mirror of
https://github.com/pocoproject/poco.git
synced 2025-10-24 17:30:44 +02:00
Crypto and NetSSL fixes for OpenSSL 1.1
This commit is contained in:
@@ -61,7 +61,7 @@ protected:
|
||||
|
||||
private:
|
||||
std::string _name;
|
||||
EVP_MD_CTX* _ctx;
|
||||
EVP_MD_CTX* _pContext;
|
||||
Poco::DigestEngine::Digest _digest;
|
||||
OpenSSLInitializer _openSSLInitializer;
|
||||
};
|
||||
|
@@ -77,7 +77,11 @@ namespace
|
||||
|
||||
private:
|
||||
const EVP_CIPHER* _pCipher;
|
||||
EVP_CIPHER_CTX _ctx;
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
EVP_CIPHER_CTX* _pContext;
|
||||
#else
|
||||
EVP_CIPHER_CTX _context;
|
||||
#endif
|
||||
ByteVec _key;
|
||||
ByteVec _iv;
|
||||
};
|
||||
@@ -92,30 +96,52 @@ namespace
|
||||
_key(key),
|
||||
_iv(iv)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
_pContext = EVP_CIPHER_CTX_new();
|
||||
EVP_CipherInit(
|
||||
&_ctx,
|
||||
_pContext,
|
||||
_pCipher,
|
||||
&_key[0],
|
||||
_iv.empty() ? 0 : &_iv[0],
|
||||
(dir == DIR_ENCRYPT) ? 1 : 0);
|
||||
#else
|
||||
EVP_CipherInit(
|
||||
&_context,
|
||||
_pCipher,
|
||||
&_key[0],
|
||||
_iv.empty() ? 0 : &_iv[0],
|
||||
(dir == DIR_ENCRYPT) ? 1 : 0);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
CryptoTransformImpl::~CryptoTransformImpl()
|
||||
{
|
||||
EVP_CIPHER_CTX_cleanup(&_ctx);
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
EVP_CIPHER_CTX_cleanup(_pContext);
|
||||
#else
|
||||
EVP_CIPHER_CTX_cleanup(&_context);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
std::size_t CryptoTransformImpl::blockSize() const
|
||||
{
|
||||
return EVP_CIPHER_CTX_block_size(&_ctx);
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
return EVP_CIPHER_CTX_block_size(_pContext);
|
||||
#else
|
||||
return EVP_CIPHER_CTX_block_size(&_context);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
int CryptoTransformImpl::setPadding(int padding)
|
||||
{
|
||||
return EVP_CIPHER_CTX_set_padding(&_ctx, padding);
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
return EVP_CIPHER_CTX_block_size(_pContext);
|
||||
#else
|
||||
return EVP_CIPHER_CTX_set_padding(&_context, padding);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
@@ -128,13 +154,21 @@ namespace
|
||||
poco_assert (outputLength >= (inputLength + blockSize() - 1));
|
||||
|
||||
int outLen = static_cast<int>(outputLength);
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
int rc = EVP_CipherUpdate(
|
||||
&_ctx,
|
||||
_pContext,
|
||||
output,
|
||||
&outLen,
|
||||
input,
|
||||
static_cast<int>(inputLength));
|
||||
|
||||
#else
|
||||
int rc = EVP_CipherUpdate(
|
||||
&_context,
|
||||
output,
|
||||
&outLen,
|
||||
input,
|
||||
static_cast<int>(inputLength));
|
||||
#endif
|
||||
if (rc == 0)
|
||||
throwError();
|
||||
|
||||
@@ -153,7 +187,11 @@ namespace
|
||||
// Use the '_ex' version that does not perform implicit cleanup since we
|
||||
// will call EVP_CIPHER_CTX_cleanup() from the dtor as there is no
|
||||
// guarantee that finalize() will be called if an error occurred.
