Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
emulab-devel
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
143
Issues
143
List
Boards
Labels
Service Desk
Milestones
Merge Requests
6
Merge Requests
6
Operations
Operations
Incidents
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
emulab
emulab-devel
Commits
080bf584
Commit
080bf584
authored
Jun 29, 2018
by
David Johnson
1
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'openssl-1-1-0' into 'master'
Merge clientside openssl-1-1-0 branch See merge request
!40
parents
30534012
1c7eceac
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
171 additions
and
43 deletions
+171
-43
clientside/lib/event/event.c
clientside/lib/event/event.c
+103
-25
clientside/lib/tmcd/ssl.c
clientside/lib/tmcd/ssl.c
+4
-0
clientside/os/imagezip/checksum.c
clientside/os/imagezip/checksum.c
+18
-5
clientside/os/imagezip/imageunzip.c
clientside/os/imagezip/imageunzip.c
+14
-6
clientside/os/imagezip/imagezip.c
clientside/os/imagezip/imagezip.c
+32
-7
No files found.
clientside/lib/event/event.c
View file @
080bf584
...
...
@@ -1701,7 +1701,7 @@ int
event_notification_insert_hmac
(
event_handle_t
handle
,
event_notification_t
notification
)
{
HMAC_CTX
ctx
;
HMAC_CTX
*
ctxp
;
unsigned
char
mac
[
EVP_MAX_MD_SIZE
];
unsigned
int
len
=
EVP_MAX_MD_SIZE
;
...
...
@@ -1720,22 +1720,42 @@ event_notification_insert_hmac(event_handle_t handle,
pubsub_notification_remove
(
notification
->
pubsub_notification
,
"___elvin_ordered___"
,
&
handle
->
status
);
memset
(
&
ctx
,
0
,
sizeof
(
ctx
));
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
ctxp
=
HMAC_CTX_new
();
if
(
!
ctxp
)
{
ERROR
(
"HMAC_CTX_new failed to alloc ctx
\n
"
);
return
1
;
}
HMAC_Init_ex
(
ctxp
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
(),
NULL
);
#else
HMAC_CTX
ctx
;
ctxp
=
&
ctx
;
memset
(
ctxp
,
0
,
sizeof
(
ctx
));
#if (OPENSSL_VERSION_NUMBER < 0x0090703f)
HMAC_Init
(
&
ctx
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
());
HMAC_Init
(
ctxp
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
());
#else
HMAC_CTX_init
(
&
ctx
);
HMAC_Init_ex
(
&
ctx
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
(),
NULL
);
HMAC_CTX_init
(
ctxp
);
HMAC_Init_ex
(
ctxp
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
(),
NULL
);
#endif
#endif
if
(
!
pubsub_notification_traverse
(
notification
->
pubsub_notification
,
hmac_traverse
,
&
ctx
,
&
handle
->
status
))
{
ctxp
,
&
handle
->
status
))
{
ERROR
(
"event_notification_insert_hmac failed: hmac_traverse
\n
"
);
HMAC_cleanup
(
&
ctx
);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free
(
ctxp
);
#else
HMAC_cleanup
(
ctxp
);
#endif
return
1
;
}
HMAC_Final
(
&
ctx
,
mac
,
&
len
);
HMAC_cleanup
(
&
ctx
);
HMAC_Final
(
ctxp
,
mac
,
&
len
);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free
(
ctxp
);
#else
HMAC_cleanup
(
ctxp
);
#endif
ctxp
=
NULL
;
if
(
0
)
{
hmac_dump
(
"event_notification_insert_hmac"
,
mac
,
len
);
...
...
@@ -1833,7 +1853,10 @@ static int
event_notification_check_hmac
(
event_handle_t
handle
,
event_notification_t
notification
)
{
HMAC_CTX
ctx
;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
HMAC_CTX
ctx
;
#endif
HMAC_CTX
*
ctxp
=
NULL
;
unsigned
char
srcmac
[
EVP_MAX_MD_SIZE
],
mac
[
EVP_MAX_MD_SIZE
];
char
*
pmac
;
unsigned
int
srclen
,
len
=
EVP_MAX_MD_SIZE
;
...
...
@@ -1842,6 +1865,11 @@ event_notification_check_hmac(event_handle_t handle,
#ifdef ELVIN_COMPAT
struct
elvin_hashtable
*
hashtable
;
#endif
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
ctxp
=
&
ctx
;
#endif
if
(
0
)
INFO
(
"event_notification_check_hmac (key): %s
\n
"
,
handle
->
keydata
);
...
...
@@ -1900,18 +1928,32 @@ event_notification_check_hmac(event_handle_t handle,
* order, and uses __hmac__ to compare against.
*/
if
(
!
elvin_ordered
)
{
memset
(
&
ctx
,
0
,
sizeof
(
ctx
));
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
ctxp
=
HMAC_CTX_new
();
if
(
!
ctxp
)
{
ERROR
(
"HMAC_CTX_new failed to alloc ctx
\n
"
);
return
1
;
}
HMAC_Init_ex
(
ctxp
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
(),
NULL
);
#else
memset
(
ctxp
,
0
,
sizeof
(
ctx
));
#if (OPENSSL_VERSION_NUMBER < 0x0090703f)
HMAC_Init
(
&
ctx
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
());
HMAC_Init
(
ctxp
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
());
#else
HMAC_CTX_init
(
&
ctx
);
HMAC_Init_ex
(
&
ctx
,
handle
->
keydata
,
handle
->
keylen
,
HMAC_CTX_init
(
ctxp
);
HMAC_Init_ex
(
ctxp
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
(),
NULL
);
#endif
#endif
hashtable
=
elvin_hashtable_alloc
(
0
,
&
handle
->
status
);
if
(
hashtable
==
NULL
)
{
ERROR
(
"event_notification_check_hmac failed: "
"hashtable alloc
\n
"
);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free
(
ctxp
);
#else
HMAC_cleanup
(
ctxp
);
#endif
return
-
1
;
}
if
(
!
pubsub_notification_traverse
(
pubsub_notification
,
...
...
@@ -1921,18 +1963,32 @@ event_notification_check_hmac(event_handle_t handle,
ERROR
(
"event_notification_check_hmac failed: "
"hmac_fill_hash
\n
"
);
elvin_hashtable_free
(
hashtable
);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free
(
ctxp
);
#else
HMAC_cleanup
(
ctxp
);
#endif
return
-
1
;
}
if
(
!
elvin_hashtable_traverse
(
hashtable
,
hmac_traverse
,
&
ctx
,
&
handle
->
status
))
{
ctxp
,
&
handle
->
status
))
{
ERROR
(
"event_notification_check_hmac failed: "
"notify_traverse
\n
"
);
elvin_hashtable_free
(
hashtable
);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free
(
ctxp
);
#else
HMAC_cleanup
(
ctxp
);
#endif
return
-
1
;
}
elvin_hashtable_free
(
hashtable
);
HMAC_Final
(
&
ctx
,
mac
,
&
len
);
HMAC_cleanup
(
&
ctx
);
HMAC_Final
(
ctxp
,
mac
,
&
len
);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_reset
(
ctxp
);
#else
HMAC_cleanup
(
ctxp
);
#endif
if
(
0
)
{
hmac_dump
(
"event_notification_check_hmac (elvin)"
,
...
...
@@ -1945,22 +2001,44 @@ event_notification_check_hmac(event_handle_t handle,
/*
* Do a normal HMAC check.
*/
memset
(
&
ctx
,
0
,
sizeof
(
ctx
));
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
if
(
!
ctxp
)
{
ctxp
=
HMAC_CTX_new
();
if
(
!
ctxp
)
{
ERROR
(
"HMAC_CTX_new failed to alloc ctx
\n
"
);
return
1
;
}
}
else
{
HMAC_CTX_reset
(
ctxp
);
}
HMAC_Init_ex
(
ctxp
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
(),
NULL
);
#else
memset
(
ctxp
,
0
,
sizeof
(
ctx
));
#if (OPENSSL_VERSION_NUMBER < 0x0090703f)
HMAC_Init
(
&
ctx
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
());
HMAC_Init
(
ctxp
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
());
#else
HMAC_CTX_init
(
&
ctx
);
HMAC_Init_ex
(
&
ctx
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
(),
NULL
);
HMAC_CTX_init
(
ctxp
);
HMAC_Init_ex
(
ctxp
,
handle
->
keydata
,
handle
->
keylen
,
EVP_sha1
(),
NULL
);
#endif
#endif
if
(
!
pubsub_notification_traverse
(
pubsub_notification
,
hmac_traverse
,
&
ctx
,
&
handle
->
status
))
{
HMAC_cleanup
(
&
ctx
);
ctxp
,
&
handle
->
status
))
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free
(
ctxp
);
#else
HMAC_cleanup
(
ctxp
);
#endif
return
-
1
;
}
HMAC_Final
(
&
ctx
,
mac
,
&
len
);
HMAC_cleanup
(
&
ctx
);
HMAC_Final
(
ctxp
,
mac
,
&
len
);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free
(
ctxp
);
#else
HMAC_cleanup
(
ctxp
);
#endif
if
(
0
)
{
hmac_dump
(
"event_notification_check_hmac (plain)"
,
mac
,
len
);
...
...
clientside/lib/tmcd/ssl.c
View file @
080bf584
...
...
@@ -750,8 +750,12 @@ convpubkey(struct pubkeydata *k)
BN_bin2bn
(
k
->
modulus
,
k
->
keylength
,
mod
);
BN_bin2bn
(
k
->
exponent
,
k
->
expsize
,
exp
);
/* set up the RSA public key structure */
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
RSA_set0_key
(
rsa
,
mod
,
exp
,
NULL
);
#else
rsa
->
n
=
mod
;
rsa
->
e
=
exp
;
#endif
return
rsa
;
}
...
...
clientside/os/imagezip/checksum.c
View file @
080bf584
...
...
@@ -71,6 +71,8 @@ init_checksum(char *keyfile)
{
char
str
[
1024
];
FILE
*
file
;
BIGNUM
*
n
,
*
e
,
*
dmp1
,
*
dmq1
,
*
iqmp
;
n
=
e
=
dmp1
=
dmq1
=
iqmp
=
NULL
;
if
(
keyfile
==
NULL
||
(
file
=
fopen
(
keyfile
,
"r"
))
==
NULL
)
{
fprintf
(
stderr
,
"%s: cannot open keyfile
\n
"
,
keyfile
);
...
...
@@ -81,22 +83,33 @@ init_checksum(char *keyfile)
return
0
;
}
if
(
fscanf
(
file
,
"%1024s"
,
str
)
!=
1
)
goto
bad
;
BN_hex2bn
(
&
signature_key
->
n
,
str
);
BN_hex2bn
(
&
n
,
str
);
if
(
fscanf
(
file
,
"%1024s"
,
str
)
!=
1
)
goto
bad
;
BN_hex2bn
(
&
signature_key
->
e
,
str
);
BN_hex2bn
(
&
e
,
str
);
if
(
fscanf
(
file
,
"%1024s"
,
str
)
!=
1
)
goto
bad
;
BN_hex2bn
(
&
signature_key
->
dmp1
,
str
);
BN_hex2bn
(
&
dmp1
,
str
);
if
(
fscanf
(
file
,
"%1024s"
,
str
)
!=
1
)
goto
bad
;
BN_hex2bn
(
&
signature_key
->
dmq1
,
str
);
BN_hex2bn
(
&
dmq1
,
str
);
if
(
fscanf
(
file
,
"%1024s"
,
str
)
!=
1
)
goto
bad
;
BN_hex2bn
(
&
signature_key
->
iqmp
,
str
);
BN_hex2bn
(
&
iqmp
,
str
);
fclose
(
file
);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
RSA_set0_key
(
signature_key
,
n
,
e
,
NULL
);
RSA_set0_crt_params
(
signature_key
,
dmp1
,
dmq1
,
iqmp
);
#else
signature_key
->
n
=
n
;
signature_key
->
e
=
e
;
signature_key
->
dmp1
=
dmp1
;
signature_key
->
dmq1
=
dmq1
;
signature_key
->
iqmp
=
iqmp
;
#endif
return
1
;
bad:
...
