j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Ensure compatibility with OpenSSL 1.1.0.

Browse source
This commit is contained in:
Guus Sliepen 2016-06-22 16:32:05 +02:00
parent 74eb4cc974
commit 323c17e232
5 changed files with 97 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
m4/openssl.m4
View file

@ -45,7 +45,7 @@ AC_DEFUN([tinc_OPENSSL],
[AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])] [AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])]
) )
AC_CHECK_FUNCS([RAND_status EVP_EncryptInit_ex], , AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], ,
[AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break], [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
) )
@ -53,4 +53,6 @@ AC_DEFUN([tinc_OPENSSL],
[AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break], [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
[#include <openssl/evp.h>] [#include <openssl/evp.h>]
) )
AC_CHECK_FUNCS([BN_GENCB_new ERR_remove_state RSA_set0_key], , , [#include <openssl/rsa.h>])
]) ])

40
src/openssl/cipher.c
View file

@ -28,14 +28,16 @@
#include "../xalloc.h" #include "../xalloc.h"
struct cipher { struct cipher {
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *cipher; const EVP_CIPHER *cipher;
}; };
static cipher_t *cipher_open(const EVP_CIPHER *evp_cipher) { static cipher_t *cipher_open(const EVP_CIPHER *evp_cipher) {
cipher_t *cipher = xzalloc(sizeof *cipher); cipher_t *cipher = xzalloc(sizeof *cipher);
cipher->cipher = evp_cipher; cipher->cipher = evp_cipher;
EVP_CIPHER_CTX_init(&cipher->ctx); cipher->ctx = EVP_CIPHER_CTX_new();
if(!cipher->ctx)
abort();
return cipher; return cipher;
} }
@ -68,7 +70,7 @@ void cipher_close(cipher_t *cipher) {
if(!cipher) if(!cipher)
return; return;
EVP_CIPHER_CTX_cleanup(&cipher->ctx); EVP_CIPHER_CTX_free(cipher->ctx);
free(cipher); free(cipher);
} }
@ -76,23 +78,23 @@ size_t cipher_keylength(const cipher_t *cipher) {
if(!cipher || !cipher->cipher) if(!cipher || !cipher->cipher)
return 0; return 0;
return cipher->cipher->key_len + cipher->cipher->iv_len; return EVP_CIPHER_key_length(cipher->cipher) + EVP_CIPHER_iv_length(cipher->cipher);
} }
size_t cipher_blocksize(const cipher_t *cipher) { size_t cipher_blocksize(const cipher_t *cipher) {
if(!cipher || !cipher->cipher) if(!cipher || !cipher->cipher)
return 1; return 1;
return cipher->cipher->block_size; return EVP_CIPHER_block_size(cipher->cipher);
} }
bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) { bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) {
bool result; bool result;
if(encrypt) if(encrypt)
result = EVP_EncryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, (unsigned char *)key + cipher->cipher->key_len); result = EVP_EncryptInit_ex(cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, (unsigned char *)key + EVP_CIPHER_key_length(cipher->cipher));
else else
result = EVP_DecryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, (unsigned char *)key + cipher->cipher->key_len); result = EVP_DecryptInit_ex(cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, (unsigned char *)key + EVP_CIPHER_key_length(cipher->cipher));
if(result) if(result)
return true; return true;
@ -105,9 +107,9 @@ bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encry
bool result; bool result;
if(encrypt) if(encrypt)
result = EVP_EncryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key + len - cipher->cipher->key_len, (unsigned char *)key + len - cipher->cipher->iv_len - cipher->cipher->key_len); result = EVP_EncryptInit_ex(cipher->ctx, cipher->cipher, NULL, (unsigned char *)key + len - EVP_CIPHER_key_length(cipher->cipher), (unsigned char *)key + len - EVP_CIPHER_iv_length(cipher->cipher) - EVP_CIPHER_key_length(cipher->cipher));
else else
result = EVP_DecryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key + len - cipher->cipher->key_len, (unsigned char *)key + len - cipher->cipher->iv_len - cipher->cipher->key_len); result = EVP_DecryptInit_ex(cipher->ctx, cipher->cipher, NULL, (unsigned char *)key + len - EVP_CIPHER_key_length(cipher->cipher), (unsigned char *)key + len - EVP_CIPHER_iv_length(cipher->cipher) - EVP_CIPHER_key_length(cipher->cipher));
if(result) if(result)
return true; return true;
@ -119,15 +121,15 @@ bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encry
bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
if(oneshot) { if(oneshot) {
int len, pad; int len, pad;
if(EVP_EncryptInit_ex(&cipher->ctx, NULL, NULL, NULL, NULL) if(EVP_EncryptInit_ex(cipher->ctx, NULL, NULL, NULL, NULL)
&& EVP_EncryptUpdate(&cipher->ctx, (unsigned char *)outdata, &len, indata, inlen) && EVP_EncryptUpdate(cipher->ctx, (unsigned char *)outdata, &len, indata, inlen)
&& EVP_EncryptFinal(&cipher->ctx, (unsigned char *)outdata + len, &pad)) { && EVP_EncryptFinal(cipher->ctx, (unsigned char *)outdata + len, &pad)) {
if(outlen) *outlen = len + pad; if(outlen) *outlen = len + pad;
return true; return true;
} }
} else { } else {
int len; int len;
if(EVP_EncryptUpdate(&cipher->ctx, outdata, &len, indata, inlen)) { if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) {
if(outlen) *outlen = len; if(outlen) *outlen = len;
return true; return true;
} }
@ -140,15 +142,15 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
if(oneshot) { if(oneshot) {
int len, pad; int len, pad;
if(EVP_DecryptInit_ex(&cipher->ctx, NULL, NULL, NULL, NULL) if(EVP_DecryptInit_ex(cipher->ctx, NULL, NULL, NULL, NULL)
&& EVP_DecryptUpdate(&cipher->ctx, (unsigned char *)outdata, &len, indata, inlen) && EVP_DecryptUpdate(cipher->ctx, (unsigned char *)outdata, &len, indata, inlen)
&& EVP_DecryptFinal(&cipher->ctx, (unsigned char *)outdata + len, &pad)) { && EVP_DecryptFinal(cipher->ctx, (unsigned char *)outdata + len, &pad)) {
if(outlen) *outlen = len + pad; if(outlen) *outlen = len + pad;
return true; return true;
} }
} else { } else {
int len; int len;
if(EVP_EncryptUpdate(&cipher->ctx, outdata, &len, indata, inlen)) { if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) {
if(outlen) *outlen = len; if(outlen) *outlen = len;
return true; return true;
} }
@ -162,9 +164,9 @@ int cipher_get_nid(const cipher_t *cipher) {
if(!cipher || !cipher->cipher) if(!cipher || !cipher->cipher)
return 0; return 0;
return cipher->cipher->nid; return EVP_CIPHER_nid(cipher->cipher);
} }
bool cipher_active(const cipher_t *cipher) { bool cipher_active(const cipher_t *cipher) {
return cipher && cipher->cipher && cipher->cipher->nid != 0; return cipher && cipher->cipher && EVP_CIPHER_nid(cipher->cipher) != 0;
} }

