Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:wolfi323:branches:KDE:Qt
kvirc
Support-OpenSSL-1.1.0.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Support-OpenSSL-1.1.0.patch of Package kvirc
From ed2a156892c5ce9a1ab54c50031ba59a9a34485f Mon Sep 17 00:00:00 2001 From: Vladimir Panteleev <github.private@thecybershadow.net> Date: Mon, 11 Dec 2017 04:06:41 -0600 Subject: [PATCH] Support OpenSSL 1.1.0 (#2223) Fixes #2151. --- src/kvilib/net/KviSSL.cpp | 51 +++++++++++++++++++++++++++++++++-------- src/modules/file/libkvifile.cpp | 18 ++++++++++----- src/modules/fish/libkvifish.cpp | 17 ++++++++++---- src/modules/str/libkvistr.cpp | 41 +++++++++++++++++++++------------ 4 files changed, 92 insertions(+), 35 deletions(-) diff --git a/src/kvilib/net/KviSSL.cpp b/src/kvilib/net/KviSSL.cpp index c063f53ea..c310d5427 100644 --- a/src/kvilib/net/KviSSL.cpp +++ b/src/kvilib/net/KviSSL.cpp @@ -175,6 +175,7 @@ static DH * my_get_dh(int keylength) unsigned char * g = 0; int sp = 0; int sg = 0; + BIGNUM *bp, *bg; switch(keylength) { case 512: @@ -215,13 +216,21 @@ static DH * my_get_dh(int keylength) if(dh)return dh; dh = DH_new(); if(!dh)return 0; - dh->p=BN_bin2bn(p,sp,0); - dh->g=BN_bin2bn(g,sg,0); - if((dh->p == 0) || (dh->g == 0)) + bp = BN_bin2bn(p, sp, 0); + bg = BN_bin2bn(g, sg, 0); + if((p == 0) || (g == 0)) { + BN_free(bp); + BN_free(bg); DH_free(dh); return 0; } +#if OPENSSL_VERSION_NUMBER >= 0x10100005L + DH_set0_pqg(dh, bp, 0, bg); +#else + dh->p = bp; + dh->g = bg; +#endif return dh; } @@ -641,7 +650,14 @@ int KviSSLCertificate::fingerprintDigestId() if(!m_pX509) return -1; - int NID = OBJ_obj2nid(m_pX509->sig_alg->algorithm); + const X509_ALGOR *alg; +#if OPENSSL_VERSION_NUMBER >= 0x10100005L + X509_get0_signature(0, &alg, m_pX509); +#else + alg = m_pX509->sig_alg; +#endif + + int NID = OBJ_obj2nid(alg->algorithm); if (NID == NID_undef) { // unknow digest function: it means the signature can't be verified: the certificate can't be trusted @@ -657,7 +673,7 @@ int KviSSLCertificate::fingerprintDigestId() return 0; } - return mdType->type; + return EVP_MD_type(mdType); } const char * KviSSLCertificate::fingerprintDigestStr() @@ -793,8 +809,14 @@ void KviSSLCertificate::extractPubKeyInfo() EVP_PKEY *p = X509_get_pubkey(m_pX509); if(p) { + int type; +#if OPENSSL_VERSION_NUMBER >= 0x10100005L + type = EVP_PKEY_base_id(p); +#else + type = EVP_PKEY_type(p->type); +#endif m_iPubKeyBits = EVP_PKEY_bits(p); - m_szPubKeyType = (p->type == NID_undef) ? __tr("Unknown") : OBJ_nid2ln(p->type); + m_szPubKeyType = (type == NID_undef) ? __tr("Unknown") : OBJ_nid2ln(type); // getPKeyType(p->type,m_szPubKeyType); } else { m_iPubKeyBits = 0; @@ -816,16 +838,25 @@ void KviSSLCertificate::extractSignature() //getPKeyType(X509_get_signature_type(m_pX509),m_szSignatureType); - int i = OBJ_obj2nid(m_pX509->sig_alg->algorithm); + const ASN1_BIT_STRING *sig; + const X509_ALGOR *alg; +#if OPENSSL_VERSION_NUMBER >= 0x10100005L + X509_get0_signature(&sig, &alg, m_pX509); +#else + sig = m_pX509->signature; + alg = m_pX509->sig_alg; +#endif + + int i = OBJ_obj2nid(alg->algorithm); m_szSignatureType = (i == NID_undef) ? __tr("Unknown") : OBJ_nid2ln(i); m_szSignatureContents = ""; - for(i = 0;i < m_pX509->signature->length;i++) + for(i = 0; i < sig->length; i++) { if(m_szSignatureContents.hasData())m_szSignatureContents.append(":"); - m_szSignatureContents.append(hexdigits[(m_pX509->signature->data[i] & 0xf0) >> 4]); - m_szSignatureContents.append(hexdigits[(m_pX509->signature->data[i] & 0x0f)]); + m_szSignatureContents.append(hexdigits[(sig->data[i] & 0xf0) >> 4]); + m_szSignatureContents.append(hexdigits[(sig->data[i] & 0x0f)]); } } diff --git a/src/modules/file/libkvifile.cpp b/src/modules/file/libkvifile.cpp index 5dac7ba0f..9025ad33d 100644 --- a/src/modules/file/libkvifile.cpp +++ b/src/modules/file/libkvifile.cpp @@ -48,6 +48,12 @@ #if defined(COMPILE_SSL_SUPPORT) #include <openssl/evp.h> + +#if OPENSSL_VERSION_NUMBER < 0x10100005L +#define EVP_MD_CTX_new EVP_MD_CTX_create +#define EVP_MD_CTX_free EVP_MD_CTX_destroy +#endif + #else // The fallback we can always use, but with very limited set of // functionality. @@ -1463,7 +1469,7 @@ static bool file_kvs_fnc_digest(KviKvsModuleFunctionCall * c) if(szAlgo.isEmpty()) szAlgo = "md5"; - EVP_MD_CTX mdctx; + EVP_MD_CTX *mdctx; const EVP_MD * pMD; unsigned char ucMDValue[EVP_MAX_MD_SIZE]; unsigned int uMDLen, u; @@ -1477,11 +1483,11 @@ static bool file_kvs_fnc_digest(KviKvsModuleFunctionCall * c) return true; } - EVP_MD_CTX_init(&mdctx); - EVP_DigestInit_ex(&mdctx, pMD, NULL); - EVP_DigestUpdate(&mdctx, content.constData(), content.size()); - EVP_DigestFinal_ex(&mdctx, ucMDValue, &uMDLen); - EVP_MD_CTX_cleanup(&mdctx); + mdctx = EVP_MD_CTX_new(); + EVP_DigestInit_ex(mdctx, pMD, NULL); + EVP_DigestUpdate(mdctx, content.constData(), content.size()); + EVP_DigestFinal_ex(mdctx, ucMDValue, &uMDLen); + EVP_MD_CTX_free(mdctx); for(u = 0; u < uMDLen; u++) { diff --git a/src/modules/fish/libkvifish.cpp b/src/modules/fish/libkvifish.cpp index 437b6c6e6..5d17ec994 100644 --- a/src/modules/fish/libkvifish.cpp +++ b/src/modules/fish/libkvifish.cpp @@ -81,25 +81,34 @@ static bool fish_DH1080_gen(unsigned char ** szPubKey, int * iLen) if(!g_fish_dh) { BIGNUM * dhp = BN_new(); - BN_init(dhp); if(!BN_hex2bn(&dhp,g_fish_prime1080_hex)) return false; BIGNUM * dhg = BN_new(); - BN_init(dhg); if(!BN_hex2bn(&dhg,g_fish_generator)) return false; g_fish_dh = DH_new(); +#if OPENSSL_VERSION_NUMBER >= 0x10100005L + DH_set0_pqg(g_fish_dh, dhp, NULL, dhg); +#else g_fish_dh->p = dhp; g_fish_dh->g = dhg; +#endif DH_generate_key(g_fish_dh); } - *iLen = BN_num_bytes(g_fish_dh->pub_key); + const BIGNUM* pub_key; +#if OPENSSL_VERSION_NUMBER >= 0x10100005L + DH_get0_key(g_fish_dh, &pub_key, NULL); +#else + pub_key = g_fish_dh->pub_key; +#endif + + *iLen = BN_num_bytes(pub_key); *szPubKey = (unsigned char *) KviMemory::allocate(*iLen); - BN_bn2bin(g_fish_dh->pub_key, *szPubKey); + BN_bn2bin(pub_key, *szPubKey); return true; #else diff --git a/src/modules/str/libkvistr.cpp b/src/modules/str/libkvistr.cpp index c695be123..01ba732ca 100644 --- a/src/modules/str/libkvistr.cpp +++ b/src/modules/str/libkvistr.cpp @@ -43,6 +43,12 @@ #include <KviSSL.h> #include <openssl/evp.h> #include <openssl/pem.h> + +#if OPENSSL_VERSION_NUMBER < 0x10100005L +#define EVP_MD_CTX_new EVP_MD_CTX_create +#define EVP_MD_CTX_free EVP_MD_CTX_destroy +#endif + #else // The fallback we can always use, but with very limited set of // functionality. @@ -1371,7 +1377,7 @@ static bool str_kvs_fnc_digest(KviKvsModuleFunctionCall * c) #if defined(COMPILE_SSL_SUPPORT) if(szType.isEmpty()) szType = "md5"; - EVP_MD_CTX mdctx; + EVP_MD_CTX *mdctx; const EVP_MD *md; unsigned char md_value[EVP_MAX_MD_SIZE]; unsigned int md_len, i; @@ -1385,11 +1491,11 @@ static bool str_kvs_fnc_digest(KviKvsModuleFunctionCall * c) return true; } - EVP_MD_CTX_init(&mdctx); - EVP_DigestInit_ex(&mdctx, md, NULL); - EVP_DigestUpdate(&mdctx, szString.toUtf8().data(), szString.toUtf8().length()); - EVP_DigestFinal_ex(&mdctx, md_value, &md_len); - EVP_MD_CTX_cleanup(&mdctx); + mdctx = EVP_MD_CTX_new(); + EVP_DigestInit_ex(mdctx, md, NULL); + EVP_DigestUpdate(mdctx, szString.toUtf8().data(), szString.toUtf8().length()); + EVP_DigestFinal_ex(mdctx, md_value, &md_len); + EVP_MD_CTX_free(mdctx); for(i = 0; i < md_len; i++) { @@ -2184,10 +2190,11 @@ static bool str_kvs_fnc_evpSign(KviKvsModuleFunctionCall * c) #if defined(COMPILE_SSL_SUPPORT) KviSSL::globalSSLInit(); - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; EVP_PKEY * pKey = 0; unsigned int len = 0; unsigned char *sig = 0; + int err; if(szCert.isEmpty()) { @@ -2236,9 +2243,12 @@ static bool str_kvs_fnc_evpSign(KviKvsModuleFunctionCall * c) len = EVP_PKEY_size(pKey); sig = (unsigned char*)KviMemory::allocate(len*sizeof(char)); - EVP_SignInit(&md_ctx, EVP_sha1()); - EVP_SignUpdate(&md_ctx, (unsigned char *)szMessage.data(), szMessage.length()); - if (EVP_SignFinal (&md_ctx, sig, &len, pKey)) + md_ctx = EVP_MD_CTX_new(); + EVP_SignInit(md_ctx, EVP_sha1()); + EVP_SignUpdate(md_ctx, (unsigned char *)szMessage.data(), szMessage.length()); + err = EVP_SignFinal(md_ctx, sig, &len, pKey); + EVP_MD_CTX_free(md_ctx); + if(err) { QByteArray szSign((const char *)sig, len); OPENSSL_free(sig); @@ -2319,7 +2329,7 @@ static bool str_kvs_fnc_evpVerify(KviKvsModuleFunctionCall * c) szSign = QByteArray::fromBase64(szSignB64); const char * message = szMessage.data(); - EVP_MD_CTX md_ctx; + EVP_MD_CTX* md_ctx; EVP_PKEY *pKey = 0; X509 *cert = 0; int err = -1; @@ -2382,10 +2392,11 @@ static bool str_kvs_fnc_evpVerify(KviKvsModuleFunctionCall * c) } } - EVP_VerifyInit(&md_ctx, EVP_sha1()); - EVP_VerifyUpdate(&md_ctx, message, strlen(message)); - err = EVP_VerifyFinal(&md_ctx, (unsigned char*)szSign.data(), szSign.size(), pKey); - EVP_MD_CTX_cleanup(&md_ctx); + md_ctx = EVP_MD_CTX_new(); + EVP_VerifyInit(md_ctx, EVP_sha1()); + EVP_VerifyUpdate(md_ctx, message, strlen(message)); + err = EVP_VerifyFinal(md_ctx, (unsigned char *)szSign.data(), szSign.size(), pKey); + EVP_MD_CTX_free(md_ctx); EVP_PKEY_free(pKey); switch(err) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor