File Support-OpenSSL-1.1.0.patch of Package kvirc

Overview Repositories Revisions Requests Users Attributes Meta

File Support-OpenSSL-1.1.0.patch of Package kvirc

From ed2a156892c5ce9a1ab54c50031ba59a9a34485f Mon Sep 17 00:00:00 2001
From: Vladimir Panteleev <github.private@thecybershadow.net>
Date: Mon, 11 Dec 2017 04:06:41 -0600
Subject: [PATCH] Support OpenSSL 1.1.0 (#2223)

Fixes #2151.
---
 src/kvilib/net/KviSSL.cpp       | 51 +++++++++++++++++++++++++++++++++--------
 src/modules/file/libkvifile.cpp | 18 ++++++++++-----
 src/modules/fish/libkvifish.cpp | 17 ++++++++++----
 src/modules/str/libkvistr.cpp   | 41 +++++++++++++++++++++------------
 4 files changed, 92 insertions(+), 35 deletions(-)

diff --git a/src/kvilib/net/KviSSL.cpp b/src/kvilib/net/KviSSL.cpp
index c063f53ea..c310d5427 100644
--- a/src/kvilib/net/KviSSL.cpp
+++ b/src/kvilib/net/KviSSL.cpp
@@ -175,6 +175,7 @@ static DH * my_get_dh(int keylength)
 	unsigned char * g = 0;
 	int sp = 0;
 	int sg = 0;
+	BIGNUM *bp, *bg;
 	switch(keylength)
 	{
 		case 512:
@@ -215,13 +216,21 @@ static DH * my_get_dh(int keylength)
 	if(dh)return dh;
 	dh = DH_new();
 	if(!dh)return 0;
-	dh->p=BN_bin2bn(p,sp,0);
-	dh->g=BN_bin2bn(g,sg,0);
-	if((dh->p == 0) || (dh->g == 0))
+	bp = BN_bin2bn(p, sp, 0);
+	bg = BN_bin2bn(g, sg, 0);
+	if((p == 0) || (g == 0))
 	{
+		BN_free(bp);
+		BN_free(bg);
 		DH_free(dh);
 		return 0;
 	}
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+	DH_set0_pqg(dh, bp, 0, bg);
+#else
+	dh->p = bp;
+	dh->g = bg;
+#endif
 	return dh;
 }
 
@@ -641,7 +650,14 @@ int KviSSLCertificate::fingerprintDigestId()
 	if(!m_pX509)
 		return -1;
 	
-	int NID = OBJ_obj2nid(m_pX509->sig_alg->algorithm);
+	const X509_ALGOR *alg;
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+	X509_get0_signature(0, &alg, m_pX509);
+#else
+	alg = m_pX509->sig_alg;
+#endif
+
+	int NID = OBJ_obj2nid(alg->algorithm);
 	if (NID == NID_undef) 
 	{
 		// unknow digest function: it means the signature can't be verified: the certificate can't be trusted
@@ -657,7 +673,7 @@ int KviSSLCertificate::fingerprintDigestId()
 		return 0;
 	}
 	
-	return mdType->type;
+	return EVP_MD_type(mdType);
 }
 
 const char * KviSSLCertificate::fingerprintDigestStr()
@@ -793,8 +809,14 @@ void KviSSLCertificate::extractPubKeyInfo()
 	EVP_PKEY *p = X509_get_pubkey(m_pX509);
 	if(p)
 	{
+		int type;
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+		type = EVP_PKEY_base_id(p);
+#else
+		type = EVP_PKEY_type(p->type);
+#endif
 		m_iPubKeyBits = EVP_PKEY_bits(p);
-		m_szPubKeyType = (p->type == NID_undef) ? __tr("Unknown") : OBJ_nid2ln(p->type);
+		m_szPubKeyType = (type == NID_undef) ? __tr("Unknown") : OBJ_nid2ln(type);
 //		getPKeyType(p->type,m_szPubKeyType);
 	} else {
 		m_iPubKeyBits = 0;
@@ -816,16 +838,25 @@ void KviSSLCertificate::extractSignature()
 
 	//getPKeyType(X509_get_signature_type(m_pX509),m_szSignatureType);
 
-	int i = OBJ_obj2nid(m_pX509->sig_alg->algorithm);
+	const ASN1_BIT_STRING *sig;
+	const X509_ALGOR *alg;
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+	X509_get0_signature(&sig, &alg, m_pX509);
+#else
+	sig = m_pX509->signature;
+	alg = m_pX509->sig_alg;
+#endif
+
+	int i = OBJ_obj2nid(alg->algorithm);
 	m_szSignatureType = (i == NID_undef) ? __tr("Unknown") : OBJ_nid2ln(i);
 
 	m_szSignatureContents = "";
 
-	for(i = 0;i < m_pX509->signature->length;i++)
+	for(i = 0; i < sig->length; i++)
 	{
 		if(m_szSignatureContents.hasData())m_szSignatureContents.append(":");
-		m_szSignatureContents.append(hexdigits[(m_pX509->signature->data[i] & 0xf0) >> 4]);
-		m_szSignatureContents.append(hexdigits[(m_pX509->signature->data[i] & 0x0f)]);
+		m_szSignatureContents.append(hexdigits[(sig->data[i] & 0xf0) >> 4]);
+		m_szSignatureContents.append(hexdigits[(sig->data[i] & 0x0f)]);
 	}
 }
 
diff --git a/src/modules/file/libkvifile.cpp b/src/modules/file/libkvifile.cpp
index 5dac7ba0f..9025ad33d 100644
--- a/src/modules/file/libkvifile.cpp
+++ b/src/modules/file/libkvifile.cpp
@@ -48,6 +48,12 @@
 
 #if defined(COMPILE_SSL_SUPPORT)
 	#include <openssl/evp.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
 #else
 	// The fallback we can always use, but with very limited set of
 	// functionality.
@@ -1463,7 +1469,7 @@ static bool file_kvs_fnc_digest(KviKvsModuleFunctionCall * c)
 	if(szAlgo.isEmpty())
 		szAlgo = "md5";
 
-	EVP_MD_CTX mdctx;
+	EVP_MD_CTX *mdctx;
 	const EVP_MD * pMD;
 	unsigned char ucMDValue[EVP_MAX_MD_SIZE];
 	unsigned int uMDLen, u;
@@ -1477,11 +1483,11 @@ static bool file_kvs_fnc_digest(KviKvsModuleFunctionCall * c)
 		return true;
 	}
 
-	EVP_MD_CTX_init(&mdctx);
-	EVP_DigestInit_ex(&mdctx, pMD, NULL);
-	EVP_DigestUpdate(&mdctx, content.constData(), content.size());
-	EVP_DigestFinal_ex(&mdctx, ucMDValue, &uMDLen);
-	EVP_MD_CTX_cleanup(&mdctx);
+	mdctx = EVP_MD_CTX_new();
+	EVP_DigestInit_ex(mdctx, pMD, NULL);
+	EVP_DigestUpdate(mdctx, content.constData(), content.size());
+	EVP_DigestFinal_ex(mdctx, ucMDValue, &uMDLen);
+	EVP_MD_CTX_free(mdctx);
 
 	for(u = 0; u < uMDLen; u++)
 	{
diff --git a/src/modules/fish/libkvifish.cpp b/src/modules/fish/libkvifish.cpp
index 437b6c6e6..5d17ec994 100644
--- a/src/modules/fish/libkvifish.cpp
+++ b/src/modules/fish/libkvifish.cpp
@@ -81,25 +81,34 @@ static bool fish_DH1080_gen(unsigned char ** szPubKey, int * iLen)
 		if(!g_fish_dh)
 		{
 			BIGNUM * dhp = BN_new();
-			BN_init(dhp);
 			if(!BN_hex2bn(&dhp,g_fish_prime1080_hex))
 				return false;
 
 			BIGNUM * dhg = BN_new();
-			BN_init(dhg);
 			if(!BN_hex2bn(&dhg,g_fish_generator))
 				return false;
 
 			g_fish_dh = DH_new();
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+			DH_set0_pqg(g_fish_dh, dhp, NULL, dhg);
+#else
 			g_fish_dh->p = dhp;
 			g_fish_dh->g = dhg;
+#endif
 
 			DH_generate_key(g_fish_dh);
 		}
 
-		*iLen = BN_num_bytes(g_fish_dh->pub_key);
+		const BIGNUM* pub_key;
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+		DH_get0_key(g_fish_dh, &pub_key, NULL);
+#else
+		pub_key = g_fish_dh->pub_key;
+#endif
+
+		*iLen = BN_num_bytes(pub_key);
 		*szPubKey = (unsigned char *) KviMemory::allocate(*iLen);
-		BN_bn2bin(g_fish_dh->pub_key, *szPubKey);
+		BN_bn2bin(pub_key, *szPubKey);
 
 		return true;
 	#else
diff --git a/src/modules/str/libkvistr.cpp b/src/modules/str/libkvistr.cpp
index c695be123..01ba732ca 100644
--- a/src/modules/str/libkvistr.cpp
+++ b/src/modules/str/libkvistr.cpp
@@ -43,6 +43,12 @@
 	#include <KviSSL.h>
 	#include <openssl/evp.h>
 	#include <openssl/pem.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
 #else
 	// The fallback we can always use, but with very limited set of
 	// functionality.
@@ -1371,7 +1377,7 @@ static bool str_kvs_fnc_digest(KviKvsModuleFunctionCall * c)
 #if defined(COMPILE_SSL_SUPPORT)
 	if(szType.isEmpty()) szType = "md5";
 
-	EVP_MD_CTX mdctx;
+	EVP_MD_CTX *mdctx;
 	const EVP_MD *md;
 	unsigned char md_value[EVP_MAX_MD_SIZE];
 	unsigned int md_len, i;
@@ -1385,11 +1491,11 @@ static bool str_kvs_fnc_digest(KviKvsModuleFunctionCall * c)
 		return true;
 	}
 
-	EVP_MD_CTX_init(&mdctx);
-	EVP_DigestInit_ex(&mdctx, md, NULL);
-	EVP_DigestUpdate(&mdctx, szString.toUtf8().data(), szString.toUtf8().length());
-	EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
-	EVP_MD_CTX_cleanup(&mdctx);
+	mdctx = EVP_MD_CTX_new();
+	EVP_DigestInit_ex(mdctx, md, NULL);
+	EVP_DigestUpdate(mdctx, szString.toUtf8().data(), szString.toUtf8().length());
+	EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+	EVP_MD_CTX_free(mdctx);
 
 	for(i = 0; i < md_len; i++)
 	{
@@ -2184,10 +2190,11 @@ static bool str_kvs_fnc_evpSign(KviKvsModuleFunctionCall * c)
 #if defined(COMPILE_SSL_SUPPORT)
 
 	KviSSL::globalSSLInit();
-	EVP_MD_CTX md_ctx;
+	EVP_MD_CTX *md_ctx;
 	EVP_PKEY * pKey = 0;
 	unsigned int len = 0;
 	unsigned char *sig = 0;
+	int err;
 
 	if(szCert.isEmpty())
 	{
@@ -2236,9 +2243,12 @@ static bool str_kvs_fnc_evpSign(KviKvsModuleFunctionCall * c)
 	len = EVP_PKEY_size(pKey);
 	sig = (unsigned char*)KviMemory::allocate(len*sizeof(char));
 
-	EVP_SignInit(&md_ctx, EVP_sha1());
-	EVP_SignUpdate(&md_ctx, (unsigned char *)szMessage.data(), szMessage.length());
-	if (EVP_SignFinal (&md_ctx, sig, &len, pKey))
+	md_ctx = EVP_MD_CTX_new();
+	EVP_SignInit(md_ctx, EVP_sha1());
+	EVP_SignUpdate(md_ctx, (unsigned char *)szMessage.data(), szMessage.length());
+	err = EVP_SignFinal(md_ctx, sig, &len, pKey);
+	EVP_MD_CTX_free(md_ctx);
+	if(err)
 	{
 		QByteArray szSign((const char *)sig, len);
 		OPENSSL_free(sig);
@@ -2319,7 +2329,7 @@ static bool str_kvs_fnc_evpVerify(KviKvsModuleFunctionCall * c)
 	szSign = QByteArray::fromBase64(szSignB64);
 	const char * message = szMessage.data();
 
-	EVP_MD_CTX md_ctx;
+	EVP_MD_CTX* md_ctx;
 	EVP_PKEY *pKey = 0;
 	X509 *cert = 0;
 	int err = -1;
@@ -2382,10 +2392,11 @@ static bool str_kvs_fnc_evpVerify(KviKvsModuleFunctionCall * c)
 		}
 	}
 
-	EVP_VerifyInit(&md_ctx, EVP_sha1());
-	EVP_VerifyUpdate(&md_ctx, message, strlen(message));
-	err = EVP_VerifyFinal(&md_ctx, (unsigned char*)szSign.data(), szSign.size(), pKey);
-	EVP_MD_CTX_cleanup(&md_ctx);
+	md_ctx = EVP_MD_CTX_new();
+	EVP_VerifyInit(md_ctx, EVP_sha1());
+	EVP_VerifyUpdate(md_ctx, message, strlen(message));
+	err = EVP_VerifyFinal(md_ctx, (unsigned char *)szSign.data(), szSign.size(), pKey);
+	EVP_MD_CTX_free(md_ctx);
 	EVP_PKEY_free(pKey);
 	switch(err)
 	{

Places

File Support-OpenSSL-1.1.0.patch of Package kvirc

Places