|
||||
int rc = EVP_CipherFinal_ex(&_ctx, output, &len);
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
int rc = EVP_CipherFinal_ex(_pContext, output, &len);
|
||||
#else
|
||||
int rc = EVP_CipherFinal_ex(&_context, output, &len);
|
||||
#endif
|
||||
|
||||
if (rc == 0)
|
||||
throwError();
|
||||
|
@@ -23,46 +23,51 @@ namespace Crypto {
|
||||
|
||||
|
||||
DigestEngine::DigestEngine(const std::string& name):
|
||||
_name(name)
|
||||
_name(name),
|
||||
_pContext(EVP_MD_CTX_create())
|
||||
{
|
||||
const EVP_MD* md = EVP_get_digestbyname(_name.c_str());
|
||||
if (!md) throw Poco::NotFoundException(_name);
|
||||
_ctx = EVP_MD_CTX_create();
|
||||
EVP_DigestInit_ex(_ctx, md, NULL);
|
||||
EVP_DigestInit_ex(_pContext, md, NULL);
|
||||
}
|
||||
|
||||
|
||||
DigestEngine::~DigestEngine()
|
||||
{
|
||||
EVP_MD_CTX_destroy(_ctx);
|
||||
EVP_MD_CTX_destroy(_pContext);
|
||||
}
|
||||
|
||||
int DigestEngine::nid() const
|
||||
{
|
||||
return EVP_MD_nid(_ctx->digest);
|
||||
return EVP_MD_nid(EVP_MD_CTX_md(_pContext));
|
||||
}
|
||||
|
||||
std::size_t DigestEngine::digestLength() const
|
||||
{
|
||||
return EVP_MD_CTX_size(_ctx);
|
||||
return EVP_MD_CTX_size(_pContext);
|
||||
}
|
||||
|
||||
|
||||
void DigestEngine::reset()
|
||||
{
|
||||
EVP_MD_CTX_cleanup(_ctx);
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
EVP_MD_CTX_free(_pContext);
|
||||
_pContext = EVP_MD_CTX_create();
|
||||
#else
|
||||
EVP_MD_CTX_cleanup(_pContext);
|
||||
#endif
|
||||
const EVP_MD* md = EVP_get_digestbyname(_name.c_str());
|
||||
if (!md) throw Poco::NotFoundException(_name);
|
||||
EVP_DigestInit_ex(_ctx, md, NULL);
|
||||
EVP_DigestInit_ex(_pContext, md, NULL);
|
||||
}
|
||||
|
||||
|
||||
const Poco::DigestEngine::Digest& DigestEngine::digest()
|
||||
{
|
||||
_digest.clear();
|
||||
unsigned len = EVP_MD_CTX_size(_ctx);
|
||||
unsigned len = EVP_MD_CTX_size(_pContext);
|
||||
_digest.resize(len);
|
||||
EVP_DigestFinal_ex(_ctx, &_digest[0], &len);
|
||||
EVP_DigestFinal_ex(_pContext, &_digest[0], &len);
|
||||
reset();
|
||||
return _digest;
|
||||
}
|
||||
@@ -70,7 +75,7 @@ const Poco::DigestEngine::Digest& DigestEngine::digest()
|
||||
|
||||
void DigestEngine::updateImpl(const void* data, std::size_t length)
|
||||
{
|
||||
EVP_DigestUpdate(_ctx, data, length);
|
||||
EVP_DigestUpdate(_pContext, data, length);
|
||||
}
|
||||
|
||||
|
||||
|
@@ -207,19 +207,43 @@ int RSAKeyImpl::size() const
|
||||
|
||||
RSAKeyImpl::ByteVec RSAKeyImpl::modulus() const
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
const BIGNUM* n = 0;
|
||||
const BIGNUM* e = 0;
|
||||
const BIGNUM* d = 0;
|
||||
RSA_get0_key(_pRSA, &n, &e, &d);
|
||||
return convertToByteVec(n);
|
||||
#else
|
||||
return convertToByteVec(_pRSA->n);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
RSAKeyImpl::ByteVec RSAKeyImpl::encryptionExponent() const
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
const BIGNUM* n = 0;
|
||||
const BIGNUM* e = 0;
|
||||
const BIGNUM* d = 0;
|
||||
RSA_get0_key(_pRSA, &n, &e, &d);
|
||||
return convertToByteVec(e);
|
||||
#else
|
||||
return convertToByteVec(_pRSA->e);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
RSAKeyImpl::ByteVec RSAKeyImpl::decryptionExponent() const
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
const BIGNUM* n = 0;
|
||||
const BIGNUM* e = 0;
|
||||
const BIGNUM* d = 0;
|
||||
RSA_get0_key(_pRSA, &n, &e, &d);
|
||||
return convertToByteVec(d);
|
||||
#else
|
||||
return convertToByteVec(_pRSA->d);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
|
@@ -59,7 +59,11 @@ X509Certificate::X509Certificate(X509* pCert, bool shared):
|
||||
|
||||
if (shared)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
X509_up_ref(_pCert);
|
||||
#else
|
||||
_pCert->references++;
|
||||
#endif
|
||||
}
|
||||
|
||||
init();
|
||||
|
@@ -494,6 +494,17 @@ void Context::initDH(const std::string& dhParamsFile)
|
||||
std::string msg = Utility::getLastError();
|
||||
throw SSLContextException("Error creating Diffie-Hellman parameters", msg);
|
||||
}
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
BIGNUM* p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
|
||||
BIGNUM* g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0);
|
||||
DH_set0_pqg(dh, p, 0, g);
|
||||
DH_set_length(dh, 160);
|
||||
if (!p || !g)
|
||||
{
|
||||
DH_free(dh);
|
||||
throw SSLContextException("Error creating Diffie-Hellman parameters");
|
||||
}
|
||||
#else
|
||||
dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
|
||||
dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0);
|
||||
dh->length = 160;
|
||||
@@ -502,6 +513,7 @@ void Context::initDH(const std::string& dhParamsFile)
|
||||
DH_free(dh);
|
||||
throw SSLContextException("Error creating Diffie-Hellman parameters");
|
||||
}
|
||||
#endif
|
||||
}
|
||||
SSL_CTX_set_tmp_dh(_pSSLContext, dh);
|
||||
SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_DH_USE);
|
||||
|
Reference in New Issue
Block a user