1*4882a593SmuzhiyunFrom 8785fe0be66c8d6eaa94ffde921909a7ec220123 Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Eneas U de Queiroz <cote2004-github@yahoo.com> 3*4882a593SmuzhiyunDate: Sat, 26 May 2018 23:44:54 -0300 4*4882a593SmuzhiyunSubject: [PATCH] ibrdtnd: added openssl compatibility 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunThis patch adds compatibility with openssl 1.1.0 to ibrdtnd. 7*4882a593Smuzhiyun 8*4882a593SmuzhiyunUpstream: https://github.com/ibrdtn/ibrdtn/pull/265 9*4882a593Smuzhiyun 10*4882a593SmuzhiyunSigned-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> 11*4882a593SmuzhiyunSigned-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> 12*4882a593Smuzhiyun--- 13*4882a593Smuzhiyun src/security/exchange/DHProtocol.cpp | 36 ++++++++++--- 14*4882a593Smuzhiyun src/security/exchange/Makefile.am | 2 + 15*4882a593Smuzhiyun src/security/exchange/openssl_compat.cpp | 62 ++++++++++++++++++++++ 16*4882a593Smuzhiyun src/security/exchange/openssl_compat.h | 13 +++++ 17*4882a593Smuzhiyun 4 files changed, 107 insertions(+), 6 deletions(-) 18*4882a593Smuzhiyun create mode 100644 src/security/exchange/openssl_compat.cpp 19*4882a593Smuzhiyun create mode 100644 src/security/exchange/openssl_compat.h 20*4882a593Smuzhiyun 21*4882a593Smuzhiyundiff --git a/src/security/exchange/DHProtocol.cpp b/src/security/exchange/DHProtocol.cpp 22*4882a593Smuzhiyunindex e94c502..3e0ad71 100644 23*4882a593Smuzhiyun--- a/src/security/exchange/DHProtocol.cpp 24*4882a593Smuzhiyun+++ b/src/security/exchange/DHProtocol.cpp 25*4882a593Smuzhiyun@@ -30,6 +30,7 @@ 26*4882a593Smuzhiyun 27*4882a593Smuzhiyun #include <openssl/rand.h> 28*4882a593Smuzhiyun #include <openssl/pem.h> 29*4882a593Smuzhiyun+#include "openssl_compat.h" 30*4882a593Smuzhiyun 31*4882a593Smuzhiyun #define DH_KEY_LENGTH 1024 32*4882a593Smuzhiyun 33*4882a593Smuzhiyun@@ -132,6 +133,7 @@ namespace dtn 34*4882a593Smuzhiyun 35*4882a593Smuzhiyun void DHProtocol::begin(KeyExchangeSession &session, KeyExchangeData &data) 36*4882a593Smuzhiyun { 37*4882a593Smuzhiyun+ const BIGNUM *pub_key, *p, *g; 38*4882a593Smuzhiyun // get session state 39*4882a593Smuzhiyun DHState &state = session.getState<DHState>(); 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun@@ -159,9 +161,12 @@ namespace dtn 42*4882a593Smuzhiyun // prepare request 43*4882a593Smuzhiyun KeyExchangeData request(KeyExchangeData::REQUEST, session); 44*4882a593Smuzhiyun 45*4882a593Smuzhiyun- write(request, state.dh->pub_key); 46*4882a593Smuzhiyun- write(request, state.dh->p); 47*4882a593Smuzhiyun- write(request, state.dh->g); 48*4882a593Smuzhiyun+ DH_get0_pqg(state.dh, &p, NULL, &g); 49*4882a593Smuzhiyun+ DH_get0_key(state.dh, &pub_key, NULL); 50*4882a593Smuzhiyun+ 51*4882a593Smuzhiyun+ write(request, pub_key); 52*4882a593Smuzhiyun+ write(request, p); 53*4882a593Smuzhiyun+ write(request, g); 54*4882a593Smuzhiyun 55*4882a593Smuzhiyun manager.submit(session, request); 56*4882a593Smuzhiyun } 57*4882a593Smuzhiyun@@ -177,6 +182,15 @@ namespace dtn 58*4882a593Smuzhiyun { 59*4882a593Smuzhiyun if (data.getAction() == KeyExchangeData::REQUEST) 60*4882a593Smuzhiyun { 61*4882a593Smuzhiyun+ BIGNUM *p = BN_new(); 62*4882a593Smuzhiyun+ BIGNUM *g = BN_new(); 63*4882a593Smuzhiyun+ if (p == NULL || g == NULL) 64*4882a593Smuzhiyun+ { 65*4882a593Smuzhiyun+ BN_free(p); 66*4882a593Smuzhiyun+ BN_free(g); 67*4882a593Smuzhiyun+ throw ibrcommon::Exception("Error while allocating space for DH parameters"); 68*4882a593Smuzhiyun+ } 69*4882a593Smuzhiyun+ 70*4882a593Smuzhiyun BIGNUM* pub_key = BN_new(); 71*4882a593Smuzhiyun read(data, &pub_key); 72*4882a593Smuzhiyun 73*4882a593Smuzhiyun@@ -184,8 +198,16 @@ namespace dtn 74*4882a593Smuzhiyun state.dh = DH_new(); 75*4882a593Smuzhiyun 76*4882a593Smuzhiyun // read p and g paramter from message 77*4882a593Smuzhiyun- read(data, &state.dh->p); 78*4882a593Smuzhiyun- read(data, &state.dh->g); 79*4882a593Smuzhiyun+ read(data, &p); 80*4882a593Smuzhiyun+ read(data, &g); 81*4882a593Smuzhiyun+ 82*4882a593Smuzhiyun+ if (DH_set0_pqg(state.dh, p, NULL, g)) 83*4882a593Smuzhiyun+ { 84*4882a593Smuzhiyun+ BN_free(p); 85*4882a593Smuzhiyun+ BN_free(g); 86*4882a593Smuzhiyun+ BN_free(pub_key); 87*4882a593Smuzhiyun+ throw ibrcommon::Exception("Error while setting DH parameters"); 88*4882a593Smuzhiyun+ } 89*4882a593Smuzhiyun 90*4882a593Smuzhiyun int codes; 91*4882a593Smuzhiyun if (!DH_check(state.dh, &codes)) 92*4882a593Smuzhiyun@@ -213,7 +235,9 @@ namespace dtn 93*4882a593Smuzhiyun state.secret.assign((const char*)secret, length); 94*4882a593Smuzhiyun 95*4882a593Smuzhiyun KeyExchangeData response(KeyExchangeData::RESPONSE, session); 96*4882a593Smuzhiyun- write(response, state.dh->pub_key); 97*4882a593Smuzhiyun+ const BIGNUM *state_dh_pub_key; 98*4882a593Smuzhiyun+ DH_get0_key(state.dh, &state_dh_pub_key, NULL); 99*4882a593Smuzhiyun+ write(response, state_dh_pub_key); 100*4882a593Smuzhiyun 101*4882a593Smuzhiyun manager.submit(session, response); 102*4882a593Smuzhiyun 103*4882a593Smuzhiyundiff --git a/src/security/exchange/Makefile.am b/src/security/exchange/Makefile.am 104*4882a593Smuzhiyunindex a6b2f83..71ed836 100644 105*4882a593Smuzhiyun--- a/src/security/exchange/Makefile.am 106*4882a593Smuzhiyun+++ b/src/security/exchange/Makefile.am 107*4882a593Smuzhiyun@@ -22,6 +22,8 @@ exchange_SOURCES += \ 108*4882a593Smuzhiyun NFCProtocol.cpp \ 109*4882a593Smuzhiyun NoneProtocol.h \ 110*4882a593Smuzhiyun NoneProtocol.cpp \ 111*4882a593Smuzhiyun+ openssl_compat.h \ 112*4882a593Smuzhiyun+ openssl_compat.cpp \ 113*4882a593Smuzhiyun QRCodeProtocol.h \ 114*4882a593Smuzhiyun QRCodeProtocol.cpp 115*4882a593Smuzhiyun 116*4882a593Smuzhiyundiff --git a/src/security/exchange/openssl_compat.cpp b/src/security/exchange/openssl_compat.cpp 117*4882a593Smuzhiyunnew file mode 100644 118*4882a593Smuzhiyunindex 0000000..e3baba0 119*4882a593Smuzhiyun--- /dev/null 120*4882a593Smuzhiyun+++ b/src/security/exchange/openssl_compat.cpp 121*4882a593Smuzhiyun@@ -0,0 +1,62 @@ 122*4882a593Smuzhiyun+/* 123*4882a593Smuzhiyun+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. 124*4882a593Smuzhiyun+ * 125*4882a593Smuzhiyun+ * Licensed under the OpenSSL license (the "License"). You may not use 126*4882a593Smuzhiyun+ * this file except in compliance with the License. You can obtain a copy 127*4882a593Smuzhiyun+ * in the file LICENSE in the source distribution or at 128*4882a593Smuzhiyun+ * https://www.openssl.org/source/license.html 129*4882a593Smuzhiyun+ */ 130*4882a593Smuzhiyun+ 131*4882a593Smuzhiyun+#include "openssl_compat.h" 132*4882a593Smuzhiyun+ 133*4882a593Smuzhiyun+#if OPENSSL_VERSION_NUMBER < 0x10100000L 134*4882a593Smuzhiyun+ 135*4882a593Smuzhiyun+void DH_get0_pqg(const DH *dh, 136*4882a593Smuzhiyun+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) 137*4882a593Smuzhiyun+{ 138*4882a593Smuzhiyun+ if (p != NULL) 139*4882a593Smuzhiyun+ *p = dh->p; 140*4882a593Smuzhiyun+ if (q != NULL) 141*4882a593Smuzhiyun+ *q = dh->q; 142*4882a593Smuzhiyun+ if (g != NULL) 143*4882a593Smuzhiyun+ *g = dh->g; 144*4882a593Smuzhiyun+} 145*4882a593Smuzhiyun+ 146*4882a593Smuzhiyun+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) 147*4882a593Smuzhiyun+{ 148*4882a593Smuzhiyun+ /* If the fields p and g in d are NULL, the corresponding input 149*4882a593Smuzhiyun+ * parameters MUST be non-NULL. q may remain NULL. 150*4882a593Smuzhiyun+ */ 151*4882a593Smuzhiyun+ if ((dh->p == NULL && p == NULL) 152*4882a593Smuzhiyun+ || (dh->g == NULL && g == NULL)) 153*4882a593Smuzhiyun+ return 0; 154*4882a593Smuzhiyun+ 155*4882a593Smuzhiyun+ if (p != NULL) { 156*4882a593Smuzhiyun+ BN_free(dh->p); 157*4882a593Smuzhiyun+ dh->p = p; 158*4882a593Smuzhiyun+ } 159*4882a593Smuzhiyun+ if (q != NULL) { 160*4882a593Smuzhiyun+ BN_free(dh->q); 161*4882a593Smuzhiyun+ dh->q = q; 162*4882a593Smuzhiyun+ } 163*4882a593Smuzhiyun+ if (g != NULL) { 164*4882a593Smuzhiyun+ BN_free(dh->g); 165*4882a593Smuzhiyun+ dh->g = g; 166*4882a593Smuzhiyun+ } 167*4882a593Smuzhiyun+ 168*4882a593Smuzhiyun+ if (q != NULL) { 169*4882a593Smuzhiyun+ dh->length = BN_num_bits(q); 170*4882a593Smuzhiyun+ } 171*4882a593Smuzhiyun+ 172*4882a593Smuzhiyun+ return 1; 173*4882a593Smuzhiyun+} 174*4882a593Smuzhiyun+ 175*4882a593Smuzhiyun+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) 176*4882a593Smuzhiyun+{ 177*4882a593Smuzhiyun+ if (pub_key != NULL) 178*4882a593Smuzhiyun+ *pub_key = dh->pub_key; 179*4882a593Smuzhiyun+ if (priv_key != NULL) 180*4882a593Smuzhiyun+ *priv_key = dh->priv_key; 181*4882a593Smuzhiyun+} 182*4882a593Smuzhiyun+ 183*4882a593Smuzhiyun+#endif /* OPENSSL_VERSION_NUMBER */ 184*4882a593Smuzhiyundiff --git a/src/security/exchange/openssl_compat.h b/src/security/exchange/openssl_compat.h 185*4882a593Smuzhiyunnew file mode 100644 186*4882a593Smuzhiyunindex 0000000..29e7d41 187*4882a593Smuzhiyun--- /dev/null 188*4882a593Smuzhiyun+++ b/src/security/exchange/openssl_compat.h 189*4882a593Smuzhiyun@@ -0,0 +1,13 @@ 190*4882a593Smuzhiyun+#ifndef LIBCRYPTO_COMPAT_H 191*4882a593Smuzhiyun+#define LIBCRYPTO_COMPAT_H 192*4882a593Smuzhiyun+ 193*4882a593Smuzhiyun+#if OPENSSL_VERSION_NUMBER < 0x10100000L 194*4882a593Smuzhiyun+ 195*4882a593Smuzhiyun+#include <openssl/dh.h> 196*4882a593Smuzhiyun+ 197*4882a593Smuzhiyun+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); 198*4882a593Smuzhiyun+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); 199*4882a593Smuzhiyun+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); 200*4882a593Smuzhiyun+ 201*4882a593Smuzhiyun+#endif /* OPENSSL_VERSION_NUMBER */ 202*4882a593Smuzhiyun+#endif /* LIBCRYPTO_COMPAT_H */ 203*4882a593Smuzhiyun-- 204*4882a593Smuzhiyun1.9.1 205*4882a593Smuzhiyun 206