Commit 080bf584 authored by David Johnson's avatar David Johnson

Merge branch 'openssl-1-1-0' into 'master'

Merge clientside openssl-1-1-0 branch

See merge request !40
parents 30534012 1c7eceac
......@@ -1701,7 +1701,7 @@ int
event_notification_insert_hmac(event_handle_t handle,
event_notification_t notification)
{
HMAC_CTX ctx;
HMAC_CTX *ctxp;
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int len = EVP_MAX_MD_SIZE;
......@@ -1720,22 +1720,42 @@ event_notification_insert_hmac(event_handle_t handle,
pubsub_notification_remove(notification->pubsub_notification,
"___elvin_ordered___", &handle->status);
memset(&ctx, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
ctxp = HMAC_CTX_new();
if (!ctxp) {
ERROR("HMAC_CTX_new failed to alloc ctx\n");
return 1;
}
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#else
HMAC_CTX ctx;
ctxp = &ctx;
memset(ctxp, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER < 0x0090703f)
HMAC_Init(&ctx, handle->keydata, handle->keylen, EVP_sha1());
HMAC_Init(ctxp, handle->keydata, handle->keylen, EVP_sha1());
#else
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, handle->keydata, handle->keylen, EVP_sha1(), NULL);
HMAC_CTX_init(ctxp);
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#endif
#endif
if (!pubsub_notification_traverse(notification->pubsub_notification,
hmac_traverse,
&ctx, &handle->status)) {
ctxp, &handle->status)) {
ERROR("event_notification_insert_hmac failed: hmac_traverse\n");
HMAC_cleanup(&ctx);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return 1;
}
HMAC_Final(&ctx, mac, &len);
HMAC_cleanup(&ctx);
HMAC_Final(ctxp, mac, &len);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
ctxp = NULL;
if (0) {
hmac_dump("event_notification_insert_hmac", mac, len);
......@@ -1833,7 +1853,10 @@ static int
event_notification_check_hmac(event_handle_t handle,
event_notification_t notification)
{
HMAC_CTX ctx;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
HMAC_CTX ctx;
#endif
HMAC_CTX *ctxp = NULL;
unsigned char srcmac[EVP_MAX_MD_SIZE], mac[EVP_MAX_MD_SIZE];
char *pmac;
unsigned int srclen, len = EVP_MAX_MD_SIZE;
......@@ -1842,6 +1865,11 @@ event_notification_check_hmac(event_handle_t handle,
#ifdef ELVIN_COMPAT
struct elvin_hashtable *hashtable;
#endif
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
ctxp = &ctx;
#endif
if (0)
INFO("event_notification_check_hmac (key): %s\n",
handle->keydata);
......@@ -1900,18 +1928,32 @@ event_notification_check_hmac(event_handle_t handle,
* order, and uses __hmac__ to compare against.
*/
if (! elvin_ordered) {
memset(&ctx, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
ctxp = HMAC_CTX_new();
if (!ctxp) {
ERROR("HMAC_CTX_new failed to alloc ctx\n");
return 1;
}
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#else
memset(ctxp, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER < 0x0090703f)
HMAC_Init(&ctx, handle->keydata, handle->keylen, EVP_sha1());
HMAC_Init(ctxp, handle->keydata, handle->keylen, EVP_sha1());
#else
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, handle->keydata, handle->keylen,
HMAC_CTX_init(ctxp);
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen,
EVP_sha1(), NULL);
#endif
#endif
hashtable = elvin_hashtable_alloc(0, &handle->status);
if (hashtable == NULL) {
ERROR("event_notification_check_hmac failed: "
"hashtable alloc\n");
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return -1;
}
if (!pubsub_notification_traverse(pubsub_notification,
......@@ -1921,18 +1963,32 @@ event_notification_check_hmac(event_handle_t handle,
ERROR("event_notification_check_hmac failed: "
"hmac_fill_hash\n");
elvin_hashtable_free(hashtable);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return -1;
}
if (!elvin_hashtable_traverse(hashtable, hmac_traverse,
&ctx, &handle->status)) {
ctxp, &handle->status)) {
ERROR("event_notification_check_hmac failed: "
"notify_traverse\n");
elvin_hashtable_free(hashtable);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return -1;
}
elvin_hashtable_free(hashtable);
HMAC_Final(&ctx, mac, &len);
HMAC_cleanup(&ctx);
HMAC_Final(ctxp, mac, &len);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_reset(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
if (0) {
hmac_dump("event_notification_check_hmac (elvin)",
......@@ -1945,22 +2001,44 @@ event_notification_check_hmac(event_handle_t handle,
/*
* Do a normal HMAC check.