19
src/openssl/digest.c
View file

@ -93,14 +93,19 @@ bool digest_create(digest_t *digest, const void *indata, size_t inlen, void *out
return false; return false;
} }
} else { } else {
EVP_MD_CTX ctx; EVP_MD_CTX *ctx = EVP_MD_CTX_create();
if(!ctx)
abort();
if(!EVP_DigestInit(&ctx, digest->digest) if(!EVP_DigestInit(ctx, digest->digest)
|| !EVP_DigestUpdate(&ctx, indata, inlen) || !EVP_DigestUpdate(ctx, indata, inlen)
|| !EVP_DigestFinal(&ctx, tmpdata, NULL)) { || !EVP_DigestFinal(ctx, tmpdata, NULL)) {
logger(DEBUG_ALWAYS, LOG_DEBUG, "Error creating digest: %s", ERR_error_string(ERR_get_error(), NULL)); logger(DEBUG_ALWAYS, LOG_DEBUG, "Error creating digest: %s", ERR_error_string(ERR_get_error(), NULL));
EVP_MD_CTX_free(ctx);
return false; return false;
} }
EVP_MD_CTX_free(ctx);
} }
memcpy(outdata, tmpdata, digest->maclength); memcpy(outdata, tmpdata, digest->maclength);
@ -118,14 +123,14 @@ int digest_get_nid(const digest_t *digest) {
if(!digest || !digest->digest) if(!digest || !digest->digest)
return 0; return 0;
return digest->digest->type; return EVP_MD_type(digest->digest);
} }
size_t digest_keylength(const digest_t *digest) { size_t digest_keylength(const digest_t *digest) {
if(!digest || !digest->digest) if(!digest || !digest->digest)
return 0; return 0;
return digest->digest->md_size; return EVP_MD_size(digest->digest);
} }
size_t digest_length(const digest_t *digest) { size_t digest_length(const digest_t *digest) {
@ -136,5 +141,5 @@ size_t digest_length(const digest_t *digest) {
} }
bool digest_active(const digest_t *digest) { bool digest_active(const digest_t *digest) {
return digest && digest->digest && digest->digest->type != 0; return digest && digest->digest && EVP_MD_type(digest->digest) != 0;
} }

41
src/openssl/rsa.c
View file

@ -30,28 +30,51 @@ typedef RSA rsa_t;
// Set RSA keys // Set RSA keys
#ifndef HAVE_RSA_SET0_KEY
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
BN_free(r->n); r->n = n;
BN_free(r->e); r->e = e;
BN_free(r->d); r->d = d;
return 1;
}
#endif
rsa_t *rsa_set_hex_public_key(char *n, char *e) { rsa_t *rsa_set_hex_public_key(char *n, char *e) {
BIGNUM *bn_n = NULL;
BIGNUM *bn_e = NULL;
if(BN_hex2bn(&bn_n, n) != strlen(n) || BN_hex2bn(&bn_e, e) != strlen(e)) {
BN_free(bn_e);
BN_free(bn_n);
return false;
}
rsa_t *rsa = RSA_new(); rsa_t *rsa = RSA_new();
if(!rsa) if(!rsa)
return NULL; return NULL;
if(BN_hex2bn(&rsa->n, n) != strlen(n) || BN_hex2bn(&rsa->e, e) != strlen(e)) { RSA_set0_key(rsa, bn_n, bn_e, NULL);
RSA_free(rsa);
return false;
}
return rsa; return rsa;
} }
rsa_t *rsa_set_hex_private_key(char *n, char *e, char *d) { rsa_t *rsa_set_hex_private_key(char *n, char *e, char *d) {
BIGNUM *bn_n = NULL;
BIGNUM *bn_e = NULL;
BIGNUM *bn_d = NULL;
if(BN_hex2bn(&bn_n, n) != strlen(n) || BN_hex2bn(&bn_e, e) != strlen(e) || BN_hex2bn(&bn_d, d) != strlen(d)) {
BN_free(bn_d);
BN_free(bn_e);
BN_free(bn_n);
return false;
}
rsa_t *rsa = RSA_new(); rsa_t *rsa = RSA_new();
if(!rsa) if(!rsa)
return NULL; return NULL;
if(BN_hex2bn(&rsa->n, n) != strlen(n) || BN_hex2bn(&rsa->e, e) != strlen(e) || BN_hex2bn(&rsa->d, d) != strlen(d)) { RSA_set0_key(rsa, bn_n, bn_e, bn_d);
RSA_free(rsa);
return false;
}
return rsa; return rsa;
} }

31
src/openssl/rsagen.c
View file

@ -30,7 +30,7 @@ typedef RSA rsa_t;
/* This function prettyprints the key generation process */ /* This function prettyprints the key generation process */
static void indicator(int a, int b, void *p) { static int indicator(int a, int b, BN_GENCB *cb) {
switch (a) { switch (a) {
case 0: case 0:
fprintf(stderr, "."); fprintf(stderr, ".");
@ -62,12 +62,39 @@ static void indicator(int a, int b, void *p) {
default: default:
fprintf(stderr, "?"); fprintf(stderr, "?");
} }
return 1;
} }
// Generate RSA key // Generate RSA key
#ifndef HAVE_BN_GENCB_NEW
BN_GENCB *BN_GENCB_new(void) {
return xzalloc(sizeof(BN_GENCB));
}
void BN_GENCB_free(BN_GENCB *cb) {
free(cb);
}
#endif
rsa_t *rsa_generate(size_t bits, unsigned long exponent) { rsa_t *rsa_generate(size_t bits, unsigned long exponent) {
return RSA_generate_key(bits, exponent, indicator, NULL); BIGNUM *bn_e = BN_new();
rsa_t *rsa = RSA_new();
BN_GENCB *cb = BN_GENCB_new();
if(!bn_e || !rsa || !cb)
abort();
BN_set_word(bn_e, exponent);
BN_GENCB_set(cb, indicator, NULL);
RSA_generate_key_ex(rsa, bits, bn_e, cb);
BN_GENCB_free(cb);
BN_free(bn_e);
return rsa;
} }
// Write PEM RSA keys // Write PEM RSA keys