1From 8785fe0be66c8d6eaa94ffde921909a7ec220123 Mon Sep 17 00:00:00 2001 2From: Eneas U de Queiroz <cote2004-github@yahoo.com> 3Date: Sat, 26 May 2018 23:44:54 -0300 4Subject: [PATCH] ibrdtnd: added openssl compatibility 5 6This patch adds compatibility with openssl 1.1.0 to ibrdtnd. 7 8Upstream: https://github.com/ibrdtn/ibrdtn/pull/265 9 10Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> 11Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> 12--- 13 src/security/exchange/DHProtocol.cpp | 36 ++++++++++--- 14 src/security/exchange/Makefile.am | 2 + 15 src/security/exchange/openssl_compat.cpp | 62 ++++++++++++++++++++++ 16 src/security/exchange/openssl_compat.h | 13 +++++ 17 4 files changed, 107 insertions(+), 6 deletions(-) 18 create mode 100644 src/security/exchange/openssl_compat.cpp 19 create mode 100644 src/security/exchange/openssl_compat.h 20 21diff --git a/src/security/exchange/DHProtocol.cpp b/src/security/exchange/DHProtocol.cpp 22index e94c502..3e0ad71 100644 23--- a/src/security/exchange/DHProtocol.cpp 24+++ b/src/security/exchange/DHProtocol.cpp 25@@ -30,6 +30,7 @@ 26 27 #include <openssl/rand.h> 28 #include <openssl/pem.h> 29+#include "openssl_compat.h" 30 31 #define DH_KEY_LENGTH 1024 32 33@@ -132,6 +133,7 @@ namespace dtn 34 35 void DHProtocol::begin(KeyExchangeSession &session, KeyExchangeData &data) 36 { 37+ const BIGNUM *pub_key, *p, *g; 38 // get session state 39 DHState &state = session.getState<DHState>(); 40 41@@ -159,9 +161,12 @@ namespace dtn 42 // prepare request 43 KeyExchangeData request(KeyExchangeData::REQUEST, session); 44 45- write(request, state.dh->pub_key); 46- write(request, state.dh->p); 47- write(request, state.dh->g); 48+ DH_get0_pqg(state.dh, &p, NULL, &g); 49+ DH_get0_key(state.dh, &pub_key, NULL); 50+ 51+ write(request, pub_key); 52+ write(request, p); 53+ write(request, g); 54 55 manager.submit(session, request); 56 } 57@@ -177,6 +182,15 @@ namespace dtn 58 { 59 if (data.getAction() == KeyExchangeData::REQUEST) 60 { 61+ BIGNUM *p = BN_new(); 62+ BIGNUM *g = BN_new(); 63+ if (p == NULL || g == NULL) 64+ { 65+ BN_free(p); 66+ BN_free(g); 67+ throw ibrcommon::Exception("Error while allocating space for DH parameters"); 68+ } 69+ 70 BIGNUM* pub_key = BN_new(); 71 read(data, &pub_key); 72 73@@ -184,8 +198,16 @@ namespace dtn 74 state.dh = DH_new(); 75 76 // read p and g paramter from message 77- read(data, &state.dh->p); 78- read(data, &state.dh->g); 79+ read(data, &p); 80+ read(data, &g); 81+ 82+ if (DH_set0_pqg(state.dh, p, NULL, g)) 83+ { 84+ BN_free(p); 85+ BN_free(g); 86+ BN_free(pub_key); 87+ throw ibrcommon::Exception("Error while setting DH parameters"); 88+ } 89 90 int codes; 91 if (!DH_check(state.dh, &codes)) 92@@ -213,7 +235,9 @@ namespace dtn 93 state.secret.assign((const char*)secret, length); 94 95 KeyExchangeData response(KeyExchangeData::RESPONSE, session); 96- write(response, state.dh->pub_key); 97+ const BIGNUM *state_dh_pub_key; 98+ DH_get0_key(state.dh, &state_dh_pub_key, NULL); 99+ write(response, state_dh_pub_key); 100 101 manager.submit(session, response); 102 103diff --git a/src/security/exchange/Makefile.am b/src/security/exchange/Makefile.am 104index a6b2f83..71ed836 100644 105--- a/src/security/exchange/Makefile.am 106+++ b/src/security/exchange/Makefile.am 107@@ -22,6 +22,8 @@ exchange_SOURCES += \ 108 NFCProtocol.cpp \ 109 NoneProtocol.h \ 110 NoneProtocol.cpp \ 111+ openssl_compat.h \ 112+ openssl_compat.cpp \ 113 QRCodeProtocol.h \ 114 QRCodeProtocol.cpp 115 116diff --git a/src/security/exchange/openssl_compat.cpp b/src/security/exchange/openssl_compat.cpp 117new file mode 100644 118index 0000000..e3baba0 119--- /dev/null 120+++ b/src/security/exchange/openssl_compat.cpp 121@@ -0,0 +1,62 @@ 122+/* 123+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. 124+ * 125+ * Licensed under the OpenSSL license (the "License"). You may not use 126+ * this file except in compliance with the License. You can obtain a copy 127+ * in the file LICENSE in the source distribution or at 128+ * https://www.openssl.org/source/license.html 129+ */ 130+ 131+#include "openssl_compat.h" 132+ 133+#if OPENSSL_VERSION_NUMBER < 0x10100000L 134+ 135+void DH_get0_pqg(const DH *dh, 136+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) 137+{ 138+ if (p != NULL) 139+ *p = dh->p; 140+ if (q != NULL) 141+ *q = dh->q; 142+ if (g != NULL) 143+ *g = dh->g; 144+} 145+ 146+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) 147+{ 148+ /* If the fields p and g in d are NULL, the corresponding input 149+ * parameters MUST be non-NULL. q may remain NULL. 150+ */ 151+ if ((dh->p == NULL && p == NULL) 152+ || (dh->g == NULL && g == NULL)) 153+ return 0; 154+ 155+ if (p != NULL) { 156+ BN_free(dh->p); 157+ dh->p = p; 158+ } 159+ if (q != NULL) { 160+ BN_free(dh->q); 161+ dh->q = q; 162+ } 163+ if (g != NULL) { 164+ BN_free(dh->g); 165+ dh->g = g; 166+ } 167+ 168+ if (q != NULL) { 169+ dh->length = BN_num_bits(q); 170+ } 171+ 172+ return 1; 173+} 174+ 175+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) 176+{ 177+ if (pub_key != NULL) 178+ *pub_key = dh->pub_key; 179+ if (priv_key != NULL) 180+ *priv_key = dh->priv_key; 181+} 182+ 183+#endif /* OPENSSL_VERSION_NUMBER */ 184diff --git a/src/security/exchange/openssl_compat.h b/src/security/exchange/openssl_compat.h 185new file mode 100644 186index 0000000..29e7d41 187--- /dev/null 188+++ b/src/security/exchange/openssl_compat.h 189@@ -0,0 +1,13 @@ 190+#ifndef LIBCRYPTO_COMPAT_H 191+#define LIBCRYPTO_COMPAT_H 192+ 193+#if OPENSSL_VERSION_NUMBER < 0x10100000L 194+ 195+#include <openssl/dh.h> 196+ 197+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); 198+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); 199+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); 200+ 201+#endif /* OPENSSL_VERSION_NUMBER */ 202+#endif /* LIBCRYPTO_COMPAT_H */ 203-- 2041.9.1 205 206