1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
From c842faae63b562acc7d989a9cdc815def9ee2ed6 Mon Sep 17 00:00:00 2001
From: Sven-Haegar Koch <haegar@sdinet.de>
Date: Wed, 2 Nov 2016 23:08:24 +0100
Subject: [PATCH] OpenSSL 1.1.0 compile fix.
---
crypto.c | 53 +++++++++++++++++++++++++++++++++++------------------
1 file changed, 35 insertions(+), 18 deletions(-)
--- a/crypto.c
+++ b/crypto.c
@@ -46,6 +46,10 @@ openssl dgst \
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_PKEY_get0_RSA(a) ((a)->pkey.rsa)
+#endif
+
EVP_PKEY *
crypto_load_key(const char *key, const bool is_private)
{
@@ -80,7 +84,7 @@ crypto_rsa_verify_signature(struct strin
{
int err;
bool retval;
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
EVP_PKEY *pkey;
/* load public key into openssl structure */
@@ -89,15 +93,22 @@ crypto_rsa_verify_signature(struct strin
log_err("crypto_verify_signature: key loading failed\n");
return false;
}
-
+
+ md_ctx = EVP_MD_CTX_create();
+ if (!md_ctx) {
+ log_err("crypto_verify_signature: md_ctx alloc failed\n");
+ return false;
+ }
+
/* Verify the signature */
- if (EVP_VerifyInit(&md_ctx, EVP_sha512()) != 1) {
+ if (EVP_VerifyInit(md_ctx, EVP_sha512()) != 1) {
log_err("crypto_verify_signature: libcrypto verify init failed\n");
+ EVP_MD_CTX_destroy(md_ctx);
EVP_PKEY_free(pkey);
return false;
}
- EVP_VerifyUpdate(&md_ctx, string_get(databuffer), string_length(databuffer));
- err = EVP_VerifyFinal(&md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
+ EVP_VerifyUpdate(md_ctx, string_get(databuffer), string_length(databuffer));
+ err = EVP_VerifyFinal(md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
EVP_PKEY_free(pkey);
if (err != 1) {
@@ -110,7 +121,7 @@ crypto_rsa_verify_signature(struct strin
retval = true;
bailout_ctx_cleanup:
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_MD_CTX_destroy(md_ctx);
//log_info("Signature Verified Ok.\n");
return retval;
@@ -146,7 +157,7 @@ crypto_rsa_decrypt(struct string *cipher
len = RSA_private_decrypt(string_length(ciphertext),
(unsigned char*)string_get(ciphertext),
(unsigned char*)string_get(decrypted),
- pkey->pkey.rsa,
+ EVP_PKEY_get0_RSA(pkey),
RSA_PKCS1_OAEP_PADDING);
if (len >= 0) {
/* TODO: need cleaner way: */
@@ -167,28 +178,33 @@ bool
crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct string *aes_iv, struct string *decrypted)
{
bool retval = false;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
int decryptspace;
int decryptdone;
- EVP_CIPHER_CTX_init(&ctx);
- if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL,
+ ctx = EVP_CIPHER_CTX_new();
+ if (!ctx) {
+ log_err("crypto_aes_decrypt: ctx alloc failed\n");
+ goto bail_out;
+ }
+
+ if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
(unsigned char *)string_get(aes_key),
(unsigned char *)string_get(aes_iv))) {
log_err("crypto_aes_decrypt: init failed\n");
ERR_print_errors_fp(stderr);
goto bail_out;
}
- EVP_CIPHER_CTX_set_padding(&ctx, 1);
+ EVP_CIPHER_CTX_set_padding(ctx, 1);
- if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(&ctx)) {
+ if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(ctx)) {
log_err("crypto_aes_decrypt: invalid key size (%" PRIuPTR " vs expected %d)\n",
- string_length(aes_key), EVP_CIPHER_CTX_key_length(&ctx));
+ string_length(aes_key), EVP_CIPHER_CTX_key_length(ctx));
goto bail_out;
}
- if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(&ctx)) {
+ if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(ctx)) {
log_err("crypto_aes_decrypt: invalid iv size (%" PRIuPTR " vs expected %d)\n",
- string_length(aes_iv), EVP_CIPHER_CTX_iv_length(&ctx));
+ string_length(aes_iv), EVP_CIPHER_CTX_iv_length(ctx));
goto bail_out;
}
@@ -201,7 +217,7 @@ crypto_aes_decrypt(struct string *cipher
goto bail_out;
}
- if (EVP_DecryptUpdate(&ctx, (unsigned char*)string_get(decrypted),
+ if (EVP_DecryptUpdate(ctx, (unsigned char*)string_get(decrypted),
&decryptdone, (unsigned char*)string_get(ciphertext),
string_length(ciphertext))) {
/* TODO: need cleaner way: */
@@ -212,7 +228,7 @@ crypto_aes_decrypt(struct string *cipher
goto bail_out;
}
- if (EVP_DecryptFinal_ex(&ctx,
+ if (EVP_DecryptFinal_ex(ctx,
(unsigned char*)string_get(decrypted)+string_length(decrypted),
&decryptdone)) {
/* TODO: need cleaner way: */
@@ -226,7 +242,8 @@ crypto_aes_decrypt(struct string *cipher
retval = true;
bail_out:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ if (ctx)
+ EVP_CIPHER_CTX_free(ctx);
return retval;
}
|