Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:wolfi323:branches:KDE:Frameworks5
libqca2
Compile-with-OpenSSL-3.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Compile-with-OpenSSL-3.patch of Package libqca2
From b8e0f67484ec914396c585cfc9de77950fca9609 Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <aacid@kde.org> Date: Fri, 6 Aug 2021 21:00:52 +0200 Subject: [PATCH] Compile with OpenSSL 3 --- .gitlab-ci.yml | 18 ++++ plugins/qca-ossl/qca-ossl.cpp | 152 ++++++++++++++++++++++++---------- 2 files changed, 126 insertions(+), 44 deletions(-) diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp index 0d9f5d48..ae4d37ad 100644 --- a/plugins/qca-ossl/qca-ossl.cpp +++ b/plugins/qca-ossl/qca-ossl.cpp @@ -35,11 +35,15 @@ #include <iostream> #include <openssl/rand.h> +#include <openssl/opensslv.h> #include <openssl/pem.h> #include <openssl/err.h> #include <openssl/x509v3.h> #include <openssl/pkcs12.h> #include <openssl/ssl.h> +#ifdef OPENSSL_VERSION_MAJOR +#include <openssl/provider.h> +#endif #include "ossl110-compat.h" @@ -73,6 +77,17 @@ using namespace QCA; +namespace { +struct DsaDeleter +{ + static inline void cleanup(void *pointer) + { + if (pointer) + DSA_free((DSA *)pointer); + } + +}; +} // end of anonymous namespace namespace opensslQCAPlugin { //---------------------------------------------------------------------------- @@ -1300,9 +1311,9 @@ class opensslHkdfContext : public HKDFContext EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); EVP_PKEY_derive_init(pctx); EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()); - EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt.data(), int(salt.size())); - EVP_PKEY_CTX_set1_hkdf_key(pctx, secret.data(), int(secret.size())); - EVP_PKEY_CTX_add1_hkdf_info(pctx, info.data(), int(info.size())); + EVP_PKEY_CTX_set1_hkdf_salt(pctx, (const unsigned char *)salt.data(), int(salt.size())); + EVP_PKEY_CTX_set1_hkdf_key(pctx, (const unsigned char *)secret.data(), int(secret.size())); + EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)info.data(), int(info.size())); size_t outlen = out.size(); EVP_PKEY_derive(pctx, reinterpret_cast<unsigned char*>(out.data()), &outlen); EVP_PKEY_CTX_free(pctx); @@ -1487,9 +1498,9 @@ class EVPKey if (type == EVP_PKEY_RSA) { - RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const RSA *rsa = EVP_PKEY_get0_RSA(pkey); if(RSA_private_encrypt (raw.size(), (unsigned char *)raw.data(), - (unsigned char *)out.data(), rsa, + (unsigned char *)out.data(), (RSA *)rsa, RSA_PKCS1_PADDING) == -1) { state = SignError; @@ -1534,9 +1545,9 @@ class EVPKey int type = EVP_PKEY_id(pkey); if (type == EVP_PKEY_RSA) { - RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const RSA *rsa = EVP_PKEY_get0_RSA(pkey); if((len = RSA_public_decrypt (sig.size(), (unsigned char *)sig.data(), - (unsigned char *)out.data (), rsa, + (unsigned char *)out.data (), (RSA *)rsa, RSA_PKCS1_PADDING)) == -1) { state = VerifyError; @@ -1669,16 +1680,6 @@ class DLParams }; #ifndef OPENSSL_FIPS -namespace { -struct DsaDeleter -{ - static inline void cleanup(void *pointer) - { - if (pointer) - DSA_free((DSA *)pointer); - } -}; -} // end of anonymous namespace static bool make_dlgroup(const QByteArray &seed, int bits, int counter, DLParams *params) { @@ -1922,8 +1923,9 @@ class RSAKeyMaker : public QThread if (BN_set_word(e.data(), exp) != 1) return; - if (RSA_generate_key_ex(rsa.data(), bits, e.data(), NULL) == 0) + if (RSA_generate_key_ex(rsa.data(), bits, e.data(), NULL) == 0) { return; + } result = rsa.take(); } @@ -1993,7 +1995,7 @@ class RSAKey : public RSAContext return; // extract the public key into DER format - RSA *rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey); + const RSA *rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey); int len = i2d_RSAPublicKey(rsa_pkey, NULL); SecureArray result(len); unsigned char *p = (unsigned char *)result.data(); @@ -2020,7 +2022,7 @@ class RSAKey : public RSAContext virtual int maximumEncryptSize(EncryptionAlgorithm alg) const { - RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); int size = 0; switch(alg) { @@ -2035,7 +2037,7 @@ class RSAKey : public RSAContext virtual SecureArray encrypt(const SecureArray &in, EncryptionAlgorithm alg) { - RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); SecureArray buf = in; int max = maximumEncryptSize(alg); @@ -2048,7 +2050,11 @@ class RSAKey : public RSAContext { case EME_PKCS1v15: pad = RSA_PKCS1_PADDING; break; case EME_PKCS1_OAEP: pad = RSA_PKCS1_OAEP_PADDING; break; +// OPENSSL_VERSION_MAJOR is only defined on openssl > 3.0 +// that doesn't have RSA_SSLV23_PADDING so we can use it negatively here +#ifndef OPENSSL_VERSION_MAJOR case EME_PKCS1v15_SSL: pad = RSA_SSLV23_PADDING; break; +#endif case EME_NO_PADDING: pad = RSA_NO_PADDING; break; default: return SecureArray(); break; } @@ -2055,9 +2061,10 @@ class RSAKey : public RSAContext int ret; if (isPrivate()) - ret = RSA_private_encrypt(buf.size(), (unsigned char *)buf.data(), (unsigned char *)result.data(), rsa, pad); + ret = RSA_private_encrypt(buf.size(), (unsigned char *)buf.data(), (unsigned char *)result.data(), (RSA *)rsa, pad); else - ret = RSA_public_encrypt(buf.size(), (unsigned char *)buf.data(), (unsigned char *)result.data(), rsa, pad); + ret = RSA_public_encrypt( + buf.size(), (unsigned char *)buf.data(), (unsigned char *)result.data(), (RSA *)rsa, pad); if(ret < 0) return SecureArray(); @@ -2068,7 +2075,7 @@ class RSAKey : public RSAContext virtual bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm alg) { - RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); SecureArray result(RSA_size(rsa)); int pad; @@ -2076,7 +2083,11 @@ class RSAKey : public RSAContext { case EME_PKCS1v15: pad = RSA_PKCS1_PADDING; break; case EME_PKCS1_OAEP: pad = RSA_PKCS1_OAEP_PADDING; break; +// OPENSSL_VERSION_MAJOR is only defined on openssl > 3.0 +// that doesn't have RSA_SSLV23_PADDING so we can use it negatively here +#ifndef OPENSSL_VERSION_MAJOR case EME_PKCS1v15_SSL: pad = RSA_SSLV23_PADDING; break; +#endif case EME_NO_PADDING: pad = RSA_NO_PADDING; break; default: return false; break; } @@ -2083,9 +2094,11 @@ class RSAKey : public RSAContext int ret; if (isPrivate()) - ret = RSA_private_decrypt(in.size(), (unsigned char *)in.data(), (unsigned char *)result.data(), rsa, pad); + ret = RSA_private_decrypt( + in.size(), (unsigned char *)in.data(), (unsigned char *)result.data(), (RSA *)rsa, pad); else - ret = RSA_public_decrypt(in.size(), (unsigned char *)in.data(), (unsigned char *)result.data(), rsa, pad); + ret = RSA_public_decrypt( + in.size(), (unsigned char *)in.data(), (unsigned char *)result.data(), (RSA *)rsa, pad); if(ret < 0) return false; @@ -2226,7 +2239,7 @@ class RSAKey : public RSAContext virtual BigInteger n() const { - RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); const BIGNUM *bnn; RSA_get0_key(rsa, &bnn, NULL, NULL); return bn2bi(bnn); @@ -2234,7 +2247,7 @@ class RSAKey : public RSAContext virtual BigInteger e() const { - RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); const BIGNUM *bne; RSA_get0_key(rsa, NULL, &bne, NULL); return bn2bi(bne); @@ -2242,7 +2255,7 @@ class RSAKey : public RSAContext virtual BigInteger p() const { - RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); const BIGNUM *bnp; RSA_get0_factors(rsa, &bnp, NULL); return bn2bi(bnp); @@ -2250,7 +2263,7 @@ class RSAKey : public RSAContext virtual BigInteger q() const { - RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); const BIGNUM *bnq; RSA_get0_factors(rsa, NULL, &bnq); return bn2bi(bnq); @@ -2258,7 +2271,7 @@ class RSAKey : public RSAContext virtual BigInteger d() const { - RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); const BIGNUM *bnd; RSA_get0_key(rsa, NULL, NULL, &bnd); return bn2bi(bnd); @@ -2309,18 +2322,48 @@ class DSAKeyMaker : public QThread virtual void run() { - DSA *dsa = DSA_new(); + DSA *dsa = DSA_new(); //std::unique_ptr<DSA, decltype(DsaDeleter)> dsa(DSA_new(), DsaDeleter); BIGNUM *pne = bi2bn(domain.p()), *qne = bi2bn(domain.q()), *gne = bi2bn(domain.g()); - if(!DSA_set0_pqg(dsa, pne, qne, gne) - || !DSA_generate_key(dsa)) - { - DSA_free(dsa); + if(!DSA_set0_pqg(dsa/*.get()*/, pne, qne, gne)) { + DSA_free(dsa);return; + } + if (!DSA_generate_key(dsa/*.get()*/)) { + // OPENSSL_VERSION_MAJOR is only defined in openssl3 +#ifdef OPENSSL_VERSION_MAJOR + // HACK + // in openssl3 there is an internal flag for "legacy" values + // bits < 2048 && seed_len <= 20 + // set in ossl_ffc_params_FIPS186_2_generate (called by DSA_generate_parameters_ex) + // that we have no way to get or set, so if the bits are smaller than 2048 we generate + // a dsa from a dummy seed and then override the p/q/g with the ones we want + // so we can reuse the internal flag + if (BN_num_bits(pne) < 2048) { + int dummy; + DSA_free(dsa);dsa = DSA_new();//dsa.reset(DSA_new()); + if (DSA_generate_parameters_ex( + dsa/*.get()*/, 512, (const unsigned char *)"THIS_IS_A_DUMMY_SEED", 20, &dummy, NULL, NULL) != + 1) { + return; + } + pne = bi2bn(domain.p()); + qne = bi2bn(domain.q()); + gne = bi2bn(domain.g()); + if (!DSA_set0_pqg(dsa/*.get()*/, pne, qne, gne)) { + DSA_free(dsa);return; + } + if (!DSA_generate_key(dsa/*.get()*/)) { + DSA_free(dsa);return; + } + } +#else + DSA_free(dsa); return; +#endif } - result = dsa; + result = dsa; //.release(); } DSA *takeResult() @@ -2390,7 +2433,7 @@ class DSAKey : public DSAContext return; // extract the public key into DER format - DSA *dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey); + const DSA *dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey); int len = i2d_DSAPublicKey(dsa_pkey, NULL); SecureArray result(len); unsigned char *p = (unsigned char *)result.data(); @@ -2526,7 +2569,7 @@ class DSAKey : public DSAContext virtual DLGroup domain() const { - DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey); + const DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey); const BIGNUM *bnp, *bnq, *bng; DSA_get0_pqg(dsa, &bnp, &bnq, &bng); return DLGroup(bn2bi(bnp), bn2bi(bnq), bn2bi(bng)); @@ -2534,7 +2577,7 @@ class DSAKey : public DSAContext virtual BigInteger y() const { - DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey); + const DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey); const BIGNUM *bnpub_key; DSA_get0_key(dsa, &bnpub_key, NULL); return bn2bi(bnpub_key); @@ -2542,7 +2585,7 @@ class DSAKey : public DSAContext virtual BigInteger x() const { - DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey); + const DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey); const BIGNUM *bnpriv_key; DSA_get0_key(dsa, NULL, &bnpriv_key); return bn2bi(bnpriv_key); @@ -2669,7 +2712,7 @@ class DHKey : public DHContext if(!sec) return; - DH *orig = EVP_PKEY_get0_DH(evp.pkey); + const DH *orig = EVP_PKEY_get0_DH(evp.pkey); DH *dh = DH_new(); const BIGNUM *bnp, *bng, *bnpub_key; DH_get0_pqg(orig, &bnp, NULL, &bng); @@ -2692,13 +2735,13 @@ class DHKey : public DHContext virtual SymmetricKey deriveKey(const PKeyBase &theirs) { - DH *dh = EVP_PKEY_get0_DH(evp.pkey); - DH *them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey); + const DH *dh = EVP_PKEY_get0_DH(evp.pkey); + const DH *them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey); const BIGNUM *bnpub_key; DH_get0_key(them, &bnpub_key, NULL); SecureArray result(DH_size(dh)); - int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, dh); + int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, (DH *)dh); if(ret <= 0) return SymmetricKey(); result.resize(ret); @@ -2768,7 +2811,7 @@ class DHKey : public DHContext virtual DLGroup domain() const { - DH *dh = EVP_PKEY_get0_DH(evp.pkey); + const DH *dh = EVP_PKEY_get0_DH(evp.pkey); const BIGNUM *bnp, *bng; DH_get0_pqg(dh, &bnp, NULL, &bng); return DLGroup(bn2bi(bnp), bn2bi(bng)); @@ -2776,7 +2819,7 @@ class DHKey : public DHContext virtual BigInteger y() const { - DH *dh = EVP_PKEY_get0_DH(evp.pkey); + const DH *dh = EVP_PKEY_get0_DH(evp.pkey); const BIGNUM *bnpub_key; DH_get0_key(dh, &bnpub_key, NULL); return bn2bi(bnpub_key); @@ -2784,7 +2827,7 @@ class DHKey : public DHContext virtual BigInteger x() const { - DH *dh = EVP_PKEY_get0_DH(evp.pkey); + const DH *dh = EVP_PKEY_get0_DH(evp.pkey); const BIGNUM *bnpriv_key; DH_get0_key(dh, NULL, &bnpriv_key); return bn2bi(bnpriv_key); @@ -7361,6 +7404,22 @@ class opensslProvider : public Provider OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); +// OPENSSL_VERSION_MAJOR is only defined in openssl3 +#ifdef OPENSSL_VERSION_MAJOR + /* Load Multiple providers into the default (NULL) library context */ + OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy"); + if (legacy == NULL) { + printf("Failed to load Legacy provider\n"); + exit(EXIT_FAILURE); + } + OSSL_PROVIDER *deflt = OSSL_PROVIDER_load(NULL, "default"); + if (deflt == NULL) { + printf("Failed to load Default provider\n"); + OSSL_PROVIDER_unload(legacy); + exit(EXIT_FAILURE); + } +#endif + // seed the RNG if it's not seeded yet if (RAND_status() == 0) { qsrand(time(NULL));
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor