This is an automated email from the ASF dual-hosted git repository.
dgkimura pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode-native.git
The following commit(s) were added to refs/heads/develop by this push:
new 4d8cd4f GEODE-3093: Update support for OpenSSL 1.1 (#147)
4d8cd4f is described below
commit 4d8cd4fb7aafee457de4e67269bf67cbe084357c
Author: David Kimura <[email protected]>
AuthorDate: Mon Nov 13 07:44:13 2017 -0800
GEODE-3093: Update support for OpenSSL 1.1 (#147)
GEODE-3093: Update support for OpenSSL 1.1
---
cryptoimpl/DHImpl.cpp | 170 ++++++++++++++++++++----------------
dependencies/openssl/CMakeLists.txt | 30 ++-----
dependencies/openssl/patches | 13 ---
dhimpl/DHImpl.cpp | 141 ++++++++++++++++++------------
templates/security/PkcsAuthInit.cpp | 17 ++--
tests/cpp/security/PkcsAuthInit.cpp | 16 ++--
6 files changed, 205 insertions(+), 182 deletions(-)
diff --git a/cryptoimpl/DHImpl.cpp b/cryptoimpl/DHImpl.cpp
index 982e742..1edcce8 100644
--- a/cryptoimpl/DHImpl.cpp
+++ b/cryptoimpl/DHImpl.cpp
@@ -99,27 +99,31 @@ ASN1_SEQUENCE(
dhimpl->m_dh = DH_new();
- LOGDH(" DHInit: P ptr is %p", dhimpl->m_dh->p);
- LOGDH(" DHInit: G ptr is %p", dhimpl->m_dh->g);
- LOGDH(" DHInit: length is %d", dhimpl->m_dh->length);
-
int ret = -1;
- ret = BN_dec2bn(&dhimpl->m_dh->p, dhP);
+ const BIGNUM* pbn,* gbn;
+ DH_get0_pqg(dhimpl->m_dh, &pbn, NULL, &gbn);
+ ret = BN_dec2bn((BIGNUM**)&pbn, dhP);
LOGDH(" DHInit: BN_dec2bn dhP ret %d", ret);
- ret = BN_dec2bn(&dhimpl->m_dh->g, dhG);
+ LOGDH(" DHInit: P ptr is %p", pbn);
+ LOGDH(" DHInit: G ptr is %p", gbn);
+ LOGDH(" DHInit: length is %d", DH_get_length(dhimpl->m_dh));
+
+ ret = BN_dec2bn((BIGNUM**)&gbn, dhG);
LOGDH(" DHInit: BN_dec2bn dhG ret %d", ret);
- dhimpl->m_dh->length = dhL;
+ DH_set_length(dhimpl->m_dh, dhL);
ret = DH_generate_key(dhimpl->m_dh);
LOGDH(" DHInit: DH_generate_key ret %d", ret);
- ret = BN_num_bits(dhimpl->m_dh->priv_key);
+ const BIGNUM* pub_key, *priv_key;
+ DH_get0_key(dhimpl->m_dh, &pub_key, &priv_key);
+ ret = BN_num_bits(priv_key);
LOGDH(" DHInit: BN_num_bits priv_key is %d", ret);
- ret = BN_num_bits(dhimpl->m_dh->pub_key);
+ ret = BN_num_bits(pub_key);
LOGDH(" DHInit: BN_num_bits pub_key is %d", ret);
int codes = 0;
@@ -193,11 +197,14 @@ void gf_clearDhKeys(void *dhCtx) {
unsigned char *gf_getPublicKey(void *dhCtx, int *pLen) {
DHImpl *dhimpl = reinterpret_cast<DHImpl *>(dhCtx);
- if (dhimpl->m_dh->pub_key == NULL || pLen == NULL) {
+ const BIGNUM* pub_key, *priv_key;
+ DH_get0_key(dhimpl->m_dh, &pub_key, &priv_key);
+
+ if (pub_key == NULL || pLen == NULL) {
return NULL;
}
- int numBytes = BN_num_bytes(dhimpl->m_dh->pub_key);
+ int numBytes = BN_num_bytes(pub_key);
if (numBytes <= 0) {
return NULL;
@@ -247,7 +254,11 @@ void gf_setPublicKeyOther(void *dhCtx, const unsigned char
*pubkey,
EVP_PKEY *evppkey = DH_PUBKEY_get(dhpubkey);
LOGDH(" setPubKeyOther: after dhpubkey get evp ptr is %p\n", evppkey);
LOGDH(" setPubKeyOther: before BNdup ptr is %p\n", dhimpl->m_pubKeyOther);
- dhimpl->m_pubKeyOther = BN_dup(evppkey->pkey.dh->pub_key);
+
+ const BIGNUM* pub_key, *priv_key;
+ DH* dh = EVP_PKEY_get1_DH(evppkey);
+ DH_get0_key(dh, &pub_key, &priv_key);
+ dhimpl->m_pubKeyOther = BN_dup(pub_key);
LOGDH(" setPubKeyOther: after BNdup ptr is %p\n", dhimpl->m_pubKeyOther);
EVP_PKEY_free(evppkey);
DH_PUBKEY_free(dhpubkey);
@@ -357,8 +368,7 @@ unsigned char *gf_encryptDH(void *dhCtx, const unsigned
char *cleartext,
unsigned char *ciphertext =
new unsigned char[len + 50]; // give enough room for padding
int outlen, tmplen;
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
int ret = -123;
@@ -367,27 +377,27 @@ unsigned char *gf_encryptDH(void *dhCtx, const unsigned
char *cleartext,
// init openssl cipher context
if (dhimpl->m_skAlgo == "AES") {
int keySize = dhimpl->m_keySize > 128 ? dhimpl->m_keySize / 8 : 16;
- ret = EVP_EncryptInit_ex(&ctx, cipherFunc, NULL,
+ ret = EVP_EncryptInit_ex(ctx, cipherFunc, NULL,
(unsigned char *)dhimpl->m_key,
(unsigned char *)dhimpl->m_key + keySize);
} else if (dhimpl->m_skAlgo == "Blowfish") {
int keySize = dhimpl->m_keySize > 128 ? dhimpl->m_keySize / 8 : 16;
- ret = EVP_EncryptInit_ex(&ctx, cipherFunc, NULL, NULL,
+ ret = EVP_EncryptInit_ex(ctx, cipherFunc, NULL, NULL,
(unsigned char *)dhimpl->m_key + keySize);
LOGDH("DHencrypt: init BF ret %d", ret);
- EVP_CIPHER_CTX_set_key_length(&ctx, keySize);
+ EVP_CIPHER_CTX_set_key_length(ctx, keySize);
LOGDH("DHencrypt: BF keysize is %d", keySize);
- ret = EVP_EncryptInit_ex(&ctx, NULL, NULL, (unsigned char *)dhimpl->m_key,
+ ret = EVP_EncryptInit_ex(ctx, NULL, NULL, (unsigned char *)dhimpl->m_key,
NULL);
} else if (dhimpl->m_skAlgo == "DESede") {
- ret = EVP_EncryptInit_ex(&ctx, cipherFunc, NULL,
+ ret = EVP_EncryptInit_ex(ctx, cipherFunc, NULL,
(unsigned char *)dhimpl->m_key,
(unsigned char *)dhimpl->m_key + 24);
}
LOGDH(" DHencrypt: init ret %d", ret);
- if (!EVP_EncryptUpdate(&ctx, ciphertext, &outlen, cleartext, len)) {
+ if (!EVP_EncryptUpdate(ctx, ciphertext, &outlen, cleartext, len)) {
LOGDH(" DHencrypt: enc update ret NULL");
return NULL;
}
@@ -396,14 +406,14 @@ unsigned char *gf_encryptDH(void *dhCtx, const unsigned
char *cleartext,
*/
tmplen = 0;
- if (!EVP_EncryptFinal_ex(&ctx, ciphertext + outlen, &tmplen)) {
+ if (!EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &tmplen)) {
LOGDH("DHencrypt: enc final ret NULL");
return NULL;
}
outlen += tmplen;
- ret = EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
LOGDH("DHencrypt: in len is %d, out len is %d", len, outlen);
@@ -426,8 +436,7 @@ unsigned char *gf_decryptDH(void *dhCtx, const unsigned
char *cleartext,
unsigned char *ciphertext =
new unsigned char[len + 50]; // give enough room for padding
int outlen, tmplen;
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
int ret = -123;
@@ -436,27 +445,27 @@ unsigned char *gf_decryptDH(void *dhCtx, const unsigned
char *cleartext,
// init openssl cipher context
if (dhimpl->m_skAlgo == "AES") {
int keySize = dhimpl->m_keySize > 128 ? dhimpl->m_keySize / 8 : 16;
- ret = EVP_DecryptInit_ex(&ctx, cipherFunc, NULL,
+ ret = EVP_DecryptInit_ex(ctx, cipherFunc, NULL,
(unsigned char *)dhimpl->m_key,
(unsigned char *)dhimpl->m_key + keySize);
} else if (dhimpl->m_skAlgo == "Blowfish") {
int keySize = dhimpl->m_keySize > 128 ? dhimpl->m_keySize / 8 : 16;
- ret = EVP_DecryptInit_ex(&ctx, cipherFunc, NULL, NULL,
+ ret = EVP_DecryptInit_ex(ctx, cipherFunc, NULL, NULL,
(unsigned char *)dhimpl->m_key + keySize);
LOGDH("DHencrypt: init BF ret %d", ret);
- EVP_CIPHER_CTX_set_key_length(&ctx, keySize);
+ EVP_CIPHER_CTX_set_key_length(ctx, keySize);
LOGDH("DHencrypt: BF keysize is %d", keySize);
- ret = EVP_DecryptInit_ex(&ctx, NULL, NULL, (unsigned char *)dhimpl->m_key,
+ ret = EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *)dhimpl->m_key,
NULL);
} else if (dhimpl->m_skAlgo == "DESede") {
- ret = EVP_DecryptInit_ex(&ctx, cipherFunc, NULL,
+ ret = EVP_DecryptInit_ex(ctx, cipherFunc, NULL,
(unsigned char *)dhimpl->m_key,
(unsigned char *)dhimpl->m_key + 24);
}
LOGDH(" DHencrypt: init ret %d", ret);
- if (!EVP_DecryptUpdate(&ctx, ciphertext, &outlen, cleartext, len)) {
+ if (!EVP_DecryptUpdate(ctx, ciphertext, &outlen, cleartext, len)) {
LOGDH(" DHencrypt: enc update ret NULL");
return NULL;
}
@@ -465,14 +474,14 @@ unsigned char *gf_decryptDH(void *dhCtx, const unsigned
char *cleartext,
*/
tmplen = 0;
- if (!EVP_DecryptFinal_ex(&ctx, ciphertext + outlen, &tmplen)) {
+ if (!EVP_DecryptFinal_ex(ctx, ciphertext + outlen, &tmplen)) {
LOGDH("DHencrypt: enc final ret NULL");
return NULL;
}
outlen += tmplen;
- ret = EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
LOGDH("DHencrypt: in len is %d, out len is %d", len, outlen);
@@ -523,25 +532,21 @@ bool gf_verifyDH(void *dhCtx, const char *subject,
return false;
}
- int rsalen ATTR_UNUSED = RSA_size(evpkey->pkey.rsa);
+ RSA* dh = EVP_PKEY_get1_RSA(evpkey);
