mirror of
https://github.com/PurpleI2P/i2pd.git
synced 2025-10-24 04:29:03 +01:00
Improve LibreSSL compatibility
This commit is contained in:
parent
80840b761e
commit
29660b6745
4 changed files with 98 additions and 29 deletions
|
@ -15,9 +15,11 @@
|
||||||
#include <openssl/dh.h>
|
#include <openssl/dh.h>
|
||||||
#include <openssl/md5.h>
|
#include <openssl/md5.h>
|
||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
|
#include <openssl/ec.h>
|
||||||
#include "TunnelBase.h"
|
#include "TunnelBase.h"
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
#include <openssl/kdf.h>
|
#include <openssl/kdf.h>
|
||||||
|
#include <openssl/objects.h>
|
||||||
#if I2PD_OPENSSL_GE_3 // since 3.0.0
|
#if I2PD_OPENSSL_GE_3 // since 3.0.0
|
||||||
#include <openssl/param_build.h>
|
#include <openssl/param_build.h>
|
||||||
#include <openssl/core_names.h>
|
#include <openssl/core_names.h>
|
||||||
|
@ -137,6 +139,62 @@ namespace crypto
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
EVP_PKEY * GenerateECKey (int curve)
|
||||||
|
{
|
||||||
|
#if I2PD_OPENSSL_GE_3
|
||||||
|
return EVP_EC_gen (OBJ_nid2ln (curve));
|
||||||
|
#else
|
||||||
|
EC_KEY * ec = EC_KEY_new_by_curve_name (curve);
|
||||||
|
if (!ec)
|
||||||
|
{
|
||||||
|
LogPrint (eLogError, "Crypto: Failed to allocate EC key for curve ", curve);
|
||||||
|
return nullptr;
|
||||||
|
}
|
||||||
|
if (!EC_KEY_generate_key (ec))
|
||||||
|
{
|
||||||
|
LogPrint (eLogError, "Crypto: Failed to generate EC key for curve ", curve);
|
||||||
|
EC_KEY_free (ec);
|
||||||
|
return nullptr;
|
||||||
|
}
|
||||||
|
EVP_PKEY * pkey = EVP_PKEY_new ();
|
||||||
|
if (!pkey)
|
||||||
|
{
|
||||||
|
LogPrint (eLogError, "Crypto: Failed to allocate EVP_PKEY for EC curve ", curve);
|
||||||
|
EC_KEY_free (ec);
|
||||||
|
return nullptr;
|
||||||
|
}
|
||||||
|
if (!EVP_PKEY_assign_EC_KEY (pkey, ec))
|
||||||
|
{
|
||||||
|
LogPrint (eLogError, "Crypto: EVP_PKEY_assign_EC_KEY failed for curve ", curve);
|
||||||
|
EVP_PKEY_free (pkey);
|
||||||
|
EC_KEY_free (ec);
|
||||||
|
return nullptr;
|
||||||
|
}
|
||||||
|
return pkey;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
int GetEVPKeyCurveNID (const EVP_PKEY * pkey)
|
||||||
|
{
|
||||||
|
if (!pkey) return -1;
|
||||||
|
#if I2PD_OPENSSL_GE_3
|
||||||
|
char groupName[64];
|
||||||
|
if (EVP_PKEY_get_group_name (const_cast<EVP_PKEY *>(pkey), groupName, sizeof (groupName), NULL) == 1)
|
||||||
|
return OBJ_txt2nid (groupName);
|
||||||
|
return -1;
|
||||||
|
#else
|
||||||
|
if (EVP_PKEY_base_id (pkey) != EVP_PKEY_EC)
|
||||||
|
return 0;
|
||||||
|
EC_KEY * ec = EVP_PKEY_get1_EC_KEY (const_cast<EVP_PKEY *>(pkey));
|
||||||
|
if (!ec)
|
||||||
|
return -1;
|
||||||
|
const EC_GROUP * group = EC_KEY_get0_group (ec);
|
||||||
|
int nid = group ? EC_GROUP_get_curve_name (group) : -1;
|
||||||
|
EC_KEY_free (ec);
|
||||||
|
return nid;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
// RSA
|
// RSA
|
||||||
#define rsae GetCryptoConstants ().rsae
|
#define rsae GetCryptoConstants ().rsae
|
||||||
const BIGNUM * GetRSAE ()
|
const BIGNUM * GetRSAE ()
|
||||||
|
|
|
@ -48,6 +48,8 @@ namespace i2p
|
||||||
namespace crypto
|
namespace crypto
|
||||||
{
|
{
|
||||||
bool bn2buf (const BIGNUM * bn, uint8_t * buf, size_t len);
|
bool bn2buf (const BIGNUM * bn, uint8_t * buf, size_t len);
|
||||||
|
EVP_PKEY * GenerateECKey (int curve);
|
||||||
|
int GetEVPKeyCurveNID (const EVP_PKEY * pkey);
|
||||||
|
|
||||||
// DSA
|
// DSA
|
||||||
#if I2PD_OPENSSL_GE_3 // since 3.0.0
|
#if I2PD_OPENSSL_GE_3 // since 3.0.0
|
||||||
|
|
|
@ -51,14 +51,7 @@ namespace data
|
||||||
auto pkey = X509_get_pubkey (cert);
|
auto pkey = X509_get_pubkey (cert);
|
||||||
if (pkey)
|
if (pkey)
|
||||||
{
|
{
|
||||||
int curve = 0;
|
int curve = i2p::crypto::GetEVPKeyCurveNID (pkey);
|
||||||
#if I2PD_OPENSSL_GE_3 // since 3.0.0
|
|
||||||
char groupName[20];
|
|
||||||
if (EVP_PKEY_get_group_name(pkey, groupName, sizeof(groupName), NULL) == 1)
|
|
||||||
curve = OBJ_txt2nid (groupName);
|
|
||||||
else
|
|
||||||
curve = -1;
|
|
||||||
#endif
|
|
||||||
if (!curve || curve == NID_X9_62_prime256v1)
|
if (!curve || curve == NID_X9_62_prime256v1)
|
||||||
{
|
{
|
||||||
if (!m_SigningKeys.emplace (cn, std::make_pair(pkey, (int)m_SigningKeys.size () + 1)).second)
|
if (!m_SigningKeys.emplace (cn, std::make_pair(pkey, (int)m_SigningKeys.size () + 1)).second)
|
||||||
|
@ -156,14 +149,7 @@ namespace data
|
||||||
{
|
{
|
||||||
SSL * ssl = SSL_new (ctx);
|
SSL * ssl = SSL_new (ctx);
|
||||||
EVP_PKEY * pkey = SSL_get_privatekey (ssl);
|
EVP_PKEY * pkey = SSL_get_privatekey (ssl);
|
||||||
int curve = 0;
|
int curve = i2p::crypto::GetEVPKeyCurveNID (pkey);
|
||||||
#if I2PD_OPENSSL_GE_3 // since 3.0.0
|
|
||||||
char groupName[20];
|
|
||||||
if (EVP_PKEY_get_group_name(pkey, groupName, sizeof(groupName), NULL) == 1)
|
|
||||||
curve = OBJ_txt2nid (groupName);
|
|
||||||
else
|
|
||||||
curve = -1;
|
|
||||||
#endif
|
|
||||||
if (!curve || curve == NID_X9_62_prime256v1)
|
if (!curve || curve == NID_X9_62_prime256v1)
|
||||||
{
|
{
|
||||||
uint8_t buf[100], sign[72], signature[64];
|
uint8_t buf[100], sign[72], signature[64];
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <memory>
|
#include <memory>
|
||||||
|
#include <cstring>
|
||||||
#include "Crypto.h"
|
#include "Crypto.h"
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#if I2PD_OPENSSL_GE_3 // since 3.0.0
|
#if I2PD_OPENSSL_GE_3 // since 3.0.0
|
||||||
|
@ -286,19 +287,41 @@ namespace crypto
|
||||||
|
|
||||||
void CreateECDSARandomKeys (int curve, size_t keyLen, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
|
void CreateECDSARandomKeys (int curve, size_t keyLen, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
|
||||||
{
|
{
|
||||||
EVP_PKEY * pkey = EVP_EC_gen (OBJ_nid2ln(curve));
|
auto pkey = GenerateECKey (curve);
|
||||||
// private
|
if (!pkey)
|
||||||
BIGNUM * priv = BN_new ();
|
return;
|
||||||
EVP_PKEY_get_bn_param (pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv);
|
EC_KEY * ec = EVP_PKEY_get1_EC_KEY (pkey);
|
||||||
|
if (!ec)
|
||||||
|
{
|
||||||
|
LogPrint (eLogError, "ECDSA: Failed to extract EC key for curve ", curve);
|
||||||
|
EVP_PKEY_free (pkey);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
const BIGNUM * priv = EC_KEY_get0_private_key (ec);
|
||||||
|
if (priv)
|
||||||
bn2buf (priv, signingPrivateKey, keyLen/2);
|
bn2buf (priv, signingPrivateKey, keyLen/2);
|
||||||
BN_free (priv);
|
else
|
||||||
// public
|
memset (signingPrivateKey, 0, keyLen/2);
|
||||||
|
const EC_GROUP * group = EC_KEY_get0_group (ec);
|
||||||
|
const EC_POINT * pub = EC_KEY_get0_public_key (ec);
|
||||||
|
if (group && pub)
|
||||||
|
{
|
||||||
BIGNUM * x = BN_new (), * y = BN_new ();
|
BIGNUM * x = BN_new (), * y = BN_new ();
|
||||||
EVP_PKEY_get_bn_param (pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x);
|
BN_CTX * ctx = BN_CTX_new ();
|
||||||
EVP_PKEY_get_bn_param (pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y);
|
if (x && y && ctx && EC_POINT_get_affine_coordinates_GFp (group, pub, x, y, ctx))
|
||||||
|
{
|
||||||
bn2buf (x, signingPublicKey, keyLen/2);
|
bn2buf (x, signingPublicKey, keyLen/2);
|
||||||
bn2buf (y, signingPublicKey + keyLen/2, keyLen/2);
|
bn2buf (y, signingPublicKey + keyLen/2, keyLen/2);
|
||||||
BN_free (x); BN_free (y);
|
}
|
||||||
|
else
|
||||||
|
LogPrint (eLogError, "ECDSA: Failed to extract public coordinates for curve ", curve);
|
||||||
|
if (ctx) BN_CTX_free (ctx);
|
||||||
|
if (x) BN_free (x);
|
||||||
|
if (y) BN_free (y);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
LogPrint (eLogError, "ECDSA: Missing group or public key for curve ", curve);
|
||||||
|
EC_KEY_free (ec);
|
||||||
EVP_PKEY_free (pkey);
|
EVP_PKEY_free (pkey);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue