mirror of
				https://github.com/pocoproject/poco.git
				synced 2025-10-24 17:30:44 +02:00 
			
		
		
		
	Crypto and NetSSL fixes for OpenSSL 1.1
This commit is contained in:
		| @@ -61,7 +61,7 @@ protected: | ||||
| 	 | ||||
| private: | ||||
| 	std::string _name; | ||||
| 	EVP_MD_CTX* _ctx; | ||||
| 	EVP_MD_CTX* _pContext; | ||||
| 	Poco::DigestEngine::Digest _digest; | ||||
| 	OpenSSLInitializer _openSSLInitializer; | ||||
| }; | ||||
|   | ||||
| @@ -77,7 +77,11 @@ namespace | ||||
|  | ||||
| 	private: | ||||
| 		const EVP_CIPHER* _pCipher; | ||||
| 		EVP_CIPHER_CTX    _ctx; | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 		EVP_CIPHER_CTX*   _pContext; | ||||
| #else | ||||
| 		EVP_CIPHER_CTX    _context; | ||||
| #endif | ||||
| 		ByteVec           _key; | ||||
| 		ByteVec           _iv; | ||||
| 	}; | ||||
| @@ -92,30 +96,52 @@ namespace | ||||
| 		_key(key), | ||||
| 		_iv(iv) | ||||
| 	{ | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 		_pContext = EVP_CIPHER_CTX_new(); | ||||
| 		EVP_CipherInit( | ||||
| 			&_ctx, | ||||
| 			_pContext, | ||||
| 			_pCipher, | ||||
| 			&_key[0], | ||||
| 			_iv.empty() ? 0 : &_iv[0], | ||||
| 			(dir == DIR_ENCRYPT) ? 1 : 0); | ||||
| #else | ||||
| 		EVP_CipherInit( | ||||
| 			&_context, | ||||
| 			_pCipher, | ||||
| 			&_key[0], | ||||
| 			_iv.empty() ? 0 : &_iv[0], | ||||
| 			(dir == DIR_ENCRYPT) ? 1 : 0); | ||||
| #endif | ||||
| 	} | ||||
|  | ||||
|  | ||||
| 	CryptoTransformImpl::~CryptoTransformImpl() | ||||
| 	{ | ||||
| 		EVP_CIPHER_CTX_cleanup(&_ctx); | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 		EVP_CIPHER_CTX_cleanup(_pContext); | ||||
| #else | ||||
| 		EVP_CIPHER_CTX_cleanup(&_context); | ||||
| #endif | ||||
| 	} | ||||
|  | ||||
|  | ||||
| 	std::size_t CryptoTransformImpl::blockSize() const | ||||
| 	{ | ||||
| 		return EVP_CIPHER_CTX_block_size(&_ctx); | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 		return EVP_CIPHER_CTX_block_size(_pContext); | ||||
| #else | ||||
| 		return EVP_CIPHER_CTX_block_size(&_context); | ||||
| #endif | ||||
| 	} | ||||
|  | ||||
| 	 | ||||
| 	int CryptoTransformImpl::setPadding(int padding) | ||||
| 	{ | ||||
| 		return EVP_CIPHER_CTX_set_padding(&_ctx, padding); | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 		return EVP_CIPHER_CTX_block_size(_pContext); | ||||
| #else | ||||
| 		return EVP_CIPHER_CTX_set_padding(&_context, padding); | ||||
| #endif | ||||
| 	} | ||||
| 	 | ||||
|  | ||||
| @@ -128,13 +154,21 @@ namespace | ||||
| 		poco_assert (outputLength >= (inputLength + blockSize() - 1)); | ||||
|  | ||||
| 		int outLen = static_cast<int>(outputLength); | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 		int rc = EVP_CipherUpdate( | ||||
| 			&_ctx, | ||||
| 			_pContext, | ||||
| 			output, | ||||
| 			&outLen, | ||||
| 			input, | ||||
| 			static_cast<int>(inputLength)); | ||||
|  | ||||
| #else | ||||
| 		int rc = EVP_CipherUpdate( | ||||
| 			&_context, | ||||
| 			output, | ||||