...
clientside/os/imagezip/imageunzip.c
View file @
080bf584
...
...
@@ -1396,21 +1396,29 @@ decrypt_buffer(unsigned char *dest, const unsigned char *source,
int
update_count
=
0
;
int
final_count
=
0
;
int
error
=
0
;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
EVP_CIPHER_CTX
context
;
#endif
EVP_CIPHER_CTX
*
contextp
;
EVP_CIPHER
const
*
ecipher
;
EVP_CIPHER_CTX_init
(
&
context
);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
contextp
=
EVP_CIPHER_CTX_new
();
#else
contextp
=
&
context
;
EVP_CIPHER_CTX_init
(
contextp
);
#endif
ecipher
=
EVP_bf_cbc
();
EVP_DecryptInit
(
&
context
,
ecipher
,
NULL
,
header
->
enc_iv
);
EVP_CIPHER_CTX_set_key_length
(
&
context
,
ENC_MAX_KEYLEN
);
EVP_DecryptInit
(
&
context
,
NULL
,
encryption_key
,
NULL
);
EVP_DecryptInit
(
contextp
,
ecipher
,
NULL
,
header
->
enc_iv
);
EVP_CIPHER_CTX_set_key_length
(
contextp
,
ENC_MAX_KEYLEN
);
EVP_DecryptInit
(
contextp
,
NULL
,
encryption_key
,
NULL
);
/* decrypt */
EVP_DecryptUpdate
(
&
context
,
dest
,
&
update_count
,
source
,
header
->
size
);
EVP_DecryptUpdate
(
contextp
,
dest
,
&
update_count
,
source
,
header
->
size
);
/* cleanup */
error
=
EVP_DecryptFinal
(
&
context
,
dest
+
update_count
,
&
final_count
);
error
=
EVP_DecryptFinal
(
contextp
,
dest
+
update_count
,
&
final_count
);
if
(
!
error
)
{
char
keystr
[
ENC_MAX_KEYLEN
*
2
+
1
];
fprintf
(
stderr
,
"Padding was incorrect.
\n
"
);
...
...
clientside/os/imagezip/imagezip.c
View file @
080bf584
...
...
@@ -3215,6 +3215,21 @@ output_public_key(char *imagename, RSA *key)
fprintf
(
stderr
,
"Cannot create keyfile %s
\n
"
,
fname
);
exit
(
1
);
}
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
const
BIGNUM
*
n
=
NULL
,
*
e
=
NULL
;
const
BIGNUM
*
dmp1
=
NULL
,
*
dmq1
=
NULL
,
*
iqmp
=
NULL
;
RSA_get0_key
(
key
,
&
n
,
&
e
,
NULL
);
BN_print_fp
(
file
,
n
);
fprintf
(
file
,
"
\n
"
);
BN_print_fp
(
file
,
e
);
fprintf
(
file
,
"
\n
"
);
BN_print_fp
(
file
,
dmp1
);
fprintf
(
file
,
"
\n
"
);
BN_print_fp
(
file
,
dmq1
);
fprintf
(
file
,
"
\n
"
);
BN_print_fp
(
file
,
iqmp
);
fprintf
(
file
,
"
\n
"
);
#else
BN_print_fp
(
file
,
key
->
n
);
fprintf
(
file
,
"
\n
"
);
BN_print_fp
(
file
,
key
->
e
);
...
...
@@ -3225,6 +3240,7 @@ output_public_key(char *imagename, RSA *key)
fprintf
(
file
,
"
\n
"
);
BN_print_fp
(
file
,
key
->
iqmp
);
fprintf
(
file
,
"
\n
"
);
#endif
fclose
(
file
);
fprintf
(
stderr
,
"Signing pubkey written to %s
\n
"
,
fname
);
...
...
@@ -3305,7 +3321,12 @@ checksum_finish(blockhdr_t *hdr)
/*
* Encryption functions
*/
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
static
EVP_CIPHER_CTX
*
cipher_ctxp
;
#else
static
EVP_CIPHER_CTX
cipher_ctx
;
static
EVP_CIPHER_CTX
*
cipher_ctxp
=
&
cipher_ctx
;
#endif
static
const
EVP_CIPHER
*
ecipher
;
/* XXX: the size of the IV may have to change with different ciphers */
static
uint8_t
iv
[
ENC_MAX_KEYLEN
];
...
...
@@ -3325,7 +3346,11 @@ encrypt_start(blockhdr_t *hdr)
/*
* Pick our cipher - currently, only Blowfish in CBC mode is supported
*/
EVP_CIPHER_CTX_init
(
&
cipher_ctx
);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
cipher_ctxp
=
EVP_CIPHER_CTX_new
();
#else
EVP_CIPHER_CTX_init
(
cipher_ctxp
);
#endif
ecipher
=
EVP_bf_cbc
();
/*
...
...
@@ -3367,13 +3392,13 @@ encrypt_start(blockhdr_t *hdr)
/*
* Set the cipher and IV
*/
EVP_EncryptInit
(
&
cipher_ctx
,
ecipher
,
NULL
,
iv
);
EVP_EncryptInit
(
cipher_ctxp
,
ecipher
,
NULL
,
iv
);
/*
* Bump up the key length and set the key
*/
EVP_CIPHER_CTX_set_key_length
(
&
cipher_ctx
,
ENC_MAX_KEYLEN
);
EVP_EncryptInit
(
&
cipher_ctx
,
NULL
,
enc_key
,
NULL
);
EVP_CIPHER_CTX_set_key_length
(
cipher_ctxp
,
ENC_MAX_KEYLEN
);
EVP_EncryptInit
(
cipher_ctxp
,
NULL
,
enc_key
,
NULL
);
/*
* Copy the IV into the header
...
...
@@ -3393,9 +3418,9 @@ encrypt_chunk(uint8_t *buf, off_t size, off_t maxsize)
int
encrypted_this_round
=
0
;
/* man page says encrypted output could be this large */
assert
(
size
+
EVP_CIPHER_CTX_block_size
(
&
cipher_ctx
)
-
1
<=
maxsize
);
assert
(
size
+
EVP_CIPHER_CTX_block_size
(
cipher_ctxp
)
-
1
<=
maxsize
);
EVP_EncryptUpdate
(
&
cipher_ctx
,
ebuffer_current
,
&
encrypted_this_round
,
EVP_EncryptUpdate
(
cipher_ctxp
,
ebuffer_current
,
&
encrypted_this_round
,
buf
,
size
);
encrypted_bytes
+=
encrypted_this_round
;
ebuffer_current
=
encryption_buffer
+
encrypted_bytes
;
...
...
@@ -3406,7 +3431,7 @@ encrypt_finish(blockhdr_t *hdr, uint8_t *outbuf, uint32_t *out_size)
{
int
encrypted_this_round
=
0
;
EVP_EncryptFinal
(
&
cipher_ctx
,
ebuffer_current
,
&
encrypted_this_round
);
EVP_EncryptFinal
(
cipher_ctxp
,
ebuffer_current
,
&
encrypted_this_round
);
encrypted_bytes
+=
encrypted_this_round
;
/*
...
...
David Johnson
@johnsond
mentioned in commit
254aed8d
·
Jul 16, 2018
mentioned in commit
254aed8d
mentioned in commit 254aed8d9609467c47d69788cc222c74709e80d5
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment