1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
|
From a801d10a081e3130e24042256a43190c9eb6c112 Mon Sep 17 00:00:00 2001
From: Eneas Queiroz <35331380+cotequeiroz@users.noreply.github.com>
Date: Wed, 23 May 2018 03:09:02 -0300
Subject: [PATCH] ibrcommon: added openssl 1.1 compatibility (#264)
This patch adds compatibility to openssl 1.1.0.
Backported from master branch:
https://github.com/ibrdtn/ibrdtn/commit/a801d10a081e3130e24042256a43190c9eb6c112
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
ibrcommon/ibrcommon/ssl/HMacStream.cpp | 11 +++---
ibrcommon/ibrcommon/ssl/HMacStream.h | 2 +-
ibrcommon/ibrcommon/ssl/RSASHA256Stream.cpp | 28 +++++++------
ibrcommon/ibrcommon/ssl/RSASHA256Stream.h | 2 +-
ibrcommon/ibrcommon/ssl/iostreamBIO.cpp | 44 ++++++++++++++++-----
ibrcommon/ibrcommon/ssl/openssl_compat.h | 38 ++++++++++++++++++
6 files changed, 95 insertions(+), 30 deletions(-)
create mode 100644 ibrcommon/ibrcommon/ssl/openssl_compat.h
diff --git a/ibrcommon/ssl/HMacStream.cpp b/ibrcommon/ssl/HMacStream.cpp
index e5d317e3..66d8ce42 100644
--- a/ibrcommon/ssl/HMacStream.cpp
+++ b/ibrcommon/ssl/HMacStream.cpp
@@ -20,29 +20,30 @@
*/
#include "ibrcommon/ssl/HMacStream.h"
+#include "openssl_compat.h"
namespace ibrcommon
{
HMacStream::HMacStream(const unsigned char * const key, const int key_size)
: HashStream(EVP_MAX_MD_SIZE, BUFF_SIZE), key_(key), key_size_(key_size)
{
- HMAC_CTX_init(&ctx_);
- HMAC_Init_ex(&ctx_, key_, key_size_, EVP_sha1(), NULL);
+ ctx_ = HMAC_CTX_new();
+ HMAC_Init_ex(ctx_, key_, key_size_, EVP_sha1(), NULL);
}
HMacStream::~HMacStream()
{
- HMAC_CTX_cleanup(&ctx_);
+ HMAC_CTX_free(ctx_);
}
void HMacStream::update(char *buf, const size_t size)
{
// hashing
- HMAC_Update(&ctx_, (unsigned char*)buf, size);
+ HMAC_Update(ctx_, (unsigned char*)buf, size);
}
void HMacStream::finalize(char * hash, unsigned int &size)
{
- HMAC_Final(&ctx_, (unsigned char*)hash, &size);
+ HMAC_Final(ctx_, (unsigned char*)hash, &size);
}
}
diff --git a/ibrcommon/ssl/HMacStream.h b/ibrcommon/ssl/HMacStream.h
index 7dcea168..d04bceb8 100644
--- a/ibrcommon/ssl/HMacStream.h
+++ b/ibrcommon/ssl/HMacStream.h
@@ -44,7 +44,7 @@ namespace ibrcommon
const unsigned char * const key_;
const int key_size_;
- HMAC_CTX ctx_;
+ HMAC_CTX* ctx_;
};
}
diff --git a/ibrcommon/ssl/RSASHA256Stream.cpp b/ibrcommon/ssl/RSASHA256Stream.cpp
index d94430ed..d25c5d2f 100644
--- a/ibrcommon/ssl/RSASHA256Stream.cpp
+++ b/ibrcommon/ssl/RSASHA256Stream.cpp
@@ -21,6 +21,7 @@
#include "ibrcommon/ssl/RSASHA256Stream.h"
#include "ibrcommon/Logger.h"
+#include "openssl_compat.h"
#include <openssl/err.h>
namespace ibrcommon
@@ -30,11 +31,11 @@ namespace ibrcommon
{
// Initialize get pointer. This should be zero so that underflow is called upon first read.
setp(&out_buf_[0], &out_buf_[BUFF_SIZE - 1]);
- EVP_MD_CTX_init(&_ctx);
+ _ctx = EVP_MD_CTX_new();
if (!_verify)
{
- if (!EVP_SignInit_ex(&_ctx, EVP_sha256(), NULL))
+ if (!EVP_SignInit_ex(_ctx, EVP_sha256(), NULL))
{
IBRCOMMON_LOGGER_TAG("RSASHA256Stream", critical) << "failed to initialize the signature function" << IBRCOMMON_LOGGER_ENDL;
ERR_print_errors_fp(stderr);
@@ -42,7 +43,7 @@ namespace ibrcommon
}
else
{
- if (!EVP_VerifyInit_ex(&_ctx, EVP_sha256(), NULL))
+ if (!EVP_VerifyInit_ex(_ctx, EVP_sha256(), NULL))
{
IBRCOMMON_LOGGER_TAG("RSASHA256Stream", critical) << "failed to initialize the verification function" << IBRCOMMON_LOGGER_ENDL;
ERR_print_errors_fp(stderr);
@@ -52,18 +53,19 @@ namespace ibrcommon
RSASHA256Stream::~RSASHA256Stream()
{
- EVP_MD_CTX_cleanup(&_ctx);
+ EVP_MD_CTX_free(_ctx);
}
void RSASHA256Stream::reset()
{
- EVP_MD_CTX_cleanup(&_ctx);
-
- EVP_MD_CTX_init(&_ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_MD_CTX_cleanup(_ctx);
+#endif
+ EVP_MD_CTX_init(_ctx);
if (!_verify)
{
- if (!EVP_SignInit_ex(&_ctx, EVP_sha256(), NULL))
+ if (!EVP_SignInit_ex(_ctx, EVP_sha256(), NULL))
{
IBRCOMMON_LOGGER_TAG("RSASHA256Stream", critical) << "failed to initialize the signature function" << IBRCOMMON_LOGGER_ENDL;
ERR_print_errors_fp(stderr);
@@ -71,7 +73,7 @@ namespace ibrcommon
}
else
{
- if (!EVP_VerifyInit_ex(&_ctx, EVP_sha256(), NULL))
+ if (!EVP_VerifyInit_ex(_ctx, EVP_sha256(), NULL))
{
IBRCOMMON_LOGGER_TAG("RSASHA256Stream", critical) << "failed to initialize the verfication function" << IBRCOMMON_LOGGER_ENDL;
ERR_print_errors_fp(stderr);
@@ -91,7 +93,7 @@ namespace ibrcommon
std::vector<unsigned char> sign(EVP_PKEY_size(_pkey));
unsigned int size = EVP_PKEY_size(_pkey);
- _return_code = EVP_SignFinal(&_ctx, &sign[0], &size, _pkey);
+ _return_code = EVP_SignFinal(_ctx, &sign[0], &size, _pkey);
_sign = std::string((const char*)&sign[0], size);
@@ -107,7 +109,7 @@ namespace ibrcommon
if (!_sign_valid)
{
sync();
- _return_code = EVP_VerifyFinal(&_ctx, reinterpret_cast<const unsigned char *>(their_sign.c_str()), static_cast<unsigned int>(their_sign.size()), _pkey);
+ _return_code = EVP_VerifyFinal(_ctx, reinterpret_cast<const unsigned char *>(their_sign.c_str()), static_cast<unsigned int>(their_sign.size()), _pkey);
_sign_valid = true;
}
return _return_code;
@@ -145,7 +147,7 @@ namespace ibrcommon
if (!_verify)
// hashing
{
- if (!EVP_SignUpdate(&_ctx, &out_buf_[0], iend - ibegin))
+ if (!EVP_SignUpdate(_ctx, &out_buf_[0], iend - ibegin))
{
IBRCOMMON_LOGGER_TAG("RSASHA256Stream", critical) << "failed to feed data into the signature function" << IBRCOMMON_LOGGER_ENDL;
ERR_print_errors_fp(stderr);
@@ -153,7 +155,7 @@ namespace ibrcommon
}
else
{
- if (!EVP_VerifyUpdate(&_ctx, &out_buf_[0], iend - ibegin))
+ if (!EVP_VerifyUpdate(_ctx, &out_buf_[0], iend - ibegin))
{
IBRCOMMON_LOGGER_TAG("RSASHA256Stream", critical) << "failed to feed data into the verification function" << IBRCOMMON_LOGGER_ENDL;
ERR_print_errors_fp(stderr);
diff --git a/ibrcommon/ssl/RSASHA256Stream.h b/ibrcommon/ssl/RSASHA256Stream.h
index 344f8e10..6f3a1168 100644
--- a/ibrcommon/ssl/RSASHA256Stream.h
+++ b/ibrcommon/ssl/RSASHA256Stream.h
@@ -106,7 +106,7 @@ namespace ibrcommon
/** the context in which the streamed data will be feed into for
calculation of the hash/signature */
- EVP_MD_CTX _ctx;
+ EVP_MD_CTX * _ctx;
/** tells if the context needs to be finalized to get a valid signature or
verification */
diff --git a/ibrcommon/ssl/iostreamBIO.cpp b/ibrcommon/ssl/iostreamBIO.cpp
index 18c1b55c..ea6c63eb 100644
--- a/ibrcommon/ssl/iostreamBIO.cpp
+++ b/ibrcommon/ssl/iostreamBIO.cpp
@@ -23,6 +23,7 @@
#include "ibrcommon/Logger.h"
+#include "openssl_compat.h"
#include <openssl/err.h>
namespace ibrcommon
@@ -42,7 +43,20 @@ static int create(BIO *bio);
//static int destroy(BIO *bio);
//static long (*callback_ctrl)(BIO *, int, bio_info_cb *);
-
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+BIO_METHOD * BIO_iostream_method()
+{
+ static BIO_METHOD *iostream_method = NULL;
+ if (iostream_method) {
+ iostream_method = BIO_meth_new(iostreamBIO::type, iostreamBIO::name);
+ BIO_meth_set_write(iostream_method, bwrite);
+ BIO_meth_set_read(iostream_method, bread);
+ BIO_meth_set_ctrl(iostream_method, ctrl);
+ BIO_meth_set_create(iostream_method, create);
+ }
+ return iostream_method;
+}
+#else
static BIO_METHOD iostream_method =
{
iostreamBIO::type,
@@ -56,12 +70,17 @@ static BIO_METHOD iostream_method =
NULL,//destroy,
NULL//callback_ctrl
};
+BIO_METHOD * BIO_iostream_method()
+{
+ return &iostream_method;
+}
+#endif
iostreamBIO::iostreamBIO(iostream *stream)
: _stream(stream)
{
/* create BIO */
- _bio = BIO_new(&iostream_method);
+ _bio = BIO_new(BIO_iostream_method());
if(!_bio){
/* creation failed, throw exception */
char err_buf[ERR_BUF_SIZE];
@@ -72,7 +91,7 @@ iostreamBIO::iostreamBIO(iostream *stream)
}
/* save the iostream in the bio object */
- _bio->ptr = stream;
+ BIO_set_data(_bio, (void *) stream);
}
BIO * iostreamBIO::getBIO(){
@@ -81,10 +100,10 @@ BIO * iostreamBIO::getBIO(){
static int create(BIO *bio)
{
- bio->ptr = NULL;
- /* (from openssl memory bio) */
- bio->shutdown=1;
- bio->init=1;
+ BIO_set_data(bio, NULL);
+ BIO_set_shutdown(bio, 1);
+ BIO_set_init(bio, 1);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* from bss_mem.c (openssl):
* bio->num is used to hold the value to return on 'empty', if it is
* 0, should_retry is not set
@@ -93,6 +112,7 @@ static int create(BIO *bio)
* it is set to 0 since the underlying stream is blocking
*/
bio->num= 0;
+#endif
return 1;
}
@@ -102,7 +122,7 @@ static int create(BIO *bio)
static long ctrl(BIO *bio, int cmd, long num, void *)
{
long ret;
- iostream *stream = reinterpret_cast<iostream*>(bio->ptr);
+ iostream *stream = reinterpret_cast<iostream*>(BIO_get_data(bio));
IBRCOMMON_LOGGER_DEBUG_TAG("iostreamBIO", 90) << "ctrl called, cmd: " << cmd << ", num: " << num << "." << IBRCOMMON_LOGGER_ENDL;
@@ -147,8 +167,12 @@ static long ctrl(BIO *bio, int cmd, long num, void *)
static int bread(BIO *bio, char *buf, int len)
{
- iostream *stream = reinterpret_cast<iostream*>(bio->ptr);
+ iostream *stream = reinterpret_cast<iostream*>(BIO_get_data(bio));
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ int num_bytes = 0;
+#else
int num_bytes = bio->num;
+#endif
try{
/* make sure to read at least 1 byte and then read as much as we can */
@@ -170,7 +194,7 @@ static int bwrite(BIO *bio, const char *buf, int len)
if(len == 0){
return 0;
}
- iostream *stream = reinterpret_cast<iostream*>(bio->ptr);
+ iostream *stream = reinterpret_cast<iostream*>(BIO_get_data(bio));
/* write the data */
try{
diff --git a/ibrcommon/ssl/openssl_compat.h b/ibrcommon/ssl/openssl_compat.h
new file mode 100644
index 00000000..e491677f
--- /dev/null
+++ b/ibrcommon/ssl/openssl_compat.h
@@ -0,0 +1,38 @@
+#ifndef OPENSSL_COMPAT_H
+#define OPENSSL_COMPAT_H
+
+#include <openssl/crypto.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+static inline EVP_MD_CTX * EVP_MD_CTX_new()
+{
+ EVP_MD_CTX *ctx;
+
+ ctx = (EVP_MD_CTX *) OPENSSL_malloc(sizeof(EVP_MD_CTX));
+ EVP_MD_CTX_init(ctx);
+ return ctx;
+}
+#define EVP_MD_CTX_free(c) if (c != NULL) OPENSSL_free(c)
+
+static inline HMAC_CTX * HMAC_CTX_new()
+{
+ HMAC_CTX *ctx;
+
+ ctx = (HMAC_CTX *) OPENSSL_malloc(sizeof(HMAC_CTX));
+ HMAC_CTX_init(ctx);
+ return ctx;
+}
+#define HMAC_CTX_free(c) if (c != NULL) OPENSSL_free(c)
+
+#define BIO_get_data(b) b->ptr
+#define BIO_set_data(b, v) b->ptr=v
+#define BIO_set_shutdown(b, v) b->shutdown=v
+#define BIO_set_init(b, v) b->init=v
+
+#endif /* OPENSSL_VERSION_NUMBER */
+
+#endif /* OPENSSL_COMPAT_H */
+
--
2.18.0
|
