mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-12-25 01:29:53 +03:00
OpenSSL 1.1 Port.
Some potential problems with Ssl_Init_Async_SendAlert.
This commit is contained in:
parent
e9006faf0c
commit
0746be43a2
@ -165,52 +165,64 @@ typedef struct CB_PARAM
|
||||
} CB_PARAM;
|
||||
|
||||
// Copied from t1_enc.c of OpenSSL
|
||||
#define HMAC_Init_ex(ctx,sec,len,md,impl) HMAC_Init(ctx, sec, len, md)
|
||||
#define HMAC_CTX_cleanup(ctx) HMAC_cleanup(ctx)
|
||||
void Enc_tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
|
||||
const unsigned char *seed, int seed_len, unsigned char *out, int olen)
|
||||
{
|
||||
int chunk,n;
|
||||
unsigned int j;
|
||||
HMAC_CTX ctx;
|
||||
HMAC_CTX ctx_tmp;
|
||||
HMAC_CTX *ctx;
|
||||
HMAC_CTX *ctx_tmp;
|
||||
unsigned char A1[EVP_MAX_MD_SIZE];
|
||||
unsigned int A1_len;
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
ctx = HMAC_CTX_new();
|
||||
ctx_tmp = HMAC_CTX_new();
|
||||
#else
|
||||
HMAC_CTX ctx_;
|
||||
HMAC_CTX ctx_tmp_;
|
||||
ctx = &ctx_;
|
||||
ctx_tmp = &ctx_tmp_;
|
||||
Zero(ctx, sizeof(ctx));
|
||||
Zero(ctx_tmp, sizeof(ctx_tmp));
|
||||
#endif
|
||||
chunk=EVP_MD_size(md);
|
||||
|
||||
Zero(&ctx, sizeof(ctx));
|
||||
Zero(&ctx_tmp, sizeof(ctx_tmp));
|
||||
HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
|
||||
HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
|
||||
HMAC_Update(&ctx,seed,seed_len);
|
||||
HMAC_Final(&ctx,A1,&A1_len);
|
||||
HMAC_Init_ex(ctx,sec,sec_len,md, NULL);
|
||||
HMAC_Init_ex(ctx_tmp,sec,sec_len,md, NULL);
|
||||
HMAC_Update(ctx,seed,seed_len);
|
||||
HMAC_Final(ctx,A1,&A1_len);
|
||||
|
||||
n=0;
|
||||
for (;;)
|
||||
{
|
||||
HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
|
||||
HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
|
||||
HMAC_Update(&ctx,A1,A1_len);
|
||||
HMAC_Update(&ctx_tmp,A1,A1_len);
|
||||
HMAC_Update(&ctx,seed,seed_len);
|
||||
HMAC_Init_ex(ctx,NULL,0,NULL,NULL); /* re-init */
|
||||
HMAC_Init_ex(ctx_tmp,NULL,0,NULL,NULL); /* re-init */
|
||||
HMAC_Update(ctx,A1,A1_len);
|
||||
HMAC_Update(ctx_tmp,A1,A1_len);
|
||||
HMAC_Update(ctx,seed,seed_len);
|
||||
|
||||
if (olen > chunk)
|
||||
{
|
||||
HMAC_Final(&ctx,out,&j);
|
||||
HMAC_Final(ctx,out,&j);
|
||||
out+=j;
|
||||
olen-=j;
|
||||
HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
|
||||
HMAC_Final(ctx_tmp,A1,&A1_len); /* calc the next A1 value */
|
||||
}
|
||||
else /* last one */
|
||||
{
|
||||
HMAC_Final(&ctx,A1,&A1_len);
|
||||
HMAC_Final(ctx,A1,&A1_len);
|
||||
memcpy(out,A1,olen);
|
||||
break;
|
||||
}
|
||||
}
|
||||
HMAC_CTX_cleanup(&ctx);
|
||||
HMAC_CTX_cleanup(&ctx_tmp);
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
HMAC_CTX_free(ctx);
|
||||
HMAC_CTX_free(ctx_tmp);
|
||||
#else
|
||||
HMAC_CTX_cleanup(ctx);
|
||||
HMAC_CTX_cleanup(ctx_tmp);
|
||||
#endif
|
||||
Zero (A1, sizeof(A1));
|
||||
}
|
||||
|
||||
@ -457,7 +469,7 @@ void MdProcess(MD *md, void *dest, void *src, UINT size)
|
||||
return;
|
||||
}
|
||||
|
||||
HMAC_Init(md->Ctx, NULL, 0, NULL);
|
||||
HMAC_Init_ex(md->Ctx, NULL, 0, NULL, NULL);
|
||||
HMAC_Update(md->Ctx, src, size);
|
||||
|
||||
r = 0;
|
||||
@ -473,7 +485,7 @@ void SetMdKey(MD *md, void *key, UINT key_size)
|
||||
return;
|
||||
}
|
||||
|
||||
HMAC_Init(md->Ctx, key, key_size, md->Md);
|
||||
HMAC_Init_ex(md->Ctx, key, key_size, md->Md, NULL);
|
||||
}
|
||||
|
||||
// Creating a message digest object
|
||||
@ -496,8 +508,12 @@ MD *NewMd(char *name)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
m->Ctx = HMAC_CTX_new();
|
||||
#else
|
||||
m->Ctx = ZeroMalloc(sizeof(struct hmac_ctx_st));
|
||||
HMAC_CTX_init(m->Ctx);
|
||||
#endif
|
||||
|
||||
m->Size = EVP_MD_size(m->Md);
|
||||
|
||||
@ -515,8 +531,12 @@ void FreeMd(MD *md)
|
||||
|
||||
if (md->Ctx != NULL)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
HMAC_CTX_free(md->Ctx);
|
||||
#else
|
||||
HMAC_CTX_cleanup(md->Ctx);
|
||||
Free(md->Ctx);
|
||||
#endif
|
||||
}
|
||||
|
||||
Free(md);
|
||||
@ -551,8 +571,12 @@ CIPHER *NewCipher(char *name)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
c->Ctx = EVP_CIPHER_CTX_new();
|
||||
#else
|
||||
c->Ctx = ZeroMalloc(sizeof(struct evp_cipher_ctx_st));
|
||||
EVP_CIPHER_CTX_init(c->Ctx);
|
||||
#endif
|
||||
|
||||
c->BlockSize = EVP_CIPHER_block_size(c->Cipher);
|
||||
c->KeySize = EVP_CIPHER_key_length(c->Cipher);
|
||||
@ -629,8 +653,12 @@ void FreeCipher(CIPHER *c)
|
||||
|
||||
if (c->Ctx != NULL)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
EVP_CIPHER_CTX_free(c->Ctx);
|
||||
#else
|
||||
EVP_CIPHER_CTX_cleanup(c->Ctx);
|
||||
Free(c->Ctx);
|
||||
#endif
|
||||
}
|
||||
|
||||
Free(c);
|
||||
@ -811,6 +839,9 @@ K *RsaBinToPublic(void *data, UINT size)
|
||||
RSA *rsa;
|
||||
K *k;
|
||||
BIO *bio;
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
BIGNUM *e, *n;
|
||||
#endif
|
||||
// Validate arguments
|
||||
if (data == NULL || size < 4)
|
||||
{
|
||||
@ -819,6 +850,14 @@ K *RsaBinToPublic(void *data, UINT size)
|
||||
|
||||
rsa = RSA_new();
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
e = BN_new();
|
||||
BN_set_word(e, RSA_F4);
|
||||
|
||||
n = BinToBigNum(data, size);
|
||||
|
||||
RSA_set0_key(rsa, n, e, NULL);
|
||||
#else
|
||||
if (rsa->e != NULL)
|
||||
{
|
||||
BN_free(rsa->e);
|
||||
@ -833,6 +872,7 @@ K *RsaBinToPublic(void *data, UINT size)
|
||||
}
|
||||
|
||||
rsa->n = BinToBigNum(data, size);
|
||||
#endif
|
||||
|
||||
bio = NewBio();
|
||||
Lock(openssl_lock);
|
||||
@ -853,14 +893,39 @@ K *RsaBinToPublic(void *data, UINT size)
|
||||
BUF *RsaPublicToBuf(K *k)
|
||||
{
|
||||
BUF *b;
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
RSA *rsa;
|
||||
const BIGNUM *n;
|
||||
#endif
|
||||
// Validate arguments
|
||||
if (k == NULL || k->pkey == NULL || k->pkey->pkey.rsa == NULL
|
||||
|| k->pkey->pkey.rsa->n == NULL)
|
||||
if (k == NULL || k->pkey == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
rsa = EVP_PKEY_get0_RSA(k->pkey);
|
||||
if (rsa == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
RSA_get0_key(rsa, &n, NULL, NULL);
|
||||
if (n == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
b = BigNumToBuf(n);
|
||||
#else
|
||||
if (k->pkey->pkey.rsa == NULL || k->pkey->pkey.rsa->n == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
b = BigNumToBuf(k->pkey->pkey.rsa->n);
|
||||
#endif
|
||||
|
||||
if (b == NULL)
|
||||
{
|
||||
return NULL;
|
||||
@ -874,13 +939,12 @@ void RsaPublicToBin(K *k, void *data)
|
||||
{
|
||||
BUF *b;
|
||||
// Validate arguments
|
||||
if (k == NULL || k->pkey == NULL || k->pkey->pkey.rsa == NULL
|
||||
|| k->pkey->pkey.rsa->n == NULL || data == NULL)
|
||||
if (data == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
b = BigNumToBuf(k->pkey->pkey.rsa->n);
|
||||
b = RsaPublicToBuf(k);
|
||||
if (b == NULL)
|
||||
{
|
||||
return;
|
||||
@ -896,14 +960,8 @@ UINT RsaPublicSize(K *k)
|
||||
{
|
||||
BUF *b;
|
||||
UINT ret;
|
||||
// Validate arguments
|
||||
if (k == NULL || k->pkey == NULL || k->pkey->pkey.rsa == NULL
|
||||
|| k->pkey->pkey.rsa->n == NULL)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
b = BigNumToBuf(k->pkey->pkey.rsa->n);
|
||||
b = RsaPublicToBuf(k);
|
||||
if (b == NULL)
|
||||
{
|
||||
return 0;
|
||||
@ -1017,7 +1075,7 @@ BIGNUM *BufToBigNum(BUF *b)
|
||||
}
|
||||
|
||||
// Convert a BIGNUM to a buffer
|
||||
BUF *BigNumToBuf(BIGNUM *bn)
|
||||
BUF *BigNumToBuf(const BIGNUM *bn)
|
||||
{
|
||||
UINT size;
|
||||
UCHAR *tmp;
|
||||
@ -1990,6 +2048,7 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
|
||||
X509_EXTENSION *ex = NULL;
|
||||
X509_EXTENSION *eku = NULL;
|
||||
X509_EXTENSION *busage = NULL;
|
||||
ASN1_INTEGER *s;
|
||||
// Validate arguments
|
||||
if (pub == NULL || name == NULL || ca == NULL)
|
||||
{
|
||||
@ -2052,19 +2111,17 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
|
||||
FreeX509Name(subject_name);
|
||||
|
||||
// Set the Serial Number
|
||||
s = X509_get_serialNumber(x509);
|
||||
OPENSSL_free(s->data);
|
||||
if (serial == NULL)
|
||||
{
|
||||
char zero = 0;
|
||||
ASN1_INTEGER *s = x509->cert_info->serialNumber;
|
||||
OPENSSL_free(s->data);
|
||||
s->data = OPENSSL_malloc(sizeof(char));
|
||||
Copy(s->data, &zero, sizeof(char));
|
||||
s->length = sizeof(char);
|
||||
}
|
||||
else
|
||||
{
|
||||
ASN1_INTEGER *s = x509->cert_info->serialNumber;
|
||||
OPENSSL_free(s->data);
|
||||
s->data = OPENSSL_malloc(serial->size);
|
||||
Copy(s->data, serial->data, serial->size);
|
||||
s->length = serial->size;
|
||||
@ -2117,6 +2174,7 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
|
||||
X509_EXTENSION *ex = NULL;
|
||||
X509_EXTENSION *eku = NULL;
|
||||
X509_EXTENSION *busage = NULL;
|
||||
ASN1_INTEGER *s;
|
||||
// Validate arguments
|
||||
if (pub == NULL || name == NULL || priv == NULL)
|
||||
{
|
||||
@ -2184,19 +2242,17 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
|
||||
FreeX509Name(issuer_name);
|
||||
|
||||
// Set a Serial Number
|
||||
s = X509_get_serialNumber(x509);
|
||||
OPENSSL_free(s->data);
|
||||
if (serial == NULL)
|
||||
{
|
||||
char zero = 0;
|
||||
ASN1_INTEGER *s = x509->cert_info->serialNumber;
|
||||
OPENSSL_free(s->data);
|
||||
s->data = OPENSSL_malloc(sizeof(char));
|
||||
Copy(s->data, &zero, sizeof(char));
|
||||
s->length = sizeof(char);
|
||||
}
|
||||
else
|
||||
{
|
||||
ASN1_INTEGER *s = x509->cert_info->serialNumber;
|
||||
OPENSSL_free(s->data);
|
||||
s->data = OPENSSL_malloc(serial->size);
|
||||
Copy(s->data, serial->data, serial->size);
|
||||
s->length = serial->size;
|
||||
@ -2394,8 +2450,8 @@ void LoadXDates(X *x)
|
||||
return;
|
||||
}
|
||||
|
||||
x->notBefore = Asn1TimeToUINT64(x->x509->cert_info->validity->notBefore);
|
||||
x->notAfter = Asn1TimeToUINT64(x->x509->cert_info->validity->notAfter);
|
||||
x->notBefore = Asn1TimeToUINT64(X509_get0_notBefore(x->x509));
|
||||
x->notAfter = Asn1TimeToUINT64(X509_get0_notAfter(x->x509));
|
||||
}
|
||||
|
||||
// Convert the 64bit system time to ASN1 time
|
||||
@ -2547,6 +2603,7 @@ bool RsaVerify(void *data, UINT data_size, void *sign, K *k)
|
||||
{
|
||||
return RsaVerifyEx(data, data_size, sign, k, 0);
|
||||
}
|
||||
|
||||
bool RsaVerifyEx(void *data, UINT data_size, void *sign, K *k, UINT bits)
|
||||
{
|
||||
UCHAR hash_data[SIGN_HASH_SIZE];
|
||||
@ -2568,7 +2625,7 @@ bool RsaVerifyEx(void *data, UINT data_size, void *sign, K *k, UINT bits)
|
||||
}
|
||||
|
||||
// Decode the signature
|
||||
if (RSA_public_decrypt(bits / 8, sign, decrypt_data, k->pkey->pkey.rsa, RSA_PKCS1_PADDING) <= 0)
|
||||
if (RSA_public_decrypt(bits / 8, sign, decrypt_data, EVP_PKEY_get0_RSA(k->pkey), RSA_PKCS1_PADDING) <= 0)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
@ -2591,7 +2648,7 @@ bool RsaSignEx(void *dst, void *src, UINT size, K *k, UINT bits)
|
||||
{
|
||||
UCHAR hash[SIGN_HASH_SIZE];
|
||||
// Validate arguments
|
||||
if (dst == NULL || src == NULL || k == NULL || k->pkey->type != EVP_PKEY_RSA)
|
||||
if (dst == NULL || src == NULL || k == NULL || EVP_PKEY_base_id(k->pkey) != EVP_PKEY_RSA)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
@ -2609,7 +2666,7 @@ bool RsaSignEx(void *dst, void *src, UINT size, K *k, UINT bits)
|
||||
}
|
||||
|
||||
// Signature
|
||||
if (RSA_private_encrypt(sizeof(hash), hash, dst, k->pkey->pkey.rsa, RSA_PKCS1_PADDING) <= 0)
|
||||
if (RSA_private_encrypt(sizeof(hash), hash, dst, EVP_PKEY_get0_RSA(k->pkey), RSA_PKCS1_PADDING) <= 0)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
@ -2655,7 +2712,7 @@ bool RsaPublicDecrypt(void *dst, void *src, UINT size, K *k)
|
||||
tmp = ZeroMalloc(size);
|
||||
Lock(openssl_lock);
|
||||
{
|
||||
ret = RSA_public_decrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING);
|
||||
ret = RSA_public_decrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING);
|
||||
}
|
||||
Unlock(openssl_lock);
|
||||
if (ret <= 0)
|
||||
@ -2686,7 +2743,7 @@ bool RsaPrivateEncrypt(void *dst, void *src, UINT size, K *k)
|
||||
tmp = ZeroMalloc(size);
|
||||
Lock(openssl_lock);
|
||||
{
|
||||
ret = RSA_private_encrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING);
|
||||
ret = RSA_private_encrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING);
|
||||
}
|
||||
Unlock(openssl_lock);
|
||||
if (ret <= 0)
|
||||
@ -2717,7 +2774,7 @@ bool RsaPrivateDecrypt(void *dst, void *src, UINT size, K *k)
|
||||
tmp = ZeroMalloc(size);
|
||||
Lock(openssl_lock);
|
||||
{
|
||||
ret = RSA_private_decrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING);
|
||||
ret = RSA_private_decrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING);
|
||||
}
|
||||
Unlock(openssl_lock);
|
||||
if (ret <= 0)
|
||||
@ -2745,7 +2802,7 @@ bool RsaPublicEncrypt(void *dst, void *src, UINT size, K *k)
|
||||
tmp = ZeroMalloc(size);
|
||||
Lock(openssl_lock);
|
||||
{
|
||||
ret = RSA_public_encrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING);
|
||||
ret = RSA_public_encrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING);
|
||||
}
|
||||
Unlock(openssl_lock);
|
||||
if (ret <= 0)
|
||||
@ -3923,6 +3980,7 @@ X *X509ToX(X509 *x509)
|
||||
BUF *b;
|
||||
UINT size;
|
||||
UINT type;
|
||||
ASN1_INTEGER *s;
|
||||
// Validate arguments
|
||||
if (x509 == NULL)
|
||||
{
|
||||
@ -3990,8 +4048,8 @@ X *X509ToX(X509 *x509)
|
||||
}
|
||||
|
||||
// Get the Serial Number
|
||||
x->serial = NewXSerial(x509->cert_info->serialNumber->data,
|
||||
x509->cert_info->serialNumber->length);
|
||||
s = X509_get_serialNumber(x509);
|
||||
x->serial = NewXSerial(s->data, s->length);
|
||||
if (x->serial == NULL)
|
||||
{
|
||||
char zero = 0;
|
||||
@ -4008,7 +4066,7 @@ X *X509ToX(X509 *x509)
|
||||
b = KToBuf(k, false, NULL);
|
||||
|
||||
size = b->Size;
|
||||
type = k->pkey->type;
|
||||
type = EVP_PKEY_base_id(k->pkey);
|
||||
|
||||
FreeBuf(b);
|
||||
|
||||
@ -4080,7 +4138,7 @@ BUF *BioToBuf(BIO *bio)
|
||||
}
|
||||
|
||||
BIO_seek(bio, 0);
|
||||
size = bio->num_write;
|
||||
size = BIO_number_written(bio);
|
||||
tmp = Malloc(size);
|
||||
BIO_read(bio, tmp, size);
|
||||
|
||||
@ -4200,7 +4258,7 @@ void InitCryptLibrary()
|
||||
SSL_library_init();
|
||||
//OpenSSL_add_all_algorithms();
|
||||
OpenSSL_add_all_ciphers();
|
||||
SSLeay_add_all_digests();
|
||||
OpenSSL_add_all_digests();
|
||||
ERR_load_crypto_strings();
|
||||
SSL_load_error_strings();
|
||||
|
||||
@ -4989,6 +5047,10 @@ DH_CTX *DhNew(char *prime, UINT g)
|
||||
{
|
||||
DH_CTX *dh;
|
||||
BUF *buf;
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
BIGNUM *dhp, *dhg;
|
||||
const BIGNUM *pub, *priv;
|
||||
#endif
|
||||
// Validate arguments
|
||||
if (prime == NULL || g == 0)
|
||||
{
|
||||
@ -5000,14 +5062,27 @@ DH_CTX *DhNew(char *prime, UINT g)
|
||||
dh = ZeroMalloc(sizeof(DH_CTX));
|
||||
|
||||
dh->dh = DH_new();
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
dhp = BinToBigNum(buf->Buf, buf->Size);
|
||||
dhg = BN_new();
|
||||
BN_set_word(dhg, g);
|
||||
DH_set0_pqg(dh->dh, dhp, NULL, dhg);
|
||||
#else
|
||||
dh->dh->p = BinToBigNum(buf->Buf, buf->Size);
|
||||
dh->dh->g = BN_new();
|
||||
BN_set_word(dh->dh->g, g);
|
||||
#endif
|
||||
|
||||
DH_generate_key(dh->dh);
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
