_name(x509))));
#endif
RsPeerDetails pd;
#ifdef AUTHSSL_DEBUG
std::cerr << "Checking GPG issuer : " << issuer.toStdString() << std::endl ;
@ -930,22 +978,33 @@ bool AuthSSLimpl::AuthX509WithGPG(X509 *x509,uint32_t& diagnostic)
/*** NOW The Manual signing bit (HACKED FROM asn1/a_sign.c) ***/
int (*i2d)(X509_CINF*, unsigned char**) = i2d_X509_CINF;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ASN1_BIT_STRING *signature = x509->signature;
X509_CINF *data = x509->cert_info;
#else
const ASN1_BIT_STRING *signature = NULL ;
const X509_ALGOR *algor2=NULL;
X509_get0_signature(&signature,&algor2,x509);
#endif
const EVP_MD *type = EVP_sha1();
EVP_MD_CTX ctx;
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
unsigned char *p,*buf_in=NULL;
unsigned char *buf_hashout=NULL,*buf_sigout=NULL;
int inl=0,hashoutl=0;
int sigoutl=0;
//X509_ALGOR *a;
EVP_MD_CTX_init(&ctx);
/* input buffer */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
inl=i2d(data,NULL);
buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
#else
inl=i2d_re_X509_tbs(x509,&buf_in) ; // this does the i2d over x509->cert_info
#endif
hashoutl=EVP_MD_size(type);
buf_hashout=(unsigned char *)OPENSSL_malloc((unsigned int)hashoutl);
@ -973,11 +1032,13 @@ bool AuthSSLimpl::AuthX509WithGPG(X509 *x509,uint32_t& diagnostic)
std::cerr << "Buffers Allocated" << std::endl;
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L
i2d(data,&p);
#endif
/* data in buf_in, ready to be hashed */
EVP_DigestInit_ex(&ctx,type, NULL);
EVP_DigestUpdate(&ctx,(unsigned char *)buf_in,inl);
if (!EVP_DigestFinal(&ctx,(unsigned char *)buf_hashout,
EVP_DigestInit_ex(ctx,type, NULL);
EVP_DigestUpdate(ctx,(unsigned char *)buf_in,inl);
if (!EVP_DigestFinal(ctx,(unsigned char *)buf_hashout,
(unsigned int *)&hashoutl))
{
hashoutl=0;
@ -1017,6 +1078,7 @@ bool AuthSSLimpl::AuthX509WithGPG(X509 *x509,uint32_t& diagnostic)
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSLimpl::AuthX509() X509 authenticated" << std::endl;
#endif
EVP_MD_CTX_destroy(ctx) ;
OPENSSL_free(buf_in) ;
OPENSSL_free(buf_hashout) ;
@ -1093,21 +1155,34 @@ static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx)
if(x509 != NULL)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RsPgpId gpgid (std::string(getX509CNString(x509->cert_info->issuer)));
#else
RsPgpId gpgid (std::string(getX509CNString(X509_get_issuer_name(x509))));
#endif
if(gpgid.isNull())
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
std::cerr << "verify_x509_callback(): wrong PGP id \"" << std::string(getX509CNString(x509->cert_info->issuer)) << "\"" << std::endl;
#else
std::cerr << "verify_x509_callback(): wrong PGP id \"" << std::string(getX509CNString(X509_get_issuer_name(x509))) << "\"" << std::endl;
#endif
return false ;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
std::string sslcn = getX509CNString(x509->cert_info->subject);
#else
std::string sslcn = getX509CNString(X509_get_subject_name(x509));
#endif
RsPeerId sslid ;
getX509id(x509,sslid);
if(sslid.isNull())
{
std::cerr << "verify_x509_callback(): wrong SSL id \"" << std::string(getX509CNString(x509->cert_info->subject)) << "\"" << std::endl;
std::cerr << "verify_x509_callback(): wrong PGP id \"" << sslcn << "\"" << std::endl;
return false ;
}
@ -1185,7 +1260,11 @@ int AuthSSLimpl::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
std::cerr << "(WW) Certificate was rejected because authentication failed. Diagnostic = " << auth_diagnostic << std::endl;
return false;
}
RsPgpId pgpid = RsPgpId(std::string(getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer)));
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RsPgpId pgpid(std::string(getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer)));
#else
RsPgpId pgpid(std::string(getX509CNString(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)))));
#endif
if (pgpid != AuthGPG::getAuthGPG()->getGPGOwnId() && !AuthGPG::getAuthGPG()->isGPGAccepted(pgpid))
{
@ -1258,15 +1337,18 @@ bool AuthSSLimpl::encrypt(void *&out, int &outlen, const void *in, int inlen,
#endif
return false;
} else {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
public_key = mCerts[peerId]->certificate->cert_info->key->pkey;
#else
public_key = X509_get0_pubkey(mCerts[peerId]->certificate) ;
#endif
}
}
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
int eklen, net_ekl;
unsigned char *ek;
unsigned char iv[EVP_MAX_IV_LENGTH];
EVP_CIPHER_CTX_init(&ctx);
int out_currOffset = 0;
int out_offset = 0;
@ -1283,7 +1365,7 @@ bool AuthSSLimpl::encrypt(void *&out, int &outlen, const void *in, int inlen,
int max_outlen = inlen + cipher_block_size + EVP_MAX_IV_LENGTH + max_evp_key_size + size_net_ekl;
// intialize context and send store encrypted cipher in ek
if(!EVP_SealInit(&ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) {
if(!EVP_SealInit(ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) {
free(ek);
return false;
}
@ -1307,7 +1389,7 @@ bool AuthSSLimpl::encrypt(void *&out, int &outlen, const void *in, int inlen,
out_offset += EVP_MAX_IV_LENGTH;
// now encrypt actual data
if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen)) {
if(!EVP_SealUpdate(ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen)) {
free(ek);
free(out);
out = NULL;
@ -1318,7 +1400,7 @@ bool AuthSSLimpl::encrypt(void *&out, int &outlen, const void *in, int inlen,
out_offset += out_currOffset;
// add padding
if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset)) {
if(!EVP_SealFinal(ctx, (unsigned char*) out + out_offset, &out_currOffset)) {
free(ek);
free(out) ;
out = NULL;
@ -1334,7 +1416,7 @@ bool AuthSSLimpl::encrypt(void *&out, int &outlen, const void *in, int inlen,
// free encrypted key data
free(ek);
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
outlen = out_offset;
@ -1358,7 +1440,7 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
// out = malloc(inlen);
// memcpy(out, in, inlen);
// outlen = inlen;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
int eklen = 0, net_ekl = 0;
unsigned char *ek = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
@ -1370,7 +1452,6 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
std::cerr << "(EE) Cannot allocate memory for " << ek_mkl << " bytes in " << __PRETTY_FUNCTION__ << std::endl;
return false ;
}
EVP_CIPHER_CTX_init(&ctx);
int in_offset = 0, out_currOffset = 0;
int size_net_ekl = sizeof(net_ekl);
@ -1402,7 +1483,7 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
const EVP_CIPHER* cipher = EVP_aes_128_cbc();
if(0 == EVP_OpenInit(&ctx, cipher, ek, eklen, iv, mOwnPrivateKey)) {
if(0 == EVP_OpenInit(ctx, cipher, ek, eklen, iv, mOwnPrivateKey)) {
free(ek);
return false;
}
@ -1414,7 +1495,7 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
free(ek) ;
return false ;
}
if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset)) {
if(!EVP_OpenUpdate(ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset)) {
free(ek);
free(out) ;
out = NULL;
@ -1424,7 +1505,7 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
in_offset += out_currOffset;
outlen += out_currOffset;
if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset)) {
if(!EVP_OpenFinal(ctx, (unsigned char*)out + out_currOffset, &out_currOffset)) {
free(ek);
free(out) ;
out = NULL;
@ -1436,7 +1517,7 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
if(ek != NULL)
free(ek);
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSLimpl::decrypt() finished with outlen : " << outlen << std::endl;

29
libretroshare/src/pqi/p3notify.cc
View file

@ -245,8 +245,37 @@ void p3Notify::notifyDownloadComplete (const std::string& fileHash )
void p3Notify::notifyDownloadCompleteCount (uint32_t count ) { FOR_ALL_NOTIFY_CLIENTS (*it)->notifyDownloadCompleteCount (count) ; }
void p3Notify::notifyHistoryChanged (uint32_t msgId , int type) { FOR_ALL_NOTIFY_CLIENTS (*it)->notifyHistoryChanged (msgId,type) ; }
bool p3Notify::cachePgpPassphrase(const std::string& s)
{
clearPgpPassphrase() ;
cached_pgp_passphrase = s ;
std::cerr << "(WW) Caching PGP passphrase." << std::endl;
return true ;
}
bool p3Notify::clearPgpPassphrase()
{
std::cerr << "(WW) Clearing PGP passphrase." << std::endl;
// Just whipe out the memory instead of just releasing it.
for(uint32_t i=0;i<cached_pgp_passphrase.length();++i)
cached_pgp_passphrase[i] = 0 ;
cached_pgp_passphrase.clear();
return true ;
}
bool p3Notify::askForPassword (const std::string& title , const std::string& key_details , bool prev_is_bad , std::string& password,bool *cancelled)
{
if(!prev_is_bad && !cached_pgp_passphrase.empty())
{
password = cached_pgp_passphrase ;
if(cancelled)
*cancelled = false ;
return true ;
}
FOR_ALL_NOTIFY_CLIENTS
if( (*it)->askForPassword(title,key_details,prev_is_bad,password,*cancelled))
return true ;

5
libretroshare/src/pqi/p3notify.h
View file

@ -124,6 +124,9 @@ class p3Notify: public RsNotify
bool askForPassword (const std::string& title, const std::string& /* key_details */, bool /* prev_is_bad */, std::string&, bool *cancelled /* password */ ) ;
bool askForPluginConfirmation (const std::string& /* plugin_filename */, const std::string& /* plugin_file_hash */) ;
virtual bool cachePgpPassphrase (const std::string& /* pgp_passphrase */) ;
virtual bool clearPgpPassphrase () ;
private:
RsMutex noteMtx;
@ -134,6 +137,8 @@ class p3Notify: public RsNotify
std::list<RsFeedItem> pendingNewsFeed;
std::list<NotifyClient*> notifyClients ;
std::string cached_pgp_passphrase ;
};

9
libretroshare/src/pqi/pqissl.cc
View file

@ -361,7 +361,11 @@ void pqissl::getCryptoParams(RsPeerCryptoParams& params)
bool pqissl::actAsServer()
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
return (bool)ssl_connection->server;
#else
return (bool)SSL_is_server(ssl_connection);
#endif
}
/* returns ...
@ -1226,8 +1230,13 @@ int pqissl::Extract_Failed_SSL_Certificate()
RsPeerId sslid ;
getX509id(peercert, sslid) ;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RsPgpId gpgid(getX509CNString(peercert->cert_info->issuer));
std::string sslcn = getX509CNString(peercert->cert_info->subject);
#else
RsPgpId gpgid(getX509CNString(X509_get_issuer_name(peercert)));
std::string sslcn = getX509CNString(X509_get_subject_name(peercert));
#endif
AuthSSL::getAuthSSL()->FailedCertificate(peercert, gpgid,sslid,sslcn,remote_addr, false);
mLinkMgr->notifyDeniedConnection(gpgid, sslid, sslcn, remote_addr, false);

10
libretroshare/src/pqi/pqissllistener.cc
View file

@ -214,7 +214,6 @@ int pqissllistenbase::setuplisten()
if (!mPeerMgr->isHidden()) std::cerr << "Zeroed tmpaddr: " << sockaddr_storage_tostring(tmpaddr) << std::endl;
#endif
exit(1);
return -1;
}
else
@ -494,8 +493,13 @@ int pqissllistenbase::continueSSL(IncomingSSLInfo& incoming_connexion_info, bool
#endif
if(x509 != NULL)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
incoming_connexion_info.gpgid = RsPgpId(std::string(getX509CNString(x509->cert_info->issuer)));
incoming_connexion_info.sslcn = getX509CNString(x509->cert_info->subject);
#else
incoming_connexion_info.gpgid = RsPgpId(std::string(getX509CNString(X509_get_issuer_name(x509))));
incoming_connexion_info.sslcn = getX509CNString(X509_get_subject_name(x509));
#endif
getX509id(x509,incoming_connexion_info.sslid);
@ -888,7 +892,11 @@ int pqissllistener::completeConnection(int fd, IncomingSSLInfo& info)
AuthSSL::getAuthSSL()->CheckCertificate(newPeerId, peercert);
/* now need to get GPG id too */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RsPgpId pgpid(std::string(getX509CNString(peercert->cert_info->issuer)));
#else
RsPgpId pgpid(std::string(getX509CNString(X509_get_issuer_name(peercert))));
#endif
mPeerMgr->addFriend(newPeerId, pgpid);
X509_free(peercert);

151
libretroshare/src/pqi/pqistreamer.cc
View file

@ -26,6 +26,7 @@
#include "pqi/pqistreamer.h"
#include <sys/time.h> // for gettimeofday
#include <stdlib.h> // for free, realloc, exit
#include <string.h> // for memcpy, memset, memcmp
#include <time.h> // for NULL, time, time_t
@ -48,8 +49,10 @@ static struct RsLog::logInfo pqistreamerzoneInfo = {RsLog::Default, "pqistreamer
#define pqistreamerzone &pqistreamerzoneInfo
static const int PQISTREAM_ABS_MAX = 100000000; /* 100 MB/sec (actually per loop) */
static const int PQISTREAM_AVG_PERIOD = 5; // update speed estimate every 5 seconds
static const int PQISTREAM_AVG_PERIOD = 1; // update speed estimate every second
static const float PQISTREAM_AVG_FRAC = 0.8; // for bandpass filter over speed estimate.
static const float PQISTREAM_AVG_DT_FRAC = 0.99; // for low pass filter over elapsed time
static const int PQISTREAM_OPTIMAL_PACKET_SIZE = 512; // It is believed that this value should be lower than TCP slices and large enough as compare to encryption padding.
// most importantly, it should be constant, so as to allow correct QoS.
static const int PQISTREAM_SLICE_FLAG_STARTS = 0x01; //
@ -100,7 +103,8 @@ pqistreamer::pqistreamer(RsSerialiser *rss, const RsPeerId& id, BinInterface *bi
mPkt_wpending(NULL), mPkt_wpending_size(0),
mTotalRead(0), mTotalSent(0),
mCurrRead(0), mCurrSent(0),
mAvgReadCount(0), mAvgSentCount(0)
mAvgReadCount(0), mAvgSentCount(0),
mAvgDtOut(0), mAvgDtIn(0)
{
// 100 B/s (minimal)
@ -114,8 +118,7 @@ pqistreamer::pqistreamer(RsSerialiser *rss, const RsPeerId& id, BinInterface *bi
mAcceptsPacketSlicing = false ; // by default. Will be turned into true when everyone's ready.
mLastSentPacketSlicingProbe = 0 ;
mAvgLastUpdate = time(NULL);
mCurrSentTS = mCurrReadTS = getCurrentTS();
mAvgLastUpdate = mCurrSentTS = mCurrReadTS = getCurrentTS();
mIncomingSize = 0 ;
@ -231,47 +234,46 @@ void pqistreamer::setRate(bool b,float f)
void pqistreamer::updateRates()
{
// now update rates both ways.
// update rates both ways.
time_t t = time(NULL); // get current timestep.
int64_t diff ;
double t = getCurrentTS(); // get current timestamp.
double diff ;
{
RsStackMutex stack(mStreamerMtx); /**** LOCKED MUTEX ****/
{
RsStackMutex stack(mStreamerMtx); /**** LOCKED MUTEX ****/
diff = t - mAvgLastUpdate ;
}
diff = int64_t(t) - int64_t(mAvgLastUpdate) ;
}
if (diff > PQISTREAM_AVG_PERIOD)
{
float avgReadpSec = getRate(true ) * PQISTREAM_AVG_FRAC + (1.0 - PQISTREAM_AVG_FRAC) * mAvgReadCount/(1024.0 * float(diff));
float avgSentpSec = getRate(false) * PQISTREAM_AVG_FRAC + (1.0 - PQISTREAM_AVG_FRAC) * mAvgSentCount/(1024.0 * float(diff));
if (diff > PQISTREAM_AVG_PERIOD)
{
float avgReadpSec = PQISTREAM_AVG_FRAC * getRate(true ) + (1.0 - PQISTREAM_AVG_FRAC) * mAvgReadCount/(1024.0 * diff);
float avgSentpSec = PQISTREAM_AVG_FRAC * getRate(false) + (1.0 - PQISTREAM_AVG_FRAC) * mAvgSentCount/(1024.0 * diff);
#ifdef DEBUG_PQISTREAMER
std::cerr << "Peer " << PeerId() << ": Current speed estimates: " << avgReadpSec << " / " << avgSentpSec << std::endl;
uint64_t t_now = 1000 * getCurrentTS();
std::cerr << std::dec << t_now << " DEBUG_PQISTREAMER pqistreamer::updateRates PeerId " << this->PeerId().toStdString() << " Current speed estimates: down " << std::dec << (int)(1024 * avgReadpSec) << " B/s / up " << (int)(1024 * avgSentpSec) << " B/s" << std::endl;
#endif
/* pretend our rate is zero if we are
* not bandwidthLimited().
*/
if (mBio->bandwidthLimited())
{
setRate(true, avgReadpSec);
setRate(false, avgSentpSec);
}
else
{
std::cerr << "Warning: setting to 0" << std::endl;
setRate(true, 0);
setRate(false, 0);
}
{
RsStackMutex stack(mStreamerMtx); /**** LOCKED MUTEX ****/
mAvgLastUpdate = t;
mAvgReadCount = 0;
mAvgSentCount = 0;
}
}
// now store the new rates, zero meaning that we are not bandwidthLimited()
if (mBio->bandwidthLimited())
{
setRate(true, avgReadpSec);
setRate(false, avgSentpSec);
}
else
{
setRate(true, 0);
setRate(false, 0);
}
{
RsStackMutex stack(mStreamerMtx); /**** LOCKED MUTEX ****/
mAvgLastUpdate = t;
mAvgReadCount = 0;
mAvgSentCount = 0;
}
}
}
int pqistreamer::tick_bio()
@ -1114,12 +1116,11 @@ float pqistreamer::outTimeSlice_locked()
return 1;
}
// very simple.....
int pqistreamer::outAllowedBytes_locked()
{
double t = getCurrentTS() ; // Grabs today's time in sec, with ms accuracy. Allows a much more accurate allocation of bw
double t = getCurrentTS() ; // in sec, with high accuracy
/* allow a lot if not bandwidthLimited */
// allow a lot if not bandwidthLimited()
if (!mBio->bandwidthLimited())
{
mCurrSent = 0;
@ -1127,70 +1128,80 @@ int pqistreamer::outAllowedBytes_locked()
return PQISTREAM_ABS_MAX;
}
double dt = t - mCurrSentTS;
// dt is the time elapsed since the last round of sending data
double dt = t - mCurrSentTS;
// limiter -> for when currSentTs -> 0.
if (dt > 5)
dt = 5;
// ignore cases where dt > 1s
if (dt > 1)
dt = 1;
double maxout = getMaxRate(false) * 1024.0;
// low pass filter on mAvgDtOut
mAvgDtOut = PQISTREAM_AVG_DT_FRAC * mAvgDtOut + (1 - PQISTREAM_AVG_DT_FRAC) * dt;
double maxout = getMaxRate(false) * 1024.0;
mCurrSent -= int(dt * maxout);
// this is used to take into account a possible excess of data sent during the previous round
mCurrSent -= int(dt * maxout);
if (mCurrSent < 0)
mCurrSent = 0;
mCurrSentTS = t;
// now calculate the max amount of data allowed to be sent during the next round
// we limit this quota to what should be sent at most during mAvgDtOut, taking into account the excess of data possibly sent during the previous round
double quota = mAvgDtOut * maxout - mCurrSent;
#ifdef DEBUG_PQISTREAMER
{
std::string out;
rs_sprintf(out, "pqistreamer::outAllowedBytes() is %d/%d", maxout - mCurrSent, maxout);
pqioutput(PQL_DEBUG_ALL, pqistreamerzone, out);
}
uint64_t t_now = 1000 * getCurrentTS();
std::cerr << std::dec << t_now << " DEBUG_PQISTREAMER pqistreamer::outAllowedBytes_locked PeerId " << this->PeerId().toStdString() << " dt " << (int)(1000 * dt) << "ms, mAvgDtOut " << (int)(1000 * mAvgDtOut) << "ms, maxout " << (int)(maxout) << " bytes/s, mCurrSent " << mCurrSent << " bytes, quota " << (int)(quota) << " bytes" << std::endl;
#endif
return maxout - mCurrSent;
return quota;
}
int pqistreamer::inAllowedBytes_locked()
{
double t = getCurrentTS(); // in secs, with a ms accuracy
double t = getCurrentTS(); // in sec, with high accuracy
/* allow a lot if not bandwidthLimited */
// allow a lot if not bandwidthLimited()
if (!mBio->bandwidthLimited())
{
mCurrRead = 0;
mCurrReadTS = t;
mCurrRead = 0;
return PQISTREAM_ABS_MAX;
}
double dt = t - mCurrReadTS;
// dt is the time elapsed since the last round of receiving data
double dt = t - mCurrReadTS;
// limiter -> for when currReadTs -> 0.
if (dt > 5)
dt = 5;
// limit dt to 1s
if (dt > 1)
dt = 1;
double maxin = getMaxRate(true) * 1024.0;
// low pass filter on mAvgDtIn
mAvgDtIn = PQISTREAM_AVG_DT_FRAC * mAvgDtIn + (1 - PQISTREAM_AVG_DT_FRAC) * dt;
mCurrRead -= int(dt * maxin);
double maxin = getMaxRate(true) * 1024.0;
// this is used to take into account a possible excess of data received during the previous round
mCurrRead -= int(dt * maxin);
if (mCurrRead < 0)
mCurrRead = 0;
mCurrReadTS = t;
// now calculate the max amount of data allowed to be received during the next round
// we limit this quota to what should be received at most during mAvgDtOut, taking into account the excess of data possibly received during the previous round
double quota = mAvgDtIn * maxin - mCurrRead;
#ifdef DEBUG_PQISTREAMER
{
std::string out;
rs_sprintf(out, "pqistreamer::inAllowedBytes() is %d/%d", maxin - mCurrRead, maxin);
pqioutput(PQL_DEBUG_ALL, pqistreamerzone, out);
}
uint64_t t_now = 1000 * getCurrentTS();
std::cerr << std::dec << t_now << " DEBUG_PQISTREAMER pqistreamer::inAllowedBytes_locked PeerId " << this->PeerId().toStdString() << " dt " << (int)(1000 * dt) << "ms, mAvgDtIn " << (int)(1000 * mAvgDtIn) << "ms, maxin " << (int)(maxin) << " bytes/s, mCurrRead " << mCurrRead << " bytes, quota " << (int)(quota) << " bytes" << std::endl;
#endif
return maxin - mCurrRead;
return quota;
}

5
libretroshare/src/pqi/pqistreamer.h
View file

@ -162,10 +162,13 @@ class pqistreamer: public PQInterface
double mCurrReadTS; // TS from which these are measured.
double mCurrSentTS;
time_t mAvgLastUpdate; // TS from which these are measured.
double mAvgLastUpdate; // TS from which these are measured.
uint32_t mAvgReadCount;
uint32_t mAvgSentCount;
double mAvgDtOut; // average time diff between 2 rounds of sending data
double mAvgDtIn; // average time diff between 2 rounds of receiving data
time_t mLastIncomingTs;
// traffic statistics

18
libretroshare/src/pqi/sslfns.cc
View file

@ -242,6 +242,7 @@ X509_REQ *GenerateX509Req(
#define SERIAL_RAND_BITS 64
#ifdef UNUSED_CODE
X509 *SignX509Certificate(X509_NAME *issuer, EVP_PKEY *privkey, X509_REQ *req, long days)
{
const EVP_MD *digest = EVP_sha1();
@ -369,6 +370,7 @@ X509 *SignX509Certificate(X509_NAME *issuer, EVP_PKEY *privkey, X509_REQ *req, l
return x509;
}
#endif
/********************************************************************************/
/********************************************************************************/
@ -600,7 +602,14 @@ bool getX509id(X509 *x509, RsPeerId& xid)
}
// get the signature from the cert, and copy to the array.
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ASN1_BIT_STRING *signature = x509->signature;
#else
const ASN1_BIT_STRING *signature = NULL ;
const X509_ALGOR *algor ;
X509_get0_signature(&signature,&algor,x509);
#endif
int signlen = ASN1_STRING_length(signature);
if (signlen < CERTSIGNLEN)
{
@ -612,12 +621,14 @@ bool getX509id(X509 *x509, RsPeerId& xid)
}
// else copy in the first CERTSIGNLEN.
unsigned char *signdata = ASN1_STRING_data(signature);
unsigned char *signdata = ASN1_STRING_data(const_cast<ASN1_BIT_STRING*>(signature));
/* switched to the other end of the signature. for
* more randomness
*/
#warning this is cryptographically horrible. We should do a hash of the public key here!!!
xid = RsPeerId(&signdata[signlen - CERTSIGNLEN]) ;
//for(int i = signlen - CERTSIGNLEN; i < signlen; i++)
@ -689,8 +700,13 @@ int LoadCheckX509(const char *cert_file, RsPgpId& issuerName, std::string &locat
if (valid)
{
// extract the name.
#if OPENSSL_VERSION_NUMBER < 0x10100000L
issuerName = RsPgpId(std::string(getX509CNString(x509->cert_info->issuer)));
location = getX509LocString(x509->cert_info->subject);
#else
issuerName = RsPgpId(std::string(getX509CNString(X509_get_issuer_name(x509))));
location = getX509LocString(X509_get_subject_name(x509));
#endif
}
#ifdef AUTHSSL_DEBUG

3
libretroshare/src/retroshare/rsnotify.h
View file

@ -199,6 +199,9 @@ class RsNotify
virtual bool NotifyLogMessage(uint32_t &sysid, uint32_t &type, std::string &title, std::string &msg) = 0;
virtual bool GetFeedItem(RsFeedItem &item) = 0;
virtual bool cachePgpPassphrase (const std::string& /* pgp_passphrase */) { return false ; }
virtual bool clearPgpPassphrase () { return false ; }
};
class NotifyClient

2
libretroshare/src/rsserver/p3peers.cc
View file

@ -1218,7 +1218,7 @@ bool p3Peers::cleanCertificate(const std::string &certstr, std::string &cleanCer
{
RsCertificate::Format format ;
return RsCertificate::cleanCertificate(certstr,cleanCert,format,error_code) ;
return RsCertificate::cleanCertificate(certstr,cleanCert,format,error_code,true) ;
}
bool p3Peers::saveCertificateToFile(const RsPeerId &id, const std::string &/*fname*/)

3
libretroshare/src/services/p3gxsreputation.cc
View file

@ -1095,9 +1095,8 @@ bool p3GxsReputation::saveList(bool& cleanup, std::list<RsItem*> &savelist)
cleanup = true;
RsStackMutex stack(mReputationMtx); /****** LOCKED MUTEX *******/
#ifdef DEBUG_REPUTATION
std::cerr << "p3GxsReputation::saveList()" << std::endl;
#endif
/* save */
std::map<RsPeerId, ReputationConfig>::iterator it;
for(it = mConfig.begin(); it != mConfig.end(); ++it)

77
libretroshare/src/tcponudp/bss_tou.c
View file

@ -90,7 +90,28 @@ static int clear_tou_socket_error(int s);
#include "tou.h"
#if OPENSSL_VERSION_NUMBER < 0x10100000L
//static void BIO_set_shutdown(BIO *a,int s) { a->shutdown=s; }
static int BIO_get_shutdown(BIO *a) { return a->shutdown; }
static int BIO_get_init(BIO *a) { return a->init; }
static void BIO_set_init(BIO *a,int i) { a->init=i; }
static void BIO_set_data(BIO *a,void *p) { a->ptr = p; }
#else
typedef struct bio_method_st {
int type;
const char *name;
int (*bwrite) (BIO *, const char *, int);
int (*bread) (BIO *, char *, int);
int (*bputs) (BIO *, const char *);
int (*bgets) (BIO *, char *, int);
long (*ctrl) (BIO *, int, long, void *);
int (*create) (BIO *);
int (*destroy) (BIO *);
long (*callback_ctrl) (BIO *, int, bio_info_cb *);
} BIO_METHOD;
#endif
static BIO_METHOD methods_tou_sockp=
{
@ -132,10 +153,10 @@ static int tou_socket_new(BIO *bi)
#ifdef DEBUG_TOU_BIO
fprintf(stderr, "tou_socket_new()\n");
#endif
bi->init=0;
bi->num=0;
bi->ptr=NULL;
bi->flags=0;
BIO_set_init(bi,0) ;
BIO_set_data(bi,NULL) ; // sets bi->ptr
BIO_set_flags(bi,0) ;
BIO_set_fd(bi,0,0) ;
return(1);
}
@ -145,14 +166,15 @@ static int tou_socket_free(BIO *a)
fprintf(stderr, "tou_socket_free()\n");
#endif
if (a == NULL) return(0);
if (a->shutdown)
if(BIO_get_shutdown(a))
{
if (a->init)
if(BIO_get_init(a))
{
tou_close(a->num);
tou_close(BIO_get_fd(a,NULL));
}
a->init=0;
a->flags=0;
BIO_set_init(a,0) ;
BIO_set_flags(a,0) ;
}
return(1);
}
@ -166,13 +188,13 @@ static int tou_socket_read(BIO *b, char *out, int outl)
if (out != NULL)
{
clear_tou_socket_error(b->num);
clear_tou_socket_error(BIO_get_fd(b,NULL));
/* call tou library */
ret=tou_read(b->num,out,outl);
ret=tou_read(BIO_get_fd(b,NULL),out,outl);
BIO_clear_retry_flags(b);
if (ret <= 0)
{
if (BIO_tou_socket_should_retry(b->num, ret))
if (BIO_tou_socket_should_retry(BIO_get_fd(b,NULL), ret))
BIO_set_retry_read(b);
}
}
@ -189,13 +211,13 @@ static int tou_socket_write(BIO *b, const char *in, int inl)
fprintf(stderr, "tou_socket_write(%p,%p,%d)\n",b,in,inl);
#endif
clear_tou_socket_error(b->num);
clear_tou_socket_error(BIO_get_fd(b,NULL));
/* call tou library */
ret=tou_write(b->num,in,inl);
ret=tou_write(BIO_get_fd(b,NULL),in,inl);
BIO_clear_retry_flags(b);
if (ret <= 0)
{
if (BIO_tou_socket_should_retry(b->num,ret))
if (BIO_tou_socket_should_retry(BIO_get_fd(b,NULL),ret))
{
BIO_set_retry_write(b);
#ifdef DEBUG_TOU_BIO
@ -212,11 +234,12 @@ static int tou_socket_write(BIO *b, const char *in, int inl)
static long tou_socket_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret=1;
int *ip;
#ifdef DEBUG_TOU_BIO
fprintf(stderr, "tou_socket_ctrl(%p,%d,%ld)\n", b, cmd, num);
#endif
// We are not allowed to call BIO_set_fd here, because it will trigger a callback, which re-ends here
switch (cmd)
{
case BIO_CTRL_RESET:
@ -230,34 +253,26 @@ static long tou_socket_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_C_SET_FD:
tou_socket_free(b);
b->num= *((int *)ptr);
b->shutdown=(int)num;
b->init=1;
ret = BIO_s_fd()->ctrl(b,cmd,num,ptr) ;
break;
case BIO_C_GET_FD:
if (b->init)
{
ip=(int *)ptr;
if (ip != NULL) *ip=b->num;
ret=b->num;
}
else
ret= -1;
ret = BIO_s_fd()->ctrl(b,cmd,num,ptr) ;
break;
case BIO_CTRL_GET_CLOSE:
ret=b->shutdown;
ret = BIO_s_fd()->ctrl(b,cmd,num,ptr) ;
break;
case BIO_CTRL_SET_CLOSE:
b->shutdown=(int)num;
ret = BIO_s_fd()->ctrl(b,cmd,num,ptr) ;
break;
case BIO_CTRL_PENDING:
ret = tou_maxread(b->num);
ret = tou_maxread(BIO_get_fd(b,NULL));
#ifdef DEBUG_TOU_BIO
fprintf(stderr, "tou_pending = %ld\n", ret);
#endif
break;
case BIO_CTRL_WPENDING:
ret = tou_maxwrite(b->num);
ret = tou_maxwrite(BIO_get_fd(b,NULL));
#ifdef DEBUG_TOU_BIO
fprintf(stderr, "tou_wpending = %ld\n", ret);
#endif

34
libretroshare/src/util/rsaes.cc
View file

@ -52,9 +52,8 @@ bool RsAES::aes_crypt_8_16(const uint8_t *input_data,uint32_t input_data_length,
return false ;
}
EVP_CIPHER_CTX e_ctx ;
EVP_CIPHER_CTX_init(&e_ctx);
EVP_EncryptInit_ex(&e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
EVP_CIPHER_CTX *e_ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
/* max ciphertext len for a n bytes of plaintext is n + AES_BLOCK_SIZE -1 bytes */
int c_len = input_data_length + AES_BLOCK_SIZE ;
@ -62,31 +61,31 @@ bool RsAES::aes_crypt_8_16(const uint8_t *input_data,uint32_t input_data_length,
if(output_data_length < (uint32_t)c_len)
{
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return false ;
}
/* update ciphertext, c_len is filled with the length of ciphertext generated,
*len is the size of plaintext in bytes */
if(!EVP_EncryptUpdate(&e_ctx, output_data, &c_len, input_data, input_data_length))
if(!EVP_EncryptUpdate(e_ctx, output_data, &c_len, input_data, input_data_length))
{
std::cerr << "RsAES: decryption failed at end. Check padding." << std::endl;
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return false ;
}
/* update ciphertext with the final remaining bytes */
if(!EVP_EncryptFinal_ex(&e_ctx, output_data+c_len, &f_len))
if(!EVP_EncryptFinal_ex(e_ctx, output_data+c_len, &f_len))
{
std::cerr << "RsAES: decryption failed at end. Check padding." << std::endl;
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return false ;
}
output_data_length = c_len + f_len;
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return true;
}
@ -108,9 +107,8 @@ bool RsAES::aes_decrypt_8_16(const uint8_t *input_data,uint32_t input_data_lengt
return false ;
}
EVP_CIPHER_CTX e_ctx ;
EVP_CIPHER_CTX_init(&e_ctx);
EVP_DecryptInit_ex(&e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
EVP_CIPHER_CTX *e_ctx = EVP_CIPHER_CTX_new();
EVP_DecryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
/* max ciphertext len for a n bytes of plaintext is n + AES_BLOCK_SIZE -1 bytes */
int c_len = input_data_length + AES_BLOCK_SIZE ;
@ -118,7 +116,7 @@ bool RsAES::aes_decrypt_8_16(const uint8_t *input_data,uint32_t input_data_lengt
if(output_data_length < (uint32_t)c_len)
{
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return false ;
}
@ -127,24 +125,24 @@ bool RsAES::aes_decrypt_8_16(const uint8_t *input_data,uint32_t input_data_lengt
/* update ciphertext, c_len is filled with the length of ciphertext generated,
*len is the size of plaintext in bytes */
if(! EVP_DecryptUpdate(&e_ctx, output_data, &c_len, input_data, input_data_length))
if(! EVP_DecryptUpdate(e_ctx, output_data, &c_len, input_data, input_data_length))
{
std::cerr << "RsAES: decryption failed." << std::endl;
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return false ;
}
/* update ciphertext with the final remaining bytes */
if(!EVP_DecryptFinal_ex(&e_ctx, output_data+c_len, &f_len))
if(!EVP_DecryptFinal_ex(e_ctx, output_data+c_len, &f_len))
{
std::cerr << "RsAES: decryption failed at end. Check padding." << std::endl;
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return false ;
}
output_data_length = c_len + f_len;
EVP_CIPHER_CTX_cleanup(&e_ctx) ;
EVP_CIPHER_CTX_free(e_ctx) ;
return true;
}

16
libretroshare/src/util/rsrecogn.cc
View file

@ -28,6 +28,7 @@
#include "util/rsrecogn.h"
#include "util/radix64.h"
#include "util/rsstring.h"
#include "util/rsdir.h"
#include "gxs/gxssecurity.h"
@ -507,9 +508,23 @@ bool RsRecogn::itemToRadix64(RsItem *item, std::string &radstr)
std::string RsRecogn::getRsaKeyId(RSA *pubkey)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
int len = BN_num_bytes(pubkey -> n);
unsigned char tmp[len];
BN_bn2bin(pubkey -> n, tmp);
#else
const BIGNUM *nn=NULL ;
RSA_get0_key(pubkey,&nn,NULL,NULL) ;
int len = BN_num_bytes(nn);
unsigned char tmp[len];
BN_bn2bin(nn, tmp);
#endif
return RsDirUtil::sha1sum(tmp,len).toStdString();
#ifdef OLD_VERSION_REMOVED
// (cyril) I removed this because this is cryptographically insane, as it allows to easily forge a RSA key with the same ID.
// copy first CERTSIGNLEN bytes...
if (len > CERTSIGNLEN)
@ -524,6 +539,7 @@ std::string RsRecogn::getRsaKeyId(RSA *pubkey)
}
return id;
#endif
}