*/
memset(&ctx, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
if (!ctxp) {
ctxp = HMAC_CTX_new();
if (!ctxp) {
ERROR("HMAC_CTX_new failed to alloc ctx\n");
return 1;
}
}
else {
HMAC_CTX_reset(ctxp);
}
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#else
memset(ctxp, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER < 0x0090703f)
HMAC_Init(&ctx, handle->keydata, handle->keylen, EVP_sha1());
HMAC_Init(ctxp, handle->keydata, handle->keylen, EVP_sha1());
#else
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, handle->keydata, handle->keylen, EVP_sha1(), NULL);
HMAC_CTX_init(ctxp);
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#endif
#endif
if (!pubsub_notification_traverse(pubsub_notification,
hmac_traverse,
&ctx, &handle->status)) {
HMAC_cleanup(&ctx);
ctxp, &handle->status)) {
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return -1;
}
HMAC_Final(&ctx, mac, &len);
HMAC_cleanup(&ctx);
HMAC_Final(ctxp, mac, &len);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
if (0) {
hmac_dump("event_notification_check_hmac (plain)", mac, len);
......
......@@ -750,8 +750,12 @@ convpubkey(struct pubkeydata *k)
BN_bin2bn(k->modulus, k->keylength, mod);
BN_bin2bn(k->exponent, k->expsize, exp);
/* set up the RSA public key structure */
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
RSA_set0_key(rsa,mod,exp,NULL);
#else
rsa->n = mod;
rsa->e = exp;
#endif
return rsa;
}
......
......@@ -71,6 +71,8 @@ init_checksum(char *keyfile)
{
char str[1024];
FILE *file;
BIGNUM *n, *e, *dmp1, *dmq1, *iqmp;
n = e = dmp1 = dmq1 = iqmp = NULL;
if (keyfile == NULL || (file = fopen(keyfile, "r")) == NULL) {
fprintf(stderr, "%s: cannot open keyfile\n", keyfile);
......@@ -81,22 +83,33 @@ init_checksum(char *keyfile)
return 0;
}
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->n, str);
BN_hex2bn(&n, str);
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->e, str);
BN_hex2bn(&e, str);
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->dmp1, str);
BN_hex2bn(&dmp1, str);
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->dmq1, str);
BN_hex2bn(&dmq1, str);
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->iqmp, str);
BN_hex2bn(&iqmp, str);
fclose(file);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
RSA_set0_key(signature_key, n, e, NULL);
RSA_set0_crt_params(signature_key, dmp1, dmq1, iqmp);
#else
signature_key->n = n;
signature_key->e = e;
signature_key->dmp1 = dmp1;
signature_key->dmq1 = dmq1;
signature_key->iqmp = iqmp;
#endif
return 1;
bad:
......
......@@ -1396,21 +1396,29 @@ decrypt_buffer(unsigned char *dest, const unsigned char *source,
int update_count = 0;
int final_count = 0;
int error = 0;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
EVP_CIPHER_CTX context;
#endif
EVP_CIPHER_CTX *contextp;
EVP_CIPHER const *ecipher;
EVP_CIPHER_CTX_init(&context);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
contextp = EVP_CIPHER_CTX_new();
#else
contextp = &context;
EVP_CIPHER_CTX_init(contextp);
#endif
ecipher = EVP_bf_cbc();
EVP_DecryptInit(&context, ecipher, NULL, header->enc_iv);
EVP_CIPHER_CTX_set_key_length(&context, ENC_MAX_KEYLEN);
EVP_DecryptInit(&context, NULL, encryption_key, NULL);
EVP_DecryptInit(contextp, ecipher, NULL, header->enc_iv);
EVP_CIPHER_CTX_set_key_length(contextp, ENC_MAX_KEYLEN);
EVP_DecryptInit(contextp, NULL, encryption_key, NULL);
/* decrypt */
EVP_DecryptUpdate(&context, dest, &update_count, source, header->size);
EVP_DecryptUpdate(contextp, dest, &update_count, source, header->size);
/* cleanup */
error = EVP_DecryptFinal(&context, dest + update_count, &final_count);
error = EVP_DecryptFinal(contextp, dest + update_count, &final_count);
if (!error) {
char keystr[ENC_MAX_KEYLEN*2 + 1];
fprintf(stderr, "Padding was incorrect.\n");
......
......@@ -3215,6 +3215,21 @@ output_public_key(char *imagename, RSA *key)
fprintf(stderr, "Cannot create keyfile %s\n", fname);
exit(1);
}
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
const BIGNUM *n = NULL, *e = NULL;
const BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
RSA_get0_key(key,&n,&e,NULL);
BN_print_fp(file, n);
fprintf(file, "\n");
BN_print_fp(file, e);
fprintf(file, "\n");
BN_print_fp(file, dmp1);
fprintf(file, "\n");
BN_print_fp(file, dmq1);
fprintf(file, "\n");
BN_print_fp(file, iqmp);
fprintf(file, "\n");
#else
BN_print_fp(file, key->n);
fprintf(file, "\n");
BN_print_fp(file, key->e);
......@@ -3225,6 +3240,7 @@ output_public_key(char *imagename, RSA *key)
fprintf(file, "\n");
BN_print_fp(file, key->iqmp);
fprintf(file, "\n");
#endif
fclose(file);
fprintf(stderr, "Signing pubkey written to %s\n", fname);
......@@ -3305,7 +3321,12 @@ checksum_finish(blockhdr_t *hdr)
/*
* Encryption functions
*/
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
static EVP_CIPHER_CTX *cipher_ctxp;
#else
static EVP_CIPHER_CTX cipher_ctx;
static EVP_CIPHER_CTX *cipher_ctxp = &cipher_ctx;
#endif
static const EVP_CIPHER *ecipher;
/* XXX: the size of the IV may have to change with different ciphers */
static uint8_t iv[ENC_MAX_KEYLEN];
......@@ -3325,7 +3346,11 @@ encrypt_start(blockhdr_t *hdr)
/*
* Pick our cipher - currently, only Blowfish in CBC mode is supported
*/
EVP_CIPHER_CTX_init(&cipher_ctx);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
cipher_ctxp = EVP_CIPHER_CTX_new();
#else
EVP_CIPHER_CTX_init(cipher_ctxp);
#endif
ecipher = EVP_bf_cbc();
/*
......@@ -3367,13 +3392,13 @@ encrypt_start(blockhdr_t *hdr)
/*
* Set the cipher and IV
*/
EVP_EncryptInit(&cipher_ctx, ecipher, NULL, iv);
EVP_EncryptInit(cipher_ctxp, ecipher, NULL, iv);
/*
* Bump up the key length and set the key
*/
EVP_CIPHER_CTX_set_key_length(&cipher_ctx, ENC_MAX_KEYLEN);
EVP_EncryptInit(&cipher_ctx, NULL, enc_key, NULL);
EVP_CIPHER_CTX_set_key_length(cipher_ctxp, ENC_MAX_KEYLEN);
EVP_EncryptInit(cipher_ctxp, NULL, enc_key, NULL);
/*
* Copy the IV into the header
......@@ -3393,9 +3418,9 @@ encrypt_chunk(uint8_t *buf, off_t size, off_t maxsize)
int encrypted_this_round = 0;
/* man page says encrypted output could be this large */
assert(size + EVP_CIPHER_CTX_block_size(&cipher_ctx) - 1 <= maxsize);
assert(size + EVP_CIPHER_CTX_block_size(cipher_ctxp) - 1 <= maxsize);
EVP_EncryptUpdate(&cipher_ctx, ebuffer_current, &encrypted_this_round,
EVP_EncryptUpdate(cipher_ctxp, ebuffer_current, &encrypted_this_round,
buf, size);
encrypted_bytes += encrypted_this_round;
ebuffer_current = encryption_buffer + encrypted_bytes;
......@@ -3406,7 +3431,7 @@ encrypt_finish(blockhdr_t *hdr, uint8_t *outbuf, uint32_t *out_size)
{
int encrypted_this_round = 0;
EVP_EncryptFinal(&cipher_ctx, ebuffer_current, &encrypted_this_round);
EVP_EncryptFinal(cipher_ctxp, ebuffer_current, &encrypted_this_round);
encrypted_bytes += encrypted_this_round;
/*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment