Mirrors/i2pd
2
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-06-21 21:38:20 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

stop suporting openssl below 1.1.1

Browse source
This commit is contained in:
orignal 2025-06-12 11:22:39 -04:00
parent d2296f81ad
commit 5bef987529
4 changed files with 5 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

15
libi2pd/Crypto.cpp
View file

@ -16,9 +16,7 @@
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include "TunnelBase.h" #include "TunnelBase.h"
#include <openssl/ssl.h> #include <openssl/ssl.h>
#if OPENSSL_HKDF
#include <openssl/kdf.h> #include <openssl/kdf.h>
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x030000000) // since 3.0.0 #if (OPENSSL_VERSION_NUMBER >= 0x030000000) // since 3.0.0
#include <openssl/param_build.h> #include <openssl/param_build.h>
#include <openssl/core_names.h> #include <openssl/core_names.h>
@ -784,7 +782,6 @@ namespace crypto
void HKDF (const uint8_t * salt, const uint8_t * key, size_t keyLen, const std::string& info, void HKDF (const uint8_t * salt, const uint8_t * key, size_t keyLen, const std::string& info,
uint8_t * out, size_t outLen) uint8_t * out, size_t outLen)
{ {
#if OPENSSL_HKDF
EVP_PKEY_CTX * pctx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, nullptr); EVP_PKEY_CTX * pctx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, nullptr);
EVP_PKEY_derive_init (pctx); EVP_PKEY_derive_init (pctx);
EVP_PKEY_CTX_set_hkdf_md (pctx, EVP_sha256()); EVP_PKEY_CTX_set_hkdf_md (pctx, EVP_sha256());
@ -805,18 +802,6 @@ namespace crypto
EVP_PKEY_CTX_add1_hkdf_info (pctx, (const uint8_t *)info.c_str (), info.length ()); EVP_PKEY_CTX_add1_hkdf_info (pctx, (const uint8_t *)info.c_str (), info.length ());
EVP_PKEY_derive (pctx, out, &outLen); EVP_PKEY_derive (pctx, out, &outLen);
EVP_PKEY_CTX_free (pctx); EVP_PKEY_CTX_free (pctx);
#else
uint8_t prk[32]; unsigned int len;
HMAC(EVP_sha256(), salt, 32, key, keyLen, prk, &len);
auto l = info.length ();
memcpy (out, info.c_str (), l); out[l] = 0x01;
HMAC(EVP_sha256(), prk, 32, out, l + 1, out, &len);
if (outLen > 32) // 64
{
memcpy (out + 32, info.c_str (), l); out[l + 32] = 0x02;
HMAC(EVP_sha256(), prk, 32, out, l + 33, out + 32, &len);
}
#endif
} }
// Noise // Noise

14
libi2pd/Crypto.h
View file

@ -27,15 +27,11 @@
#include "Tag.h" #include "Tag.h"
// recognize openssl version and features // recognize openssl version and features
#if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1 #if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER != 0x030000000)) // 3.0.0, regression in SipHash, not implemented in LibreSSL
# define OPENSSL_HKDF 1 # define OPENSSL_SIPHASH 1
# define OPENSSL_EDDSA 1 #endif
# if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER != 0x030000000)) // 3.0.0, regression in SipHash, not implemented in LibreSSL #if (OPENSSL_VERSION_NUMBER >= 0x030500000) // 3.5.0
# define OPENSSL_SIPHASH 1 # define OPENSSL_PQ 1
# endif
# if (OPENSSL_VERSION_NUMBER >= 0x030500000) // 3.5.0
# define OPENSSL_PQ 1
# endif
#endif #endif
namespace i2p namespace i2p

34
libi2pd/Signature.cpp
View file

@ -347,7 +347,6 @@ namespace crypto
#endif #endif
#if OPENSSL_EDDSA
EDDSA25519Verifier::EDDSA25519Verifier (): EDDSA25519Verifier::EDDSA25519Verifier ():
m_Pkey (nullptr) m_Pkey (nullptr)
{ {
@ -379,37 +378,6 @@ namespace crypto
return false; return false;
} }
#else
EDDSA25519Verifier::EDDSA25519Verifier ()
{
}
EDDSA25519Verifier::~EDDSA25519Verifier ()
{
}
void EDDSA25519Verifier::SetPublicKey (const uint8_t * signingKey)
{
memcpy (m_PublicKeyEncoded, signingKey, EDDSA25519_PUBLIC_KEY_LENGTH);
BN_CTX * ctx = BN_CTX_new ();
m_PublicKey = GetEd25519 ()->DecodePublicKey (m_PublicKeyEncoded, ctx);
BN_CTX_free (ctx);
}
bool EDDSA25519Verifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
{
uint8_t digest[64];
SHA512_CTX ctx;
SHA512_Init (&ctx);
SHA512_Update (&ctx, signature, EDDSA25519_SIGNATURE_LENGTH/2); // R
SHA512_Update (&ctx, m_PublicKeyEncoded, EDDSA25519_PUBLIC_KEY_LENGTH); // public key
SHA512_Update (&ctx, buf, len); // data
SHA512_Final (digest, &ctx);
return GetEd25519 ()->Verify (m_PublicKey, digest, signature);
}
#endif
EDDSA25519SignerCompat::EDDSA25519SignerCompat (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey) EDDSA25519SignerCompat::EDDSA25519SignerCompat (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey)
{ {
// expand key // expand key
@ -439,7 +407,6 @@ namespace crypto
GetEd25519 ()->Sign (m_ExpandedPrivateKey, m_PublicKeyEncoded, buf, len, signature); GetEd25519 ()->Sign (m_ExpandedPrivateKey, m_PublicKeyEncoded, buf, len, signature);
} }
#if OPENSSL_EDDSA
EDDSA25519Signer::EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey): EDDSA25519Signer::EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey):
m_Pkey (nullptr), m_Fallback (nullptr) m_Pkey (nullptr), m_Fallback (nullptr)
{ {
@ -481,7 +448,6 @@ namespace crypto
else else
LogPrint (eLogError, "EdDSA signing key is not set"); LogPrint (eLogError, "EdDSA signing key is not set");
} }
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x030000000) #if (OPENSSL_VERSION_NUMBER >= 0x030000000)
static const OSSL_PARAM EDDSA25519phParams[] = static const OSSL_PARAM EDDSA25519phParams[] =

18
libi2pd/Signature.h
View file

@ -369,18 +369,12 @@ namespace crypto
size_t GetSignatureLen () const { return EDDSA25519_SIGNATURE_LENGTH; }; size_t GetSignatureLen () const { return EDDSA25519_SIGNATURE_LENGTH; };
private: private:
#if OPENSSL_EDDSA
EVP_PKEY * m_Pkey; EVP_PKEY * m_Pkey;
protected: protected:
EVP_PKEY * GetPkey () const { return m_Pkey; }; EVP_PKEY * GetPkey () const { return m_Pkey; };
#else
EDDSAPoint m_PublicKey;
uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH];
#endif
}; };
#if (OPENSSL_VERSION_NUMBER >= 0x030000000) // since 3.0.0 #if (OPENSSL_VERSION_NUMBER >= 0x030000000) // since 3.0.0
@ -409,7 +403,6 @@ namespace crypto
uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH]; uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH];
}; };
#if OPENSSL_EDDSA
class EDDSA25519Signer: public Signer class EDDSA25519Signer: public Signer
{ {
public: public:
@ -429,11 +422,6 @@ namespace crypto
EVP_PKEY * m_Pkey; EVP_PKEY * m_Pkey;
EDDSA25519SignerCompat * m_Fallback; EDDSA25519SignerCompat * m_Fallback;
}; };
#else
typedef EDDSA25519SignerCompat EDDSA25519Signer;
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x030000000) // since 3.0.0 #if (OPENSSL_VERSION_NUMBER >= 0x030000000) // since 3.0.0
class EDDSA25519phSigner: public EDDSA25519Signer class EDDSA25519phSigner: public EDDSA25519Signer
@ -449,7 +437,6 @@ namespace crypto
inline void CreateEDDSA25519RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey) inline void CreateEDDSA25519RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
{ {
#if OPENSSL_EDDSA
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id (EVP_PKEY_ED25519, NULL); EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id (EVP_PKEY_ED25519, NULL);
EVP_PKEY_keygen_init (pctx); EVP_PKEY_keygen_init (pctx);
@ -460,11 +447,6 @@ namespace crypto
len = EDDSA25519_PRIVATE_KEY_LENGTH; len = EDDSA25519_PRIVATE_KEY_LENGTH;
EVP_PKEY_get_raw_private_key (pkey, signingPrivateKey, &len); EVP_PKEY_get_raw_private_key (pkey, signingPrivateKey, &len);
EVP_PKEY_free (pkey); EVP_PKEY_free (pkey);
#else
RAND_bytes (signingPrivateKey, EDDSA25519_PRIVATE_KEY_LENGTH);
EDDSA25519Signer signer (signingPrivateKey);
memcpy (signingPublicKey, signer.GetPublicKey (), EDDSA25519_PUBLIC_KEY_LENGTH);
#endif
} }