DH_get0_key(dh->dh, &pub, &priv);
|
||||
dh->MyPublicKey = BigNumToBuf(pub);
|
||||
dh->MyPrivateKey = BigNumToBuf(priv);
|
||||
#else
|
||||
dh->MyPublicKey = BigNumToBuf(dh->dh->pub_key);
|
||||
dh->MyPrivateKey = BigNumToBuf(dh->dh->priv_key);
|
||||
#endif
|
||||
|
||||
dh->Size = buf->Size;
|
||||
|
||||
|
@ -228,7 +228,14 @@ void RAND_Free_For_SoftEther();
|
||||
// Macro
|
||||
#define HASHED_DATA(p) (((UCHAR *)p) + 15)
|
||||
|
||||
|
||||
// OpenSSL <1.1 Shims
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
# define EVP_PKEY_get0_RSA(obj) ((obj)->pkey.rsa)
|
||||
# define EVP_PKEY_base_id(pkey) ((pkey)->type)
|
||||
# define X509_get0_notBefore(x509) ((x509)->cert_info->validity->notBefore)
|
||||
# define X509_get0_notAfter(x509) ((x509)->cert_info->validity->notAfter)
|
||||
# define X509_get_serialNumber(x509) ((x509)->cert_info->serialNumber)
|
||||
#endif
|
||||
|
||||
// Crypt context
|
||||
struct CRYPT
|
||||
@ -341,7 +348,7 @@ struct CIPHER
|
||||
struct MD
|
||||
{
|
||||
char Name[MAX_PATH];
|
||||
const struct env_md_st *Md;
|
||||
const struct evp_md_st *Md;
|
||||
struct hmac_ctx_st *Ctx;
|
||||
UINT Size;
|
||||
};
|
||||
@ -461,7 +468,7 @@ void GetAllNameFromName(wchar_t *str, UINT size, NAME *name);
|
||||
void GetAllNameFromNameEx(wchar_t *str, UINT size, NAME *name);
|
||||
void GetAllNameFromXEx(wchar_t *str, UINT size, X *x);
|
||||
void GetAllNameFromXExA(char *str, UINT size, X *x);
|
||||
BUF *BigNumToBuf(BIGNUM *bn);
|
||||
BUF *BigNumToBuf(const BIGNUM *bn);
|
||||
BIGNUM *BinToBigNum(void *data, UINT size);
|
||||
BIGNUM *BufToBigNum(BUF *b);
|
||||
char *BigNumToStr(BIGNUM *bn);
|
||||
|
@ -9429,11 +9429,13 @@ void UnixInitAsyncSocket(SOCK *sock)
|
||||
UnixSetSocketNonBlockingMode(sock->socket, true);
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
if (sock->ssl != NULL && sock->ssl->s3 != NULL)
|
||||
{
|
||||
sock->Ssl_Init_Async_SendAlert[0] = sock->ssl->s3->send_alert[0];
|
||||
sock->Ssl_Init_Async_SendAlert[1] = sock->ssl->s3->send_alert[1];
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
// Initializing the socket library
|
||||
@ -13015,7 +13017,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
|
||||
{
|
||||
if (client_tls == false)
|
||||
{
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv3_method());
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -13381,10 +13383,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
|
||||
e = SSL_get_error(ssl, ret);
|
||||
if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
|
||||
{
|
||||
if (e == SSL_ERROR_SSL &&
|
||||
if (e == SSL_ERROR_SSL
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
&&
|
||||
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
|
||||
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
|
||||
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1])
|
||||
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
|
||||
#endif
|
||||
)
|
||||
{
|
||||
Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
|
||||
Disconnect(sock);
|
||||
