1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-23 01:49:53 +03:00

Merge pull request #344 from quantum5/openssl1.1

OpenSSL 1.1 Port
This commit is contained in:
Daiyuu Nobori 2017-10-18 16:58:46 +09:00 committed by GitHub
commit acf49ad536
4 changed files with 183 additions and 74 deletions

View File

@ -165,52 +165,64 @@ typedef struct CB_PARAM
} CB_PARAM; } CB_PARAM;
// Copied from t1_enc.c of OpenSSL // Copied from t1_enc.c of OpenSSL
#define HMAC_Init_ex(ctx,sec,len,md,impl) HMAC_Init(ctx, sec, len, md)
#define HMAC_CTX_cleanup(ctx) HMAC_cleanup(ctx)
void Enc_tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, void Enc_tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
const unsigned char *seed, int seed_len, unsigned char *out, int olen) const unsigned char *seed, int seed_len, unsigned char *out, int olen)
{ {
int chunk,n; int chunk,n;
unsigned int j; unsigned int j;
HMAC_CTX ctx; HMAC_CTX *ctx;
HMAC_CTX ctx_tmp; HMAC_CTX *ctx_tmp;
unsigned char A1[EVP_MAX_MD_SIZE]; unsigned char A1[EVP_MAX_MD_SIZE];
unsigned int A1_len; unsigned int A1_len;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
ctx = HMAC_CTX_new();
ctx_tmp = HMAC_CTX_new();
#else
HMAC_CTX ctx_;
HMAC_CTX ctx_tmp_;
ctx = &ctx_;
ctx_tmp = &ctx_tmp_;
Zero(ctx, sizeof(ctx));
Zero(ctx_tmp, sizeof(ctx_tmp));
#endif
chunk=EVP_MD_size(md); chunk=EVP_MD_size(md);
Zero(&ctx, sizeof(ctx)); HMAC_Init_ex(ctx,sec,sec_len,md, NULL);
Zero(&ctx_tmp, sizeof(ctx_tmp)); HMAC_Init_ex(ctx_tmp,sec,sec_len,md, NULL);
HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); HMAC_Update(ctx,seed,seed_len);
HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); HMAC_Final(ctx,A1,&A1_len);
HMAC_Update(&ctx,seed,seed_len);
HMAC_Final(&ctx,A1,&A1_len);
n=0; n=0;
for (;;) for (;;)
{ {
HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ HMAC_Init_ex(ctx,NULL,0,NULL,NULL); /* re-init */
HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */ HMAC_Init_ex(ctx_tmp,NULL,0,NULL,NULL); /* re-init */
HMAC_Update(&ctx,A1,A1_len); HMAC_Update(ctx,A1,A1_len);
HMAC_Update(&ctx_tmp,A1,A1_len); HMAC_Update(ctx_tmp,A1,A1_len);
HMAC_Update(&ctx,seed,seed_len); HMAC_Update(ctx,seed,seed_len);
if (olen > chunk) if (olen > chunk)
{ {
HMAC_Final(&ctx,out,&j); HMAC_Final(ctx,out,&j);
out+=j; out+=j;
olen-=j; olen-=j;
HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */ HMAC_Final(ctx_tmp,A1,&A1_len); /* calc the next A1 value */
} }
else /* last one */ else /* last one */
{ {
HMAC_Final(&ctx,A1,&A1_len); HMAC_Final(ctx,A1,&A1_len);
memcpy(out,A1,olen); memcpy(out,A1,olen);
break; break;
} }
} }
HMAC_CTX_cleanup(&ctx); #if OPENSSL_VERSION_NUMBER >= 0x10100000L
HMAC_CTX_cleanup(&ctx_tmp); HMAC_CTX_free(ctx);
HMAC_CTX_free(ctx_tmp);
#else
HMAC_CTX_cleanup(ctx);
HMAC_CTX_cleanup(ctx_tmp);
#endif
Zero (A1, sizeof(A1)); Zero (A1, sizeof(A1));
} }
@ -542,7 +554,7 @@ void MdProcess(MD *md, void *dest, void *src, UINT size)
return; return;
} }
HMAC_Init(md->Ctx, NULL, 0, NULL); HMAC_Init_ex(md->Ctx, NULL, 0, NULL, NULL);
HMAC_Update(md->Ctx, src, size); HMAC_Update(md->Ctx, src, size);
r = 0; r = 0;
@ -558,7 +570,7 @@ void SetMdKey(MD *md, void *key, UINT key_size)
return; return;
} }
HMAC_Init(md->Ctx, key, key_size, md->Md); HMAC_Init_ex(md->Ctx, key, key_size, md->Md, NULL);
} }
// Creating a message digest object // Creating a message digest object
@ -581,8 +593,12 @@ MD *NewMd(char *name)
return NULL; return NULL;
} }
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
m->Ctx = HMAC_CTX_new();
#else
m->Ctx = ZeroMalloc(sizeof(struct hmac_ctx_st)); m->Ctx = ZeroMalloc(sizeof(struct hmac_ctx_st));
HMAC_CTX_init(m->Ctx); HMAC_CTX_init(m->Ctx);
#endif
m->Size = EVP_MD_size(m->Md); m->Size = EVP_MD_size(m->Md);
@ -600,8 +616,12 @@ void FreeMd(MD *md)
if (md->Ctx != NULL) if (md->Ctx != NULL)
{ {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
HMAC_CTX_free(md->Ctx);
#else
HMAC_CTX_cleanup(md->Ctx); HMAC_CTX_cleanup(md->Ctx);
Free(md->Ctx); Free(md->Ctx);
#endif
} }
Free(md); Free(md);
@ -636,8 +656,12 @@ CIPHER *NewCipher(char *name)
return NULL; return NULL;
} }
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
c->Ctx = EVP_CIPHER_CTX_new();
#else
c->Ctx = ZeroMalloc(sizeof(struct evp_cipher_ctx_st)); c->Ctx = ZeroMalloc(sizeof(struct evp_cipher_ctx_st));
EVP_CIPHER_CTX_init(c->Ctx); EVP_CIPHER_CTX_init(c->Ctx);
#endif
c->BlockSize = EVP_CIPHER_block_size(c->Cipher); c->BlockSize = EVP_CIPHER_block_size(c->Cipher);
c->KeySize = EVP_CIPHER_key_length(c->Cipher); c->KeySize = EVP_CIPHER_key_length(c->Cipher);
@ -714,8 +738,12 @@ void FreeCipher(CIPHER *c)
if (c->Ctx != NULL) if (c->Ctx != NULL)
{ {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
EVP_CIPHER_CTX_free(c->Ctx);
#else
EVP_CIPHER_CTX_cleanup(c->Ctx); EVP_CIPHER_CTX_cleanup(c->Ctx);
Free(c->Ctx); Free(c->Ctx);
#endif
} }
Free(c); Free(c);
@ -896,6 +924,9 @@ K *RsaBinToPublic(void *data, UINT size)
RSA *rsa; RSA *rsa;
K *k; K *k;
BIO *bio; BIO *bio;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
BIGNUM *e, *n;
#endif
// Validate arguments // Validate arguments
if (data == NULL || size < 4) if (data == NULL || size < 4)
{ {
@ -904,6 +935,14 @@ K *RsaBinToPublic(void *data, UINT size)
rsa = RSA_new(); rsa = RSA_new();
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
e = BN_new();
BN_set_word(e, RSA_F4);
n = BinToBigNum(data, size);
RSA_set0_key(rsa, n, e, NULL);
#else
if (rsa->e != NULL) if (rsa->e != NULL)
{ {
BN_free(rsa->e); BN_free(rsa->e);
@ -918,6 +957,7 @@ K *RsaBinToPublic(void *data, UINT size)
} }
rsa->n = BinToBigNum(data, size); rsa->n = BinToBigNum(data, size);
#endif
bio = NewBio(); bio = NewBio();
Lock(openssl_lock); Lock(openssl_lock);
@ -938,14 +978,39 @@ K *RsaBinToPublic(void *data, UINT size)
BUF *RsaPublicToBuf(K *k) BUF *RsaPublicToBuf(K *k)
{ {
BUF *b; BUF *b;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
RSA *rsa;
const BIGNUM *n;
#endif
// Validate arguments // Validate arguments
if (k == NULL || k->pkey == NULL || k->pkey->pkey.rsa == NULL if (k == NULL || k->pkey == NULL)
|| k->pkey->pkey.rsa->n == NULL) {
return NULL;
}
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
rsa = EVP_PKEY_get0_RSA(k->pkey);
if (rsa == NULL)
{
return NULL;
}
RSA_get0_key(rsa, &n, NULL, NULL);
if (n == NULL)
{
return NULL;
}
b = BigNumToBuf(n);
#else
if (k->pkey->pkey.rsa == NULL || k->pkey->pkey.rsa->n == NULL)
{ {
return NULL; return NULL;
} }
b = BigNumToBuf(k->pkey->pkey.rsa->n); b = BigNumToBuf(k->pkey->pkey.rsa->n);
#endif
if (b == NULL) if (b == NULL)
{ {
return NULL; return NULL;
@ -959,13 +1024,12 @@ void RsaPublicToBin(K *k, void *data)
{ {
BUF *b; BUF *b;
// Validate arguments // Validate arguments
if (k == NULL || k->pkey == NULL || k->pkey->pkey.rsa == NULL if (data == NULL)
|| k->pkey->pkey.rsa->n == NULL || data == NULL)
{ {
return; return;
} }
b = BigNumToBuf(k->pkey->pkey.rsa->n); b = RsaPublicToBuf(k);
if (b == NULL) if (b == NULL)
{ {
return; return;
@ -981,14 +1045,8 @@ UINT RsaPublicSize(K *k)
{ {
BUF *b; BUF *b;
UINT ret; UINT ret;
// Validate arguments
if (k == NULL || k->pkey == NULL || k->pkey->pkey.rsa == NULL
|| k->pkey->pkey.rsa->n == NULL)
{
return 0;
}
b = BigNumToBuf(k->pkey->pkey.rsa->n); b = RsaPublicToBuf(k);
if (b == NULL) if (b == NULL)
{ {
return 0; return 0;
@ -1102,7 +1160,7 @@ BIGNUM *BufToBigNum(BUF *b)
} }
// Convert a BIGNUM to a buffer // Convert a BIGNUM to a buffer
BUF *BigNumToBuf(BIGNUM *bn) BUF *BigNumToBuf(const BIGNUM *bn)
{ {
UINT size; UINT size;
UCHAR *tmp; UCHAR *tmp;
@ -2075,6 +2133,7 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
X509_EXTENSION *ex = NULL; X509_EXTENSION *ex = NULL;
X509_EXTENSION *eku = NULL; X509_EXTENSION *eku = NULL;
X509_EXTENSION *busage = NULL; X509_EXTENSION *busage = NULL;
ASN1_INTEGER *s;
// Validate arguments // Validate arguments
if (pub == NULL || name == NULL || ca == NULL) if (pub == NULL || name == NULL || ca == NULL)
{ {
@ -2137,19 +2196,17 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
FreeX509Name(subject_name); FreeX509Name(subject_name);
// Set the Serial Number // Set the Serial Number
s = X509_get_serialNumber(x509);
OPENSSL_free(s->data);
if (serial == NULL) if (serial == NULL)
{ {
char zero = 0; char zero = 0;
ASN1_INTEGER *s = x509->cert_info->serialNumber;
OPENSSL_free(s->data);
s->data = OPENSSL_malloc(sizeof(char)); s->data = OPENSSL_malloc(sizeof(char));
Copy(s->data, &zero, sizeof(char)); Copy(s->data, &zero, sizeof(char));
s->length = sizeof(char); s->length = sizeof(char);
} }
else else
{ {
ASN1_INTEGER *s = x509->cert_info->serialNumber;
OPENSSL_free(s->data);
s->data = OPENSSL_malloc(serial->size); s->data = OPENSSL_malloc(serial->size);
Copy(s->data, serial->data, serial->size); Copy(s->data, serial->data, serial->size);
s->length = serial->size; s->length = serial->size;
@ -2202,6 +2259,7 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
X509_EXTENSION *ex = NULL; X509_EXTENSION *ex = NULL;
X509_EXTENSION *eku = NULL; X509_EXTENSION *eku = NULL;
X509_EXTENSION *busage = NULL; X509_EXTENSION *busage = NULL;
ASN1_INTEGER *s;
// Validate arguments // Validate arguments
if (pub == NULL || name == NULL || priv == NULL) if (pub == NULL || name == NULL || priv == NULL)
{ {
@ -2269,19 +2327,17 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
FreeX509Name(issuer_name); FreeX509Name(issuer_name);
// Set a Serial Number // Set a Serial Number
s = X509_get_serialNumber(x509);
OPENSSL_free(s->data);
if (serial == NULL) if (serial == NULL)
{ {
char zero = 0; char zero = 0;
ASN1_INTEGER *s = x509->cert_info->serialNumber;
OPENSSL_free(s->data);
s->data = OPENSSL_malloc(sizeof(char)); s->data = OPENSSL_malloc(sizeof(char));
Copy(s->data, &zero, sizeof(char)); Copy(s->data, &zero, sizeof(char));
s->length = sizeof(char); s->length = sizeof(char);
} }
else else
{ {
ASN1_INTEGER *s = x509->cert_info->serialNumber;
OPENSSL_free(s->data);
s->data = OPENSSL_malloc(serial->size); s->data = OPENSSL_malloc(serial->size);
Copy(s->data, serial->data, serial->size); Copy(s->data, serial->data, serial->size);
s->length = serial->size; s->length = serial->size;
@ -2479,8 +2535,8 @@ void LoadXDates(X *x)
return; return;
} }
x->notBefore = Asn1TimeToUINT64(x->x509->cert_info->validity->notBefore); x->notBefore = Asn1TimeToUINT64(X509_get0_notBefore(x->x509));
x->notAfter = Asn1TimeToUINT64(x->x509->cert_info->validity->notAfter); x->notAfter = Asn1TimeToUINT64(X509_get0_notAfter(x->x509));
} }
// Convert the 64bit system time to ASN1 time // Convert the 64bit system time to ASN1 time
@ -2632,6 +2688,7 @@ bool RsaVerify(void *data, UINT data_size, void *sign, K *k)
{ {
return RsaVerifyEx(data, data_size, sign, k, 0); return RsaVerifyEx(data, data_size, sign, k, 0);
} }
bool RsaVerifyEx(void *data, UINT data_size, void *sign, K *k, UINT bits) bool RsaVerifyEx(void *data, UINT data_size, void *sign, K *k, UINT bits)
{ {
UCHAR hash_data[SIGN_HASH_SIZE]; UCHAR hash_data[SIGN_HASH_SIZE];
@ -2653,7 +2710,7 @@ bool RsaVerifyEx(void *data, UINT data_size, void *sign, K *k, UINT bits)
} }
// Decode the signature // Decode the signature
if (RSA_public_decrypt(bits / 8, sign, decrypt_data, k->pkey->pkey.rsa, RSA_PKCS1_PADDING) <= 0) if (RSA_public_decrypt(bits / 8, sign, decrypt_data, EVP_PKEY_get0_RSA(k->pkey), RSA_PKCS1_PADDING) <= 0)
{ {
return false; return false;
} }
@ -2676,7 +2733,7 @@ bool RsaSignEx(void *dst, void *src, UINT size, K *k, UINT bits)
{ {
UCHAR hash[SIGN_HASH_SIZE]; UCHAR hash[SIGN_HASH_SIZE];
// Validate arguments // Validate arguments
if (dst == NULL || src == NULL || k == NULL || k->pkey->type != EVP_PKEY_RSA) if (dst == NULL || src == NULL || k == NULL || EVP_PKEY_base_id(k->pkey) != EVP_PKEY_RSA)
{ {
return false; return false;
} }
@ -2694,7 +2751,7 @@ bool RsaSignEx(void *dst, void *src, UINT size, K *k, UINT bits)
} }
// Signature // Signature
if (RSA_private_encrypt(sizeof(hash), hash, dst, k->pkey->pkey.rsa, RSA_PKCS1_PADDING) <= 0) if (RSA_private_encrypt(sizeof(hash), hash, dst, EVP_PKEY_get0_RSA(k->pkey), RSA_PKCS1_PADDING) <= 0)
{ {
return false; return false;
} }
@ -2740,7 +2797,7 @@ bool RsaPublicDecrypt(void *dst, void *src, UINT size, K *k)
tmp = ZeroMalloc(size); tmp = ZeroMalloc(size);
Lock(openssl_lock); Lock(openssl_lock);
{ {
ret = RSA_public_decrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING); ret = RSA_public_decrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING);
} }
Unlock(openssl_lock); Unlock(openssl_lock);
if (ret <= 0) if (ret <= 0)
@ -2771,7 +2828,7 @@ bool RsaPrivateEncrypt(void *dst, void *src, UINT size, K *k)
tmp = ZeroMalloc(size); tmp = ZeroMalloc(size);
Lock(openssl_lock); Lock(openssl_lock);
{ {
ret = RSA_private_encrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING); ret = RSA_private_encrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING);
} }
Unlock(openssl_lock); Unlock(openssl_lock);
if (ret <= 0) if (ret <= 0)
@ -2802,7 +2859,7 @@ bool RsaPrivateDecrypt(void *dst, void *src, UINT size, K *k)
tmp = ZeroMalloc(size); tmp = ZeroMalloc(size);
Lock(openssl_lock); Lock(openssl_lock);
{ {
ret = RSA_private_decrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING); ret = RSA_private_decrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING);
} }
Unlock(openssl_lock); Unlock(openssl_lock);
if (ret <= 0) if (ret <= 0)
@ -2830,7 +2887,7 @@ bool RsaPublicEncrypt(void *dst, void *src, UINT size, K *k)
tmp = ZeroMalloc(size); tmp = ZeroMalloc(size);
Lock(openssl_lock); Lock(openssl_lock);
{ {
ret = RSA_public_encrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING); ret = RSA_public_encrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING);
} }
Unlock(openssl_lock); Unlock(openssl_lock);
if (ret <= 0) if (ret <= 0)
@ -4008,6 +4065,7 @@ X *X509ToX(X509 *x509)
BUF *b; BUF *b;
UINT size; UINT size;
UINT type; UINT type;
ASN1_INTEGER *s;
// Validate arguments // Validate arguments
if (x509 == NULL) if (x509 == NULL)
{ {
@ -4075,8 +4133,8 @@ X *X509ToX(X509 *x509)
} }
// Get the Serial Number // Get the Serial Number
x->serial = NewXSerial(x509->cert_info->serialNumber->data, s = X509_get_serialNumber(x509);
x509->cert_info->serialNumber->length); x->serial = NewXSerial(s->data, s->length);
if (x->serial == NULL) if (x->serial == NULL)
{ {
char zero = 0; char zero = 0;
@ -4093,7 +4151,7 @@ X *X509ToX(X509 *x509)
b = KToBuf(k, false, NULL); b = KToBuf(k, false, NULL);
size = b->Size; size = b->Size;
type = k->pkey->type; type = EVP_PKEY_base_id(k->pkey);
FreeBuf(b); FreeBuf(b);
@ -4173,7 +4231,7 @@ BUF *BioToBuf(BIO *bio)
} }
BIO_seek(bio, 0); BIO_seek(bio, 0);
size = bio->num_write; size = BIO_number_written(bio);
tmp = Malloc(size); tmp = Malloc(size);
BIO_read(bio, tmp, size); BIO_read(bio, tmp, size);
@ -4293,7 +4351,7 @@ void InitCryptLibrary()
SSL_library_init(); SSL_library_init();
//OpenSSL_add_all_algorithms(); //OpenSSL_add_all_algorithms();
OpenSSL_add_all_ciphers(); OpenSSL_add_all_ciphers();
SSLeay_add_all_digests(); OpenSSL_add_all_digests();
ERR_load_crypto_strings(); ERR_load_crypto_strings();
SSL_load_error_strings(); SSL_load_error_strings();
@ -5110,6 +5168,10 @@ DH_CTX *DhNew(char *prime, UINT g)
{ {
DH_CTX *dh; DH_CTX *dh;
BUF *buf; BUF *buf;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
BIGNUM *dhp, *dhg;
const BIGNUM *pub, *priv;
#endif
// Validate arguments // Validate arguments
if (prime == NULL || g == 0) if (prime == NULL || g == 0)
{ {
@ -5121,14 +5183,27 @@ DH_CTX *DhNew(char *prime, UINT g)
dh = ZeroMalloc(sizeof(DH_CTX)); dh = ZeroMalloc(sizeof(DH_CTX));
dh->dh = DH_new(); dh->dh = DH_new();
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
dhp = BinToBigNum(buf->Buf, buf->Size);
dhg = BN_new();
BN_set_word(dhg, g);
DH_set0_pqg(dh->dh, dhp, NULL, dhg);
#else
dh->dh->p = BinToBigNum(buf->Buf, buf->Size); dh->dh->p = BinToBigNum(buf->Buf, buf->Size);
dh->dh->g = BN_new(); dh->dh->g = BN_new();
BN_set_word(dh->dh->g, g); BN_set_word(dh->dh->g, g);
#endif
DH_generate_key(dh->dh); DH_generate_key(dh->dh);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
DH_get0_key(dh->dh, &pub, &priv);
dh->MyPublicKey = BigNumToBuf(pub);
dh->MyPrivateKey = BigNumToBuf(priv);
#else
dh->MyPublicKey = BigNumToBuf(dh->dh->pub_key); dh->MyPublicKey = BigNumToBuf(dh->dh->pub_key);
dh->MyPrivateKey = BigNumToBuf(dh->dh->priv_key); dh->MyPrivateKey = BigNumToBuf(dh->dh->priv_key);
#endif
dh->Size = buf->Size; dh->Size = buf->Size;

View File

@ -236,7 +236,14 @@ void RAND_Free_For_SoftEther();
// Macro // Macro
#define HASHED_DATA(p) (((UCHAR *)p) + 15) #define HASHED_DATA(p) (((UCHAR *)p) + 15)
// OpenSSL <1.1 Shims
#if OPENSSL_VERSION_NUMBER < 0x10100000L
# define EVP_PKEY_get0_RSA(obj) ((obj)->pkey.rsa)
# define EVP_PKEY_base_id(pkey) ((pkey)->type)
# define X509_get0_notBefore(x509) ((x509)->cert_info->validity->notBefore)
# define X509_get0_notAfter(x509) ((x509)->cert_info->validity->notAfter)
# define X509_get_serialNumber(x509) ((x509)->cert_info->serialNumber)
#endif
// Crypt context // Crypt context
struct CRYPT struct CRYPT
@ -351,7 +358,7 @@ struct CIPHER
struct MD struct MD
{ {
char Name[MAX_PATH]; char Name[MAX_PATH];
const struct env_md_st *Md; const struct evp_md_st *Md;
struct hmac_ctx_st *Ctx; struct hmac_ctx_st *Ctx;
UINT Size; UINT Size;
}; };
@ -471,7 +478,7 @@ void GetAllNameFromName(wchar_t *str, UINT size, NAME *name);
void GetAllNameFromNameEx(wchar_t *str, UINT size, NAME *name); void GetAllNameFromNameEx(wchar_t *str, UINT size, NAME *name);
void GetAllNameFromXEx(wchar_t *str, UINT size, X *x); void GetAllNameFromXEx(wchar_t *str, UINT size, X *x);
void GetAllNameFromXExA(char *str, UINT size, X *x); void GetAllNameFromXExA(char *str, UINT size, X *x);
BUF *BigNumToBuf(BIGNUM *bn); BUF *BigNumToBuf(const BIGNUM *bn);
BIGNUM *BinToBigNum(void *data, UINT size); BIGNUM *BinToBigNum(void *data, UINT size);
BIGNUM *BufToBigNum(BUF *b); BIGNUM *BufToBigNum(BUF *b);
char *BigNumToStr(BIGNUM *bn); char *BigNumToStr(BIGNUM *bn);

View File

@ -9429,11 +9429,13 @@ void UnixInitAsyncSocket(SOCK *sock)
UnixSetSocketNonBlockingMode(sock->socket, true); UnixSetSocketNonBlockingMode(sock->socket, true);
} }
#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (sock->ssl != NULL && sock->ssl->s3 != NULL) if (sock->ssl != NULL && sock->ssl->s3 != NULL)
{ {
sock->Ssl_Init_Async_SendAlert[0] = sock->ssl->s3->send_alert[0]; sock->Ssl_Init_Async_SendAlert[0] = sock->ssl->s3->send_alert[0];
sock->Ssl_Init_Async_SendAlert[1] = sock->ssl->s3->send_alert[1]; sock->Ssl_Init_Async_SendAlert[1] = sock->ssl->s3->send_alert[1];
} }
#endif
} }
// Initializing the socket library // Initializing the socket library
@ -13015,7 +13017,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
{ {
if (client_tls == false) if (client_tls == false)
{ {
SSL_CTX_set_ssl_version(ssl_ctx, SSLv3_method()); SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
} }
else else
{ {
@ -13381,10 +13383,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
e = SSL_get_error(ssl, ret); e = SSL_get_error(ssl, ret);
if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL) if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
{ {
if (e == SSL_ERROR_SSL && if (e == SSL_ERROR_SSL
#if OPENSSL_VERSION_NUMBER < 0x10100000L
&&
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL && sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] && sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]) sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
#endif
)
{ {
Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__); Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
Disconnect(sock); Disconnect(sock);
@ -13467,10 +13473,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
{ {
if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL) if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
{ {
if (e == SSL_ERROR_SSL && if (e == SSL_ERROR_SSL
#if OPENSSL_VERSION_NUMBER < 0x10100000L
&&
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL && sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] && sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]) sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
#endif
)
{ {
Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__); Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
Disconnect(sock); Disconnect(sock);

View File

@ -488,6 +488,7 @@ bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k)
RSA *rsa; RSA *rsa;
UCHAR modules[MAX_SIZE], pub[MAX_SIZE], pri[MAX_SIZE], prime1[MAX_SIZE], prime2[MAX_SIZE]; UCHAR modules[MAX_SIZE], pub[MAX_SIZE], pri[MAX_SIZE], prime1[MAX_SIZE], prime2[MAX_SIZE];
UCHAR exp1[MAX_SIZE], exp2[MAX_SIZE], coeff[MAX_SIZE]; UCHAR exp1[MAX_SIZE], exp2[MAX_SIZE], coeff[MAX_SIZE];
const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
CK_ATTRIBUTE a[] = CK_ATTRIBUTE a[] =
{ {
{CKA_MODULUS, modules, 0}, // 0 {CKA_MODULUS, modules, 0}, // 0
@ -536,48 +537,64 @@ bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k)
} }
// Numeric data generation // Numeric data generation
rsa = k->pkey->pkey.rsa; rsa = EVP_PKEY_get0_RSA(k->pkey);
if (rsa == NULL) if (rsa == NULL)
{ {
sec->Error = SEC_ERROR_BAD_PARAMETER; sec->Error = SEC_ERROR_BAD_PARAMETER;
return false; return false;
} }
b = BigNumToBuf(rsa->n);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
RSA_get0_key(rsa, &n, &e, &d);
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
#else
rsa->n = n;
rsa->e = e;
rsa->d = d;
rsa->p = p;
rsa->q = q;
rsa->dmp1 = dmp1;
rsa->dmq1 = dmq1;
rsa->iqmp = iqmp;
#endif
b = BigNumToBuf(n);
ReadBuf(b, modules, sizeof(modules)); ReadBuf(b, modules, sizeof(modules));
A_SIZE(a, 0) = b->Size; A_SIZE(a, 0) = b->Size;
FreeBuf(b); FreeBuf(b);
b = BigNumToBuf(rsa->e); b = BigNumToBuf(e);
ReadBuf(b, pub, sizeof(pub)); ReadBuf(b, pub, sizeof(pub));
A_SIZE(a, 1) = b->Size; A_SIZE(a, 1) = b->Size;
FreeBuf(b); FreeBuf(b);
b = BigNumToBuf(rsa->d); b = BigNumToBuf(d);
ReadBuf(b, pri, sizeof(pri)); ReadBuf(b, pri, sizeof(pri));
A_SIZE(a, 2) = b->Size; A_SIZE(a, 2) = b->Size;
FreeBuf(b); FreeBuf(b);
b = BigNumToBuf(rsa->p); b = BigNumToBuf(p);
ReadBuf(b, prime1, sizeof(prime1)); ReadBuf(b, prime1, sizeof(prime1));
A_SIZE(a, 3) = b->Size; A_SIZE(a, 3) = b->Size;
FreeBuf(b); FreeBuf(b);
b = BigNumToBuf(rsa->q); b = BigNumToBuf(q);
ReadBuf(b, prime2, sizeof(prime2)); ReadBuf(b, prime2, sizeof(prime2));
A_SIZE(a, 4) = b->Size; A_SIZE(a, 4) = b->Size;
FreeBuf(b); FreeBuf(b);
b = BigNumToBuf(rsa->dmp1); b = BigNumToBuf(dmp1);
ReadBuf(b, exp1, sizeof(exp1)); ReadBuf(b, exp1, sizeof(exp1));
A_SIZE(a, 5) = b->Size; A_SIZE(a, 5) = b->Size;
FreeBuf(b); FreeBuf(b);
b = BigNumToBuf(rsa->dmq1); b = BigNumToBuf(dmq1);
ReadBuf(b, exp2, sizeof(exp2)); ReadBuf(b, exp2, sizeof(exp2));
A_SIZE(a, 6) = b->Size; A_SIZE(a, 6) = b->Size;
FreeBuf(b); FreeBuf(b);
b = BigNumToBuf(rsa->iqmp); b = BigNumToBuf(iqmp);
ReadBuf(b, coeff, sizeof(coeff)); ReadBuf(b, coeff, sizeof(coeff));
A_SIZE(a, 7) = b->Size; A_SIZE(a, 7) = b->Size;
FreeBuf(b); FreeBuf(b);