| 			&outLen, | ||||
| 			input, | ||||
| 			static_cast<int>(inputLength)); | ||||
| #endif | ||||
| 		if (rc == 0) | ||||
| 			throwError(); | ||||
|  | ||||
| @@ -153,7 +187,11 @@ namespace | ||||
| 		// Use the '_ex' version that does not perform implicit cleanup since we | ||||
| 		// will call EVP_CIPHER_CTX_cleanup() from the dtor as there is no | ||||
| 		// guarantee that finalize() will be called if an error occurred. | ||||
| 		int rc = EVP_CipherFinal_ex(&_ctx, output, &len); | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 		int rc = EVP_CipherFinal_ex(_pContext, output, &len); | ||||
| #else | ||||
| 		int rc = EVP_CipherFinal_ex(&_context, output, &len); | ||||
| #endif | ||||
|  | ||||
| 		if (rc == 0) | ||||
| 			throwError(); | ||||
|   | ||||
| @@ -23,46 +23,51 @@ namespace Crypto { | ||||
|  | ||||
|  | ||||
| DigestEngine::DigestEngine(const std::string& name): | ||||
| 	_name(name) | ||||
| 	_name(name), | ||||
| 	_pContext(EVP_MD_CTX_create()) | ||||
| { | ||||
| 	const EVP_MD* md = EVP_get_digestbyname(_name.c_str()); | ||||
| 	if (!md) throw Poco::NotFoundException(_name); | ||||
| 	_ctx = EVP_MD_CTX_create(); | ||||
| 	EVP_DigestInit_ex(_ctx, md, NULL);	 | ||||
| 	EVP_DigestInit_ex(_pContext, md, NULL);	 | ||||
| } | ||||
|  | ||||
| 	 | ||||
| DigestEngine::~DigestEngine() | ||||
| { | ||||
| 	EVP_MD_CTX_destroy(_ctx); | ||||
| 	EVP_MD_CTX_destroy(_pContext); | ||||
| } | ||||
|  | ||||
| int DigestEngine::nid() const | ||||
| { | ||||
| 	return EVP_MD_nid(_ctx->digest); | ||||
| 	return EVP_MD_nid(EVP_MD_CTX_md(_pContext)); | ||||
| } | ||||
|  | ||||
| std::size_t DigestEngine::digestLength() const | ||||
| { | ||||
| 	return EVP_MD_CTX_size(_ctx); | ||||
| 	return EVP_MD_CTX_size(_pContext); | ||||
| } | ||||
|  | ||||
|  | ||||
| void DigestEngine::reset() | ||||
| { | ||||
| 	EVP_MD_CTX_cleanup(_ctx); | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 	EVP_MD_CTX_free(_pContext); | ||||
| 	_pContext = EVP_MD_CTX_create(); | ||||
| #else | ||||
| 	EVP_MD_CTX_cleanup(_pContext); | ||||
| #endif | ||||
| 	const EVP_MD* md = EVP_get_digestbyname(_name.c_str()); | ||||
| 	if (!md) throw Poco::NotFoundException(_name); | ||||
| 	EVP_DigestInit_ex(_ctx, md, NULL); | ||||
| 	EVP_DigestInit_ex(_pContext, md, NULL); | ||||
| } | ||||
|  | ||||
|  | ||||
| const Poco::DigestEngine::Digest& DigestEngine::digest() | ||||
| { | ||||
| 	_digest.clear(); | ||||
| 	unsigned len = EVP_MD_CTX_size(_ctx); | ||||
| 	unsigned len = EVP_MD_CTX_size(_pContext); | ||||
| 	_digest.resize(len); | ||||
| 	EVP_DigestFinal_ex(_ctx, &_digest[0], &len); | ||||
| 	EVP_DigestFinal_ex(_pContext, &_digest[0], &len); | ||||
| 	reset(); | ||||
| 	return _digest; | ||||
| } | ||||
| @@ -70,7 +75,7 @@ const Poco::DigestEngine::Digest& DigestEngine::digest() | ||||
|  | ||||
| void DigestEngine::updateImpl(const void* data, std::size_t length) | ||||
| { | ||||
| 	EVP_DigestUpdate(_ctx, data, length); | ||||
| 	EVP_DigestUpdate(_pContext, data, length); | ||||
| } | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -207,19 +207,43 @@ int RSAKeyImpl::size() const | ||||
|  | ||||
| RSAKeyImpl::ByteVec RSAKeyImpl::modulus() const | ||||
| { | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 	const BIGNUM* n = 0; | ||||
| 	const BIGNUM* e = 0; | ||||
| 	const BIGNUM* d = 0; | ||||
| 	RSA_get0_key(_pRSA, &n, &e, &d); | ||||
| 	return convertToByteVec(n); | ||||
| #else | ||||
| 	return convertToByteVec(_pRSA->n); | ||||
| #endif | ||||
| } | ||||
|  | ||||
|  | ||||
| RSAKeyImpl::ByteVec RSAKeyImpl::encryptionExponent() const | ||||
| { | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 	const BIGNUM* n = 0; | ||||
| 	const BIGNUM* e = 0; | ||||
| 	const BIGNUM* d = 0; | ||||
| 	RSA_get0_key(_pRSA, &n, &e, &d); | ||||
| 	return convertToByteVec(e); | ||||
| #else | ||||
| 	return convertToByteVec(_pRSA->e); | ||||
| #endif | ||||
| } | ||||
|  | ||||
|  | ||||
| RSAKeyImpl::ByteVec RSAKeyImpl::decryptionExponent() const | ||||
| { | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 	const BIGNUM* n = 0; | ||||
| 	const BIGNUM* e = 0; | ||||
| 	const BIGNUM* d = 0; | ||||
| 	RSA_get0_key(_pRSA, &n, &e, &d); | ||||
| 	return convertToByteVec(d); | ||||
| #else | ||||
| 	return convertToByteVec(_pRSA->d); | ||||
| #endif | ||||
| } | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -59,7 +59,11 @@ X509Certificate::X509Certificate(X509* pCert, bool shared): | ||||
| 	 | ||||
| 	if (shared) | ||||
| 	{ | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 		X509_up_ref(_pCert); | ||||
| #else | ||||
| 		_pCert->references++; | ||||
| #endif | ||||
| 	} | ||||
|  | ||||
| 	init(); | ||||
|   | ||||
| @@ -494,6 +494,17 @@ void Context::initDH(const std::string& dhParamsFile) | ||||
| 			std::string msg = Utility::getLastError(); | ||||
| 			throw SSLContextException("Error creating Diffie-Hellman parameters", msg); | ||||
| 		} | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 		BIGNUM* p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0); | ||||
| 		BIGNUM* g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0); | ||||
| 		DH_set0_pqg(dh, p, 0, g); | ||||
| 		DH_set_length(dh, 160); | ||||
| 		if (!p || !g) | ||||
| 		{ | ||||
| 			DH_free(dh); | ||||
| 			throw SSLContextException("Error creating Diffie-Hellman parameters"); | ||||
| 		} | ||||
| #else | ||||
| 		dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0); | ||||
| 		dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0); | ||||
| 		dh->length = 160; | ||||
| @@ -502,6 +513,7 @@ void Context::initDH(const std::string& dhParamsFile) | ||||
| 			DH_free(dh); | ||||
| 			throw SSLContextException("Error creating Diffie-Hellman parameters"); | ||||
| 		} | ||||
| #endif | ||||
| 	} | ||||
| 	SSL_CTX_set_tmp_dh(_pSSLContext, dh); | ||||
| 	SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_DH_USE); | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Günter Obiltschnig
					Günter Obiltschnig