@ -13467,10 +13473,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
|
||||
{
|
||||
if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
|
||||
{
|
||||
if (e == SSL_ERROR_SSL &&
|
||||
if (e == SSL_ERROR_SSL
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
&&
|
||||
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
|
||||
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
|
||||
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1])
|
||||
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
|
||||
#endif
|
||||
)
|
||||
{
|
||||
Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
|
||||
Disconnect(sock);
|
||||
|
@ -488,6 +488,7 @@ bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k)
|
||||
RSA *rsa;
|
||||
UCHAR modules[MAX_SIZE], pub[MAX_SIZE], pri[MAX_SIZE], prime1[MAX_SIZE], prime2[MAX_SIZE];
|
||||
UCHAR exp1[MAX_SIZE], exp2[MAX_SIZE], coeff[MAX_SIZE];
|
||||
const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
|
||||
CK_ATTRIBUTE a[] =
|
||||
{
|
||||
{CKA_MODULUS, modules, 0}, // 0
|
||||
@ -536,48 +537,64 @@ bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k)
|
||||
}
|
||||
|
||||
// Numeric data generation
|
||||
rsa = k->pkey->pkey.rsa;
|
||||
rsa = EVP_PKEY_get0_RSA(k->pkey);
|
||||
if (rsa == NULL)
|
||||
{
|
||||
sec->Error = SEC_ERROR_BAD_PARAMETER;
|
||||
return false;
|
||||
}
|
||||
b = BigNumToBuf(rsa->n);
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
RSA_get0_key(rsa, &n, &e, &d);
|
||||
RSA_get0_factors(rsa, &p, &q);
|
||||
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
|
||||
#else
|
||||
rsa->n = n;
|
||||
rsa->e = e;
|
||||
rsa->d = d;
|
||||
rsa->p = p;
|
||||
rsa->q = q;
|
||||
rsa->dmp1 = dmp1;
|
||||
rsa->dmq1 = dmq1;
|
||||
rsa->iqmp = iqmp;
|
||||
#endif
|
||||
|
||||
b = BigNumToBuf(n);
|
||||
ReadBuf(b, modules, sizeof(modules));
|
||||
A_SIZE(a, 0) = b->Size;
|
||||
FreeBuf(b);
|
||||
|
||||
b = BigNumToBuf(rsa->e);
|
||||
b = BigNumToBuf(e);
|
||||
ReadBuf(b, pub, sizeof(pub));
|
||||
A_SIZE(a, 1) = b->Size;
|
||||
FreeBuf(b);
|
||||
|
||||
b = BigNumToBuf(rsa->d);
|
||||
b = BigNumToBuf(d);
|
||||
ReadBuf(b, pri, sizeof(pri));
|
||||
A_SIZE(a, 2) = b->Size;
|
||||
FreeBuf(b);
|
||||
|
||||
b = BigNumToBuf(rsa->p);
|
||||
b = BigNumToBuf(p);
|
||||
ReadBuf(b, prime1, sizeof(prime1));
|
||||
A_SIZE(a, 3) = b->Size;
|
||||
FreeBuf(b);
|
||||
|
||||
b = BigNumToBuf(rsa->q);
|
||||
b = BigNumToBuf(q);
|
||||
ReadBuf(b, prime2, sizeof(prime2));
|
||||
A_SIZE(a, 4) = b->Size;
|
||||
FreeBuf(b);
|
||||
|
||||
b = BigNumToBuf(rsa->dmp1);
|
||||
b = BigNumToBuf(dmp1);
|
||||
ReadBuf(b, exp1, sizeof(exp1));
|
||||
A_SIZE(a, 5) = b->Size;
|
||||
FreeBuf(b);
|
||||
|
||||
b = BigNumToBuf(rsa->dmq1);
|
||||
b = BigNumToBuf(dmq1);
|
||||
ReadBuf(b, exp2, sizeof(exp2));
|
||||
A_SIZE(a, 6) = b->Size;
|
||||
FreeBuf(b);
|
||||
|
||||
b = BigNumToBuf(rsa->iqmp);
|
||||
b = BigNumToBuf(iqmp);
|
||||
ReadBuf(b, coeff, sizeof(coeff));
|
||||
A_SIZE(a, 7) = b->Size;
|
||||
FreeBuf(b);
|
||||
|
Loading…
Reference in New Issue
Block a user