compilation fix for openssl-1.1.0 (gxssecurity+gxstunnel part)

2025-07-31 10:19:24 -04:00 · 2017-02-20 21:44:48 +01:00 · 2017-02-20 21:44:48 +01:00 · c3b49855e0
commit c3b49855e0
parent 5c95b88095
2 changed files with 202 additions and 167 deletions
--- a/libretroshare/src/gxs/gxssecurity.cc
+++ b/libretroshare/src/gxs/gxssecurity.cc
@ -41,10 +41,20 @@ static const uint32_t MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE  = 256 ;
        
 static RsGxsId getRsaKeyFingerprint_old_insecure_method(RSA *pubkey)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
        int lenn = BN_num_bytes(pubkey -> n);

        RsTemporaryMemory tmp(lenn) ;
        BN_bn2bin(pubkey -> n, tmp);
+#else
+        const BIGNUM *nn=NULL,*ee=NULL ;
+        RSA_get0_key(pubkey,&nn,&ee,NULL) ;
+
+        int lenn = BN_num_bytes(nn);
+
+        RsTemporaryMemory tmp(lenn) ;
+        BN_bn2bin(nn, tmp);
+#endif

        // Copy first CERTSIGNLEN bytes from the hash of the public modulus and exponent
 		// We should not be using strings here, but a real ID. To be done later.
@ -55,6 +65,7 @@ static RsGxsId getRsaKeyFingerprint_old_insecure_method(RSA *pubkey)
 }
 static RsGxsId getRsaKeyFingerprint(RSA *pubkey)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
        int lenn = BN_num_bytes(pubkey -> n);
        int lene = BN_num_bytes(pubkey -> e);

@ -62,6 +73,18 @@ static RsGxsId getRsaKeyFingerprint(RSA *pubkey)

        BN_bn2bin(pubkey -> n, tmp);
        BN_bn2bin(pubkey -> e, &tmp[lenn]);
+#else
+        const BIGNUM *nn=NULL,*ee=NULL ;
+        RSA_get0_key(pubkey,&nn,&ee,NULL) ;
+
+        int lenn = BN_num_bytes(nn);
+        int lene = BN_num_bytes(ee);
+
+        RsTemporaryMemory tmp(lenn+lene) ;
+
+        BN_bn2bin(nn, tmp);
+        BN_bn2bin(ee, &tmp[lenn]);
+#endif

 	Sha1CheckSum s = RsDirUtil::sha1sum(tmp,lenn+lene) ;

@ -530,11 +553,10 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
 		return false;
 	}

-	EVP_CIPHER_CTX ctx;
+	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
 	int eklen, net_ekl;
 	unsigned char *ek;
 	unsigned char iv[EVP_MAX_IV_LENGTH];
-	EVP_CIPHER_CTX_init(&ctx);
 	int out_currOffset = 0;
 	int out_offset = 0;

@ -551,7 +573,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
 	int max_outlen = inlen + cipher_block_size + EVP_MAX_IV_LENGTH + max_evp_key_size + size_net_ekl;

 	// intialize context and send store encrypted cipher in ek
-	if(!EVP_SealInit(&ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) return false;
+	if(!EVP_SealInit(ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) return false;

 	// now assign memory to out accounting for data, and cipher block size, key length, and key length val
 	out = (uint8_t*)rs_malloc(inlen + cipher_block_size + size_net_ekl + eklen + EVP_MAX_IV_LENGTH) ;
@ -570,7 +592,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
 	out_offset += EVP_MAX_IV_LENGTH;

 	// now encrypt actual data
-	if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen)) 
+	if(!EVP_SealUpdate(ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen))
 	{
 		free(out) ;
 		out = NULL ;
@ -581,7 +603,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
 	out_offset += out_currOffset;

 	// add padding
-	if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset)) 
+	if(!EVP_SealFinal(ctx, (unsigned char*) out + out_offset, &out_currOffset))
 	{
 		free(out) ;
 		out = NULL ;
@ -602,7 +624,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
 	// free encrypted key data
 	free(ek);

-	EVP_CIPHER_CTX_cleanup(&ctx);
+	EVP_CIPHER_CTX_free(ctx);
    
 	outlen = out_offset;
 	return true;
@ -621,8 +643,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
 	//

 	out = NULL ;
-    EVP_CIPHER_CTX ctx;
-    EVP_CIPHER_CTX_init(&ctx);
+	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
 	std::vector<EVP_PKEY *> public_keys(keys.size(),NULL);

 	try
@ -666,7 +687,7 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
 		int cipher_block_size = EVP_CIPHER_block_size(cipher);

 		// intialize context and send store encrypted cipher in ek
-	if(!EVP_SealInit(&ctx, EVP_aes_128_cbc(), ek.data(), eklen.data(), iv, public_keys.data(), keys.size())) 
+		if(!EVP_SealInit(ctx, EVP_aes_128_cbc(), ek.data(), eklen.data(), iv, public_keys.data(), keys.size()))
 			return false;

 		// now we can release the encryption keys
@ -716,14 +737,14 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u
 		int out_currOffset = 0;

 		// now encrypt actual data
-	if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen)) 
+		if(!EVP_SealUpdate(ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen))
 			throw std::runtime_error("Encryption error in SealUpdate()") ;

 		// move along to partial block space
 		out_offset += out_currOffset;

 		// add padding
-	if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset)) 
+		if(!EVP_SealFinal(ctx, (unsigned char*) out + out_offset, &out_currOffset))
 			throw std::runtime_error("Encryption error in SealFinal()") ;

 		// move to end
@ -741,14 +762,14 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u

 		outlen = out_offset;

-	EVP_CIPHER_CTX_cleanup(&ctx);
+		EVP_CIPHER_CTX_free(ctx);
 		return true;
 	}
 	catch(std::exception& e)
 	{
 		std::cerr << "(EE) Exception caught while encrypting: " << e.what() << std::endl;

-	EVP_CIPHER_CTX_cleanup(&ctx);
+		EVP_CIPHER_CTX_free(ctx);

 		if(out) free(out) ;
 		out = NULL ;
@ -794,7 +815,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
 	}


-    EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    int eklen = 0, net_ekl = 0;
 	unsigned char *ek = (unsigned char*)rs_malloc(EVP_PKEY_size(privateKey));
    
@ -802,7 +823,6 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
        return false ;
    
    unsigned char iv[EVP_MAX_IV_LENGTH];
-    EVP_CIPHER_CTX_init(&ctx);

    int in_offset = 0, out_currOffset = 0;
    int size_net_ekl = sizeof(net_ekl);
@ -827,7 +847,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,

    const EVP_CIPHER* cipher = EVP_aes_128_cbc();

-    if(!EVP_OpenInit(&ctx, cipher, ek, eklen, iv, privateKey)) 
+    if(!EVP_OpenInit(ctx, cipher, ek, eklen, iv, privateKey))
    {
        std::cerr << "(EE) Cannot decrypt data. Most likely reason: private GXS key is missing." << std::endl;
        return false;
@ -843,7 +863,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
    if(out == NULL)
         return false;

-    if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset)) 
+    if(!EVP_OpenUpdate(ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset))
 	 {
         free(out) ;
 		 out = NULL ;
@ -852,7 +872,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,

    outlen = out_currOffset;

-    if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset)) 
+    if(!EVP_OpenFinal(ctx, (unsigned char*)out + out_currOffset, &out_currOffset))
 	 {
         free(out) ;
 		 out = NULL ;
@ -862,7 +882,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
    outlen += out_currOffset;
    free(ek);

-	EVP_CIPHER_CTX_cleanup(&ctx);
+	EVP_CIPHER_CTX_free(ctx);
 	 return true;
 }

@ -879,8 +899,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
 #ifdef DISTRIB_DEBUG
 	std::cerr << "GxsSecurity::decrypt() " << std::endl;
 #endif
-	EVP_CIPHER_CTX ctx;
-	    EVP_CIPHER_CTX_init(&ctx);
+	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    
    try
    {
@ -951,10 +970,10 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,

 		    for(uint32_t i=0;i<number_of_keys && !succeed;++i)
 		    {
-			    succeed = EVP_OpenInit(&ctx, EVP_aes_128_cbc(),in + encrypted_keys_offset + i*MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE , MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE, in+IV_offset, privateKey);
+			    succeed = EVP_OpenInit(ctx, EVP_aes_128_cbc(),in + encrypted_keys_offset + i*MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE , MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE, in+IV_offset, privateKey);

 			if(!succeed)
-					EVP_CIPHER_CTX_cleanup(&ctx);
+					EVP_CIPHER_CTX_free(ctx);
                            
 #ifdef GXS_SECURITY_DEBUG
 			    std::cerr << "    encrypted key at offset " << encrypted_keys_offset + i*MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE << ": " << succeed << std::endl;
@ -978,12 +997,12 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,

 	    int out_currOffset = 0 ;

-	    if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + encrypted_block_offset, encrypted_block_size)) 
+	    if(!EVP_OpenUpdate(ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + encrypted_block_offset, encrypted_block_size))
 		    throw std::runtime_error("Decryption error in EVP_OpenUpdate") ;

 	    outlen = out_currOffset;

-	    if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset)) 
+	    if(!EVP_OpenFinal(ctx, (unsigned char*)out + out_currOffset, &out_currOffset))
 		    throw std::runtime_error("Decryption error in EVP_OpenFinal") ;

 	    outlen += out_currOffset;
@ -991,7 +1010,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
 #ifdef GXS_SECURITY_DEBUG
        	std::cerr << "  successfully decrypted block of size " << outlen << std::endl;
 #endif
-	    EVP_CIPHER_CTX_cleanup(&ctx);
+	    EVP_CIPHER_CTX_free(ctx);
 	    return true;
    }
    catch(std::exception& e)
@ -1007,7 +1026,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
            out = NULL ;
        }
        
-	EVP_CIPHER_CTX_cleanup(&ctx);
+	EVP_CIPHER_CTX_free(ctx);
        return false;
    }
 }
--- a/libretroshare/src/gxstunnel/p3gxstunnel.cc
+++ b/libretroshare/src/gxstunnel/p3gxstunnel.cc
@ -1055,7 +1055,13 @@ bool p3GxsTunnelService::locked_sendDHPublicKey(const DH *dh,const RsGxsId& own_
 	}

 	RsGxsTunnelDHPublicKeyItem *dhitem = new RsGxsTunnelDHPublicKeyItem ;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	dhitem->public_key = BN_dup(dh->pub_key) ;
+#else
+    const BIGNUM *pub_key=NULL ;
+    DH_get0_key(dh,&pub_key,NULL) ;
+	dhitem->public_key = BN_dup(pub_key) ;
+#endif

 	// we should also sign the data and check the signature on the other end.
 	//
@ -1133,8 +1139,18 @@ bool p3GxsTunnelService::locked_initDHSessionKey(DH *& dh)
        return false ;
    }

+#if OPENSSL_VERSION_NUMBER < 0x10100000L
    BN_hex2bn(&dh->p,dh_prime_2048_hex.c_str()) ;
    BN_hex2bn(&dh->g,"5") ;
+#else
+    BIGNUM *pp=NULL ;
+    BIGNUM *gg=NULL ;
+
+    BN_hex2bn(&pp,dh_prime_2048_hex.c_str()) ;
+    BN_hex2bn(&gg,"5") ;
+
+    DH_set0_pqg(dh,pp,NULL,gg) ;
+#endif

    int codes = 0 ;