- LOGDH("Challenge response length is %d, rsalen is %d\n", responseLen,
rsalen);
-
- if (cert->sig_alg->algorithm != NULL) {
- LOGDH("algo %s -- %s \n", cert->sig_alg->algorithm->sn,
- cert->sig_alg->algorithm->ln);
- } else {
+ const ASN1_OBJECT *macobj;
+ const X509_ALGOR *algorithm;
+ X509_ALGOR_get0(&macobj, NULL, NULL, algorithm);
+ if (algorithm == NULL) {
LOGDH("algo is null \n");
}
- LOGDH("after algo name in DHimp = %s\n", cert->name);
- const EVP_MD *signatureDigest =
EVP_get_digestbyobj(cert->sig_alg->algorithm);
+ const EVP_MD *signatureDigest = EVP_get_digestbyobj(macobj);
LOGDH("after EVP_get_digestbyobj : err(%d): %s", ERR_get_error(),
ERR_error_string(ERR_get_error(), NULL));
- EVP_MD_CTX signatureCtx;
- EVP_MD_CTX_init(&signatureCtx);
+ EVP_MD_CTX* signatureCtx = EVP_MD_CTX_new();
- int result1 = EVP_VerifyInit_ex(&signatureCtx, signatureDigest, NULL);
+ int result1 = EVP_VerifyInit_ex(signatureCtx, signatureDigest, NULL);
LOGDH("after EVP_VerifyInit_ex ret %d : err(%d): %s", result1,
ERR_get_error(), ERR_error_string(ERR_get_error(), NULL));
LOGDH(" Result of VerifyInit is %s \n", ERR_lib_error_string(result1));
@@ -550,15 +555,15 @@ bool gf_verifyDH(void *dhCtx, const char *subject,
LOGDH(" Result of VerifyInit is %d", result1);
- int result2 = EVP_VerifyUpdate(&signatureCtx, challenge, challengeLen);
+ int result2 = EVP_VerifyUpdate(signatureCtx, challenge, challengeLen);
LOGDH(" Result of VerifyUpdate is %d", result2);
- int result3 = EVP_VerifyFinal(&signatureCtx, response, responseLen, evpkey);
+ int result3 = EVP_VerifyFinal(signatureCtx, response, responseLen, evpkey);
LOGDH(" Result of VerifyFinal is %d", result3);
bool result = (result1 == 1 && result2 == 1 && result3 == 1);
- EVP_MD_CTX_cleanup(&signatureCtx);
+ EVP_MD_CTX_free(signatureCtx);
if (result == false) {
*reason = DH_ERR_INVALID_SIGN;
@@ -574,21 +579,22 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
unsigned char *s, *p = NULL;
int i;
ASN1_INTEGER *asn1int = NULL;
+ DH *dh = EVP_PKEY_get1_DH(pkey);
if (x == NULL) return (0);
if ((pk = DH_PUBKEY_new()) == NULL) goto err;
a = pk->algor;
- LOGDH(" key type for OBJ NID is %d", pkey->type);
+ LOGDH(" key type for OBJ NID is %d", EVP_PKEY_base_id(pkey));
/* set the algorithm id */
- if ((o = OBJ_nid2obj(pkey->type)) == NULL) goto err;
+ if ((o = OBJ_nid2obj(EVP_PKEY_base_id(pkey))) == NULL) goto err;
ASN1_OBJECT_free(a->algorithm);
a->algorithm = o;
/* Set the parameter list */
- if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) {
+ if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) {
if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) {
ASN1_TYPE_free(a->parameter);
if (!(a->parameter = ASN1_TYPE_new())) {
@@ -597,11 +603,8 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
}
a->parameter->type = V_ASN1_NULL;
}
- } else if (pkey->type == EVP_PKEY_DH) {
+ } else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_DH) {
unsigned char *pp;
- DH *dh;
-
- dh = pkey->pkey.dh;
ASN1_TYPE_free(a->parameter);
if ((i = i2d_DHparams(dh, NULL)) <= 0) goto err;
if (!(p = reinterpret_cast<unsigned char *>(OPENSSL_malloc(i)))) {
@@ -632,7 +635,10 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
goto err;
}
- asn1int = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
+ const BIGNUM* pub_key, *priv_key;
+ DH_get0_key(dh, &pub_key, &priv_key);
+
+ asn1int = BN_to_ASN1_INTEGER(pub_key, NULL);
if ((i = i2d_ASN1_INTEGER(asn1int, NULL)) <= 0) goto err;
if ((s = reinterpret_cast<unsigned char *>(OPENSSL_malloc(i + 1))) == NULL) {
X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
@@ -640,7 +646,7 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
}
p = s;
i2d_ASN1_INTEGER(asn1int, &p);
- if (!M_ASN1_BIT_STRING_set(pk->public_key, s, i)) {
+ if (!ASN1_BIT_STRING_set((ASN1_STRING*)pk->public_key, s, i)) {
X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -670,42 +676,57 @@ EVP_PKEY *DH_PUBKEY_get(DH_PUBKEY *key) {
X509_ALGOR *a;
ASN1_INTEGER *asn1int = NULL;
- if (key == NULL) goto err;
+ if (key == NULL) {
+ if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+ if (ret != NULL) EVP_PKEY_free(ret);
+ return (NULL);
+ }
if (key->pkey != NULL) {
- CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(key->pkey);
return (key->pkey);
}
- if (key->public_key == NULL) goto err;
+ if (key->public_key == NULL) {
+ if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+ if (ret != NULL) EVP_PKEY_free(ret);
+ return (NULL);
+ }
type = OBJ_obj2nid(key->algor->algorithm);
LOGDH("DHPUBKEY type is %d", type);
if ((ret = EVP_PKEY_new()) == NULL) {
- X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
- goto err;
+ X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
+ if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+ if (ret != NULL) EVP_PKEY_free(ret);
+ return (NULL);
}
- ret->type = EVP_PKEY_type(type);
- LOGDH(" DHPUBKEY evppkey type is %d", ret->type);
+ LOGDH(" DHPUBKEY evppkey type is %d", EVP_PKEY_base_id(ret));
/* the parameters must be extracted before the public key */
a = key->algor;
- if (ret->type == EVP_PKEY_DH) {
+ if (EVP_PKEY_base_id(ret) == EVP_PKEY_DH) {
if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) {
- if ((ret->pkey.dh = DH_new()) == NULL) {
- X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
- goto err;
+ if ((EVP_PKEY_set1_DH(ret, DH_new())) == 0) {
+ X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
+ if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+ if (ret != NULL) EVP_PKEY_free(ret);
+ return (NULL);
}
cp = p = a->parameter->value.sequence->data;
j = a->parameter->value.sequence->length;
- if (!d2i_DHparams(&ret->pkey.dh, &cp, j)) goto err;
+ DH* dh = EVP_PKEY_get1_DH(ret);
+ if (!d2i_DHparams(&dh, &cp, j)) {
+ if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+ if (ret != NULL) EVP_PKEY_free(ret);
+ return (NULL);
+ }
}
- ret->save_parameters = 1;
}
p = key->public_key->data;
@@ -714,16 +735,13 @@ EVP_PKEY *DH_PUBKEY_get(DH_PUBKEY *key) {
asn1int = d2i_ASN1_INTEGER(NULL, &p, j);
LOGDH("after d2i asn1 integer ptr is %p", asn1int);
- ret->pkey.dh->pub_key = ASN1_INTEGER_to_BN(asn1int, NULL);
- LOGDH(" after asn1int to bn ptr is %p", ret->pkey.dh->pub_key);
+ DH* dh = EVP_PKEY_get1_DH(ret);
+ DH_set0_key(dh, ASN1_INTEGER_to_BN(asn1int, NULL), NULL);
+ //LOGDH(" after asn1int to bn ptr is %p", ret->pkey.dh->pub_key);
key->pkey = ret;
- CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(ret);
if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
return (ret);
-err:
- if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
- if (ret != NULL) EVP_PKEY_free(ret);
- return (NULL);
}
diff --git a/dependencies/openssl/CMakeLists.txt
b/dependencies/openssl/CMakeLists.txt
index 33d80d8..2323337 100644
--- a/dependencies/openssl/CMakeLists.txt
+++ b/dependencies/openssl/CMakeLists.txt
@@ -15,8 +15,8 @@
project( openssl C )
-set( ${PROJECT_NAME}_VERSION 1.0.2l )
-set( ${PROJECT_NAME}_SHA265
ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c )
+set( ${PROJECT_NAME}_VERSION 1.1.0 )
+set( ${PROJECT_NAME}_SHA265
f5c69ff9ac1472c80b868efc1c1c0d8dcfc746d29ebe563de2365dd56dbd8c82 )
set( ${PROJECT_NAME}_URL
"https://www.openssl.org/source/openssl-${${PROJECT_NAME}_VERSION}.tar.gz"; )
set( ${PROJECT_NAME}_EXTERN ${PROJECT_NAME}-extern )
@@ -49,11 +49,9 @@ elseif ("Darwin" STREQUAL ${CMAKE_SYSTEM_NAME})
set( openssl_PLATFORM darwin64-x86_64-cc )
elseif ("Windows" STREQUAL ${CMAKE_SYSTEM_NAME})
if (64 EQUAL ${BUILD_BITS})
- set( openssl_PLATFORM $<$<CONFIG:Debug>:debug->VC-WIN64A )
- set( openssl_WINDOWS_CMD cmd /c ms\\do_win64a)
+ set( openssl_PLATFORM $<$<CONFIG:Debug>:debug->VC-WIN64A no-asm )
else()
set( openssl_PLATFORM $<$<CONFIG:Debug>:debug->VC-WIN32 no-asm)
- set( openssl_WINDOWS_CMD cmd /c ms\\do_ms)
endif()
endif()
@@ -63,9 +61,9 @@ endif()
if (${WIN32})
# Keeps separate release/debug objects in build script
- set ( _CONFIGURE_COMMAND ${PERL} Configure
--prefix=<INSTALL_DIR>/${_DEBUG_OR_RELEASE} ${openssl_CONFIGURE_FLAGS}
${openssl_PLATFORM} COMMAND ${openssl_WINDOWS_CMD})
- set ( _BUILD_COMMAND nmake /f ms\\ntdll.mak )
- set ( _INSTALL_COMMAND nmake /f ms\\ntdll.mak install )
+ set ( _CONFIGURE_COMMAND ${PERL} Configure ${openssl_PLATFORM}
--prefix=<INSTALL_DIR>/${_DEBUG_OR_RELEASE}
--openssldir=<INSTALL_DIR>/${_DEBUG_OR_RELEASE} ${openssl_CONFIGURE_FLAGS} )
+ set ( _BUILD_COMMAND nmake )
+ set ( _INSTALL_COMMAND nmake install )
else()
# TODO Configure trips up without MAKE
set ( _CONFIGURE_COMMAND MAKE=$(MAKE) ./Configure threads zlib shared
--prefix=<INSTALL_DIR>/${_DEBUG_OR_RELEASE} ${openssl_CONFIGURE_FLAGS}
${openssl_PLATFORM} )
@@ -92,26 +90,14 @@ set( ${PROJECT_NAME}_INSTALL_DIR
${INSTALL_DIR}/${_DEBUG_OR_RELEASE} )
set( DEPENDENCIES_${PROJECT_NAME}_DIR ${${PROJECT_NAME}_INSTALL_DIR}
PARENT_SCOPE)
if (${WIN32})
- set( CRYPTO_NAME libeay32 )
- set( SSL_NAME ssleay32 )
+ set( CRYPTO_NAME libcrypto )
+ set( SSL_NAME libssl )
else()
set( CRYPTO_NAME crypto )
set( SSL_NAME ssl )
set( CMAKE_LINK_LIBRARY_SUFFIX ${CMAKE_SHARED_LIBRARY_SUFFIX})
endif()
-if ("SunOS" STREQUAL ${CMAKE_SYSTEM_NAME})
-ExternalProject_Add_Step( ${${PROJECT_NAME}_EXTERN} patches
- BYPRODUCTS ${${PROJECT_NAME}_SOURCE_DIR}/Configure
- ALWAYS 0
- DEPENDEES download
- DEPENDERS patch
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/patches
- WORKING_DIRECTORY ${${PROJECT_NAME}_SOURCE_DIR}
- COMMAND ${PATCH} -u -N -p1 < ${CMAKE_CURRENT_SOURCE_DIR}/patches
-)
-endif()
-
add_library(ssl INTERFACE)
target_include_directories(ssl INTERFACE
$<BUILD_INTERFACE:${${PROJECT_NAME}_INSTALL_DIR}/include>
diff --git a/dependencies/openssl/patches b/dependencies/openssl/patches
deleted file mode 100644
index 2e1a656..0000000
--- a/dependencies/openssl/patches
+++ /dev/null
@@ -1,13 +0,0 @@
-diff -ru a/Configure b/Configure
---- a/Configure 2015-12-03 06:48:58.000000000 -0800
-+++ b/Configure 2015-12-17 04:11:33.900916627 -0800
-@@ -255,7 +255,7 @@
-
- #### Solaris x86 with Sun C setups
- "solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket
-lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL
BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z
text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa
-DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK
DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G
-dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-+"solaris64-x86_64-cc","cc:-fast -m64 -xchip=generic -xstrconst -Xa
-DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK
DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z
text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-
- #### SPARC Solaris with GNU C setups
- "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN
-DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK
DES_UNROLL
BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
diff --git a/dhimpl/DHImpl.cpp b/dhimpl/DHImpl.cpp
index c86e618..cd49cd5 100644
--- a/dhimpl/DHImpl.cpp
+++ b/dhimpl/DHImpl.cpp
@@ -88,27 +88,32 @@ ASN1_SEQUENCE(
m_dh = DH_new();
- LOGDH(" DHInit: P ptr is %p", m_dh->p);
- LOGDH(" DHInit: G ptr is %p", m_dh->g);
- LOGDH(" DHInit: length is %d", m_dh->length);
-
int ret = -1;
- ret = BN_dec2bn(&m_dh->p, dhP);
+ const BIGNUM* pbn,* gbn;
+ DH_get0_pqg(m_dh, &pbn, NULL, &gbn);
+ ret = BN_dec2bn((BIGNUM**)&pbn, dhP);
LOGDH(" DHInit: BN_dec2bn dhP ret %d", ret);
- ret = BN_dec2bn(&m_dh->g, dhG);
+ LOGDH(" DHInit: P ptr is %p", pbn);
+ LOGDH(" DHInit: G ptr is %p", gbn);
+ LOGDH(" DHInit: length is %d", DH_get_length(m_dh));
+
+ ret = BN_dec2bn((BIGNUM**)&gbn, dhP);
LOGDH(" DHInit: BN_dec2bn dhG ret %d", ret);
- m_dh->length = dhL;
+ DH_set_length(m_dh, dhL);
ret = DH_generate_key(m_dh);
LOGDH(" DHInit: DH_generate_key ret %d", ret);
- ret = BN_num_bits(m_dh->priv_key);
+ const BIGNUM* pub_key, *priv_key;
+ DH_get0_key(m_dh, &pub_key, &priv_key);
+
+ ret = BN_num_bits(priv_key);
LOGDH(" DHInit: BN_num_bits priv_key is %d", ret);
- ret = BN_num_bits(m_dh->pub_key);
+ ret = BN_num_bits(pub_key);
LOGDH(" DHInit: BN_num_bits pub_key is %d", ret);
int codes = 0;
@@ -177,11 +182,14 @@ void gf_clearDhKeys(void) {
}
unsigned char *gf_getPublicKey(int *pLen) {
- if (m_dh->pub_key == NULL || pLen == NULL) {
+ const BIGNUM* pub_key, *priv_key;
+ DH_get0_key(m_dh, &pub_key, &priv_key);
+
+ if (pub_key == NULL || pLen == NULL) {
return NULL;
}
- int numBytes = BN_num_bytes(m_dh->pub_key);
+ int numBytes = BN_num_bytes(pub_key);
if (numBytes <= 0) {
return NULL;
@@ -228,7 +236,11 @@ void gf_setPublicKeyOther(const unsigned char *pubkey, int
length) {
EVP_PKEY *evppkey = DH_PUBKEY_get(dhpubkey);
LOGDH(" setPubKeyOther: after dhpubkey get evp ptr is %p", evppkey);
LOGDH(" setPubKeyOther: before BNdup ptr is %p", m_pubKeyOther);
- m_pubKeyOther = BN_dup(evppkey->pkey.dh->pub_key);
+
+ const BIGNUM* pub_key, *priv_key;
+ DH* dh = EVP_PKEY_get1_DH(evppkey);
+ DH_get0_key(dh, &pub_key, &priv_key);
+ m_pubKeyOther = BN_dup(pub_key);
LOGDH(" setPubKeyOther: after BNdup ptr is %p", m_pubKeyOther);
EVP_PKEY_free(evppkey);
DH_PUBKEY_free(dhpubkey);
@@ -335,8 +347,7 @@ unsigned char *gf_encryptDH(const unsigned char *cleartext,
int len,
unsigned char *ciphertext =
new unsigned char[len + 50]; // give enough room for padding
int outlen, tmplen;
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
+ EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
int ret = -123;
@@ -345,24 +356,24 @@ unsigned char *gf_encryptDH(const unsigned char
*cleartext, int len,
// init openssl cipher context
if (m_skAlgo == "AES") {
int keySize = m_keySize > 128 ? m_keySize / 8 : 16;
- ret = EVP_EncryptInit_ex(&ctx, cipherFunc, NULL, (unsigned char *)m_key,
+ ret = EVP_EncryptInit_ex(ctx, cipherFunc, NULL, (unsigned char *)m_key,
(unsigned char *)m_key + keySize);
} else if (m_skAlgo == "Blowfish") {
int keySize = m_keySize > 128 ? m_keySize / 8 : 16;
- ret = EVP_EncryptInit_ex(&ctx, cipherFunc, NULL, NULL,
+ ret = EVP_EncryptInit_ex(ctx, cipherFunc, NULL, NULL,
(unsigned char *)m_key + keySize);
LOGDH("DHencrypt: init BF ret %d", ret);
- EVP_CIPHER_CTX_set_key_length(&ctx, keySize);
+ EVP_CIPHER_CTX_set_key_length(ctx, keySize);
LOGDH("DHencrypt: BF keysize is %d", keySize);
- ret = EVP_EncryptInit_ex(&ctx, NULL, NULL, (unsigned char *)m_key, NULL);
+ ret = EVP_EncryptInit_ex(ctx, NULL, NULL, (unsigned char *)m_key, NULL);
} else if (m_skAlgo == "DESede") {
- ret = EVP_EncryptInit_ex(&ctx, cipherFunc, NULL, (unsigned char *)m_key,
+ ret = EVP_EncryptInit_ex(ctx, cipherFunc, NULL, (unsigned char *)m_key,
(unsigned char *)m_key + 24);
}
LOGDH(" DHencrypt: init ret %d", ret);
- if (!EVP_EncryptUpdate(&ctx, ciphertext, &outlen, cleartext, len)) {
+ if (!EVP_EncryptUpdate(ctx, ciphertext, &outlen, cleartext, len)) {
LOGDH(" DHencrypt: enc update ret NULL");
return NULL;
}
@@ -371,14 +382,14 @@ unsigned char *gf_encryptDH(const unsigned char
*cleartext, int len,
*/
tmplen = 0;
- if (!EVP_EncryptFinal_ex(&ctx, ciphertext + outlen, &tmplen)) {
+ if (!EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &tmplen)) {
LOGDH("DHencrypt: enc final ret NULL");
return NULL;
}
outlen += tmplen;
- ret = EVP_CIPHER_CTX_cleanup(&ctx);
+ ret = EVP_CIPHER_CTX_cleanup(ctx);
LOGDH("DHencrypt: in len is %d, out len is %d", len, outlen);
@@ -427,27 +438,25 @@ bool gf_verifyDH(const char *subject, const unsigned char
*challenge,
return false;
}
-#ifdef _DEBUG
- int rsalen = RSA_size(evpkey->pkey.rsa);
- LOGDH("Challenge response length is %d, rsalen is %d", responseLen, rsalen);
-#endif
+ const ASN1_OBJECT *macobj;
+ const X509_ALGOR *algorithm;
+ X509_ALGOR_get0(&macobj, NULL, NULL, algorithm);
- const EVP_MD *signatureDigest =
EVP_get_digestbyobj(cert->sig_alg->algorithm);
- EVP_MD_CTX signatureCtx;
- EVP_MD_CTX_init(&signatureCtx);
+ const EVP_MD *signatureDigest = EVP_get_digestbyobj(macobj);
+ EVP_MD_CTX* signatureCtx = EVP_MD_CTX_new();
- int result1 = EVP_VerifyInit_ex(&signatureCtx, signatureDigest, NULL);
+ int result1 = EVP_VerifyInit_ex(signatureCtx, signatureDigest, NULL);
LOGDH(" Result of VerifyInit is %d", result1);
- int result2 = EVP_VerifyUpdate(&signatureCtx, challenge, challengeLen);
+ int result2 = EVP_VerifyUpdate(signatureCtx, challenge, challengeLen);
LOGDH(" Result of VerifyUpdate is %d", result2);
- int result3 = EVP_VerifyFinal(&signatureCtx, response, responseLen, evpkey);
+ int result3 = EVP_VerifyFinal(signatureCtx, response, responseLen, evpkey);
LOGDH(" Result of VerifyFinal is %d", result3);
bool result = (result1 == 1 && result2 == 1 && result3 == 1);
- EVP_MD_CTX_cleanup(&signatureCtx);
+ EVP_MD_CTX_free(signatureCtx);
if (result == false) {
*reason = DH_ERR_INVALID_SIGN;
@@ -463,21 +472,22 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
unsigned char *s, *p = NULL;
int i;
ASN1_INTEGER *asn1int = NULL;
+ DH* dh = EVP_PKEY_get1_DH(pkey);
if (x == NULL) return (0);
if ((pk = DH_PUBKEY_new()) == NULL) goto err;
a = pk->algor;
- LOGDH(" key type for OBJ NID is %d", pkey->type);
+ LOGDH(" key type for OBJ NID is %d", EVP_PKEY_base_id(pkey));
/* set the algorithm id */
- if ((o = OBJ_nid2obj(pkey->type)) == NULL) goto err;
+ if ((o = OBJ_nid2obj(EVP_PKEY_base_id(pkey))) == NULL) goto err;
ASN1_OBJECT_free(a->algorithm);
a->algorithm = o;
/* Set the parameter list */
- if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) {
+ if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) {
if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) {
ASN1_TYPE_free(a->parameter);
if (!(a->parameter = ASN1_TYPE_new())) {
@@ -486,11 +496,11 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
}
a->parameter->type = V_ASN1_NULL;
}
- } else if (pkey->type == EVP_PKEY_DH) {
+ } else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_DH) {
unsigned char *pp;
- DH *dh;
- dh = pkey->pkey.dh;
+ const BIGNUM* pub_key, *priv_key;
+ DH_get0_key(dh, &pub_key, &priv_key);
ASN1_TYPE_free(a->parameter);
if ((i = i2d_DHparams(dh, NULL)) <= 0) goto err;
if (!(p = reinterpret_cast<unsigned char *>(OPENSSL_malloc(i)))) {
@@ -521,7 +531,10 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
goto err;
}
- asn1int = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
+ const BIGNUM* pub_key, *priv_key;
+ DH_get0_key(dh, &pub_key, &priv_key);
+
+ asn1int = BN_to_ASN1_INTEGER(pub_key, NULL);
if ((i = i2d_ASN1_INTEGER(asn1int, NULL)) <= 0) goto err;
if ((s = reinterpret_cast<unsigned char *>(OPENSSL_malloc(i + 1))) == NULL) {
X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
@@ -529,7 +542,7 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
}
p = s;
i2d_ASN1_INTEGER(asn1int, &p);
- if (!M_ASN1_BIT_STRING_set(pk->public_key, s, i)) {
+ if (!ASN1_BIT_STRING_set(pk->public_key, s, i)) {
X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -559,42 +572,56 @@ EVP_PKEY *DH_PUBKEY_get(DH_PUBKEY *key) {
X509_ALGOR *a;
ASN1_INTEGER *asn1int = NULL;
- if (key == NULL) goto err;
+ if (key == NULL) {
+ EVP_PKEY_up_ref(key->pkey);
+ return (key->pkey);
+ }
if (key->pkey != NULL) {
- CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(key->pkey);
return (key->pkey);
}
- if (key->public_key == NULL) goto err;
+ if (key->public_key == NULL) {
+ if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+ if (ret != NULL) EVP_PKEY_free(ret);
+ return (NULL);
+ }
type = OBJ_obj2nid(key->algor->algorithm);
LOGDH("DHPUBKEY type is %d", type);
if ((ret = EVP_PKEY_new()) == NULL) {
- X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
- goto err;
+ X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
+ if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+ if (ret != NULL) EVP_PKEY_free(ret);
+ return (NULL);
}
- ret->type = EVP_PKEY_type(type);
- LOGDH(" DHPUBKEY evppkey type is %d", ret->type);
+ LOGDH(" DHPUBKEY evppkey type is %d", EVP_PKEY_base_id(ret));
/* the parameters must be extracted before the public key */
a = key->algor;
- if (ret->type == EVP_PKEY_DH) {
+ if (EVP_PKEY_base_id(ret) == EVP_PKEY_DH) {
if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) {
- if ((ret->pkey.dh = DH_new()) == NULL) {
- X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
- goto err;
+ if ((EVP_PKEY_set1_DH(ret, DH_new())) == 0) {
+ X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
+ if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+ if (ret != NULL) EVP_PKEY_free(ret);
+ return (NULL);
}
cp = p = a->parameter->value.sequence->data;
j = a->parameter->value.sequence->length;
- if (!d2i_DHparams(&ret->pkey.dh, &cp, j)) goto err;
+ DH* dh = EVP_PKEY_get1_DH(ret);
+ if (!d2i_DHparams(&dh, &cp, j)) {
+ if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+ if (ret != NULL) EVP_PKEY_free(ret);
+ return (NULL);
+ }
}
- ret->save_parameters = 1;
}
p = key->public_key->data;
@@ -603,11 +630,11 @@ EVP_PKEY *DH_PUBKEY_get(DH_PUBKEY *key) {
asn1int = d2i_ASN1_INTEGER(NULL, &p, j);
LOGDH("after d2i asn1 integer ptr is %p", asn1int);
- ret->pkey.dh->pub_key = ASN1_INTEGER_to_BN(asn1int, NULL);
- LOGDH(" after asn1int to bn ptr is %p", ret->pkey.dh->pub_key);
+ DH* dh = EVP_PKEY_get1_DH(ret);
+ DH_set0_key(dh, ASN1_INTEGER_to_BN(asn1int, NULL), NULL);
key->pkey = ret;
- CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(key->pkey);
if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
return (ret);
diff --git a/templates/security/PkcsAuthInit.cpp
b/templates/security/PkcsAuthInit.cpp
index ebae246..51a4933 100644
--- a/templates/security/PkcsAuthInit.cpp
+++ b/templates/security/PkcsAuthInit.cpp
@@ -38,17 +38,20 @@ uint8_t* createSignature(EVP_PKEY* key, X509* cert,
return NULL;
}
- const EVP_MD* signatureDigest =
EVP_get_digestbyobj(cert->sig_alg->algorithm);
- EVP_MD_CTX signatureCtx;
- EVP_MD_CTX_init(&signatureCtx);
+ const ASN1_OBJECT *macobj;
+ const X509_ALGOR *algorithm;
+ X509_ALGOR_get0(&macobj, NULL, NULL, algorithm);
+ const EVP_MD* signatureDigest = EVP_get_digestbyobj(macobj);
+
+ EVP_MD_CTX* signatureCtx = EVP_MD_CTX_new();
uint8_t* signatureData = new uint8_t[EVP_PKEY_size(key)];
bool result =
- (EVP_SignInit_ex(&signatureCtx, signatureDigest, NULL) &&
- EVP_SignUpdate(&signatureCtx, inputBuffer, inputBufferLen) &&
- EVP_SignFinal(&signatureCtx, signatureData, signatureLen, key));
+ (EVP_SignInit_ex(signatureCtx, signatureDigest, NULL) &&
+ EVP_SignUpdate(signatureCtx, inputBuffer, inputBufferLen) &&
+ EVP_SignFinal(signatureCtx, signatureData, signatureLen, key));
- EVP_MD_CTX_cleanup(&signatureCtx);
+ EVP_MD_CTX_free(signatureCtx);
if (result) {
return signatureData;
}
diff --git a/tests/cpp/security/PkcsAuthInit.cpp
b/tests/cpp/security/PkcsAuthInit.cpp
index f17b59e..26889ba 100644
--- a/tests/cpp/security/PkcsAuthInit.cpp
+++ b/tests/cpp/security/PkcsAuthInit.cpp
@@ -58,15 +58,17 @@ uint8_t* createSignature(EVP_PKEY* key, X509* cert,
if (key == NULL || cert == NULL || inputBuffer == NULL) {
return NULL;
}
- const EVP_MD* signatureDigest =
EVP_get_digestbyobj(cert->sig_alg->algorithm);
- EVP_MD_CTX signatureCtx;
- EVP_MD_CTX_init(&signatureCtx);
+ const ASN1_OBJECT *macobj;
+ const X509_ALGOR *algorithm;
+ X509_ALGOR_get0(&macobj, NULL, NULL, algorithm);
+ const EVP_MD* signatureDigest = EVP_get_digestbyobj(macobj);
+ EVP_MD_CTX* signatureCtx = EVP_MD_CTX_new();
uint8_t* signatureData = new uint8_t[EVP_PKEY_size(key)];
bool result =
- (EVP_SignInit_ex(&signatureCtx, signatureDigest, NULL) &&
- EVP_SignUpdate(&signatureCtx, inputBuffer, inputBufferLen) &&
- EVP_SignFinal(&signatureCtx, signatureData, signatureLen, key));
- EVP_MD_CTX_cleanup(&signatureCtx);
+ (EVP_SignInit_ex(signatureCtx, signatureDigest, NULL) &&
+ EVP_SignUpdate(signatureCtx, inputBuffer, inputBufferLen) &&
+ EVP_SignFinal(signatureCtx, signatureData, signatureLen, key));
+ EVP_MD_CTX_free(signatureCtx);
if (result) {
return signatureData;
}
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
