libraries
/
libpcscxx
1
0
Fork 0
Code Issues Releases Activity

support new Op0enSSL 1.1.0 API

Browse Source
master
Marc Wäckerlin 6 years ago
parent 1f7fac1dbc
commit 8e7084e733
12 changed files with 962 additions and 140 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      ChangeLog
  2. 1
      bootstrap.sh
  3. 12
      build-in-docker.sh
  4. 26
      examples/openssl-engine-demo.cxx
  5. 4
      src/cryptaux.hxx
  6. 6
      src/cryptoki.cxx
  7. 3
      src/makefile.am
  8. 763
      src/openssl-compatibility.hxx
  9. 13
      src/openssl-engine.cxx
  10. 114
      src/openssl-engine.hxx
  11. 152
      src/openssl.hxx
  12. 2
      template.sh

6
ChangeLog
Unescape View File

@ -1,3 +1,9 @@
2017-12-21 15:23
* [r405] COPYING, ChangeLog, INSTALL, ax_init_standard_project.m4,
bootstrap.sh, mac-create-app-bundle.sh, template.sh:
update of build system
2017-12-07 10:19
* [r404] COPYING, INSTALL, ax_check_qt.m4,

1
bootstrap.sh
Unescape View File

@ -1708,6 +1708,7 @@ $(
BuildRequires: rpm-sign, lsb-release
%else
BuildRequires: rpm-sign, redhat-lsb
%global debug_package %{nil}
%endif
%endif
$(

12
build-in-docker.sh
Unescape View File

@ -250,16 +250,16 @@ case $mode in
done
docker exec ${DOCKER_ID} apt-get update ${OPTIONS}
docker exec ${DOCKER_ID} apt-get upgrade ${OPTIONS}
docker exec ${DOCKER_ID} apt-get install ${OPTIONS} python-software-properties software-properties-common apt-transport-https dpkg-dev lsb-release || \
docker exec ${DOCKER_ID} apt-get install ${OPTIONS} software-properties-common apt-transport-https dpkg-dev lsb-release || \
docker exec ${DOCKER_ID} apt-get install ${OPTIONS} python-software-properties apt-transport-https dpkg-dev lsb-release;
for repo in "${repos[@]}"; do
ifthenelse "${repo}" "apt-add-repository 'ARG'"
done
docker exec ${DOCKER_ID} apt-get install ${OPTIONS} python-software-properties software-properties-common apt-transport-https dpkg-dev lsb-release wget || \
docker exec ${DOCKER_ID} apt-get install ${OPTIONS} software-properties-common apt-transport-https dpkg-dev lsb-release wget || \
docker exec ${DOCKER_ID} apt-get install ${OPTIONS} python-software-properties apt-transport-https dpkg-dev lsb-release wget;
for key in "${keys[@]}"; do
wget -O- "$key" \
| docker exec -i ${DOCKER_ID} apt-key add -
done
for repo in "${repos[@]}"; do
ifthenelse "${repo}" "apt-add-repository 'ARG'"
done
docker exec ${DOCKER_ID} apt-get update ${OPTIONS}
for package in "${packages[@]}"; do
ifthenelse "${package}" "apt-get install ${OPTIONS} ARG"

26
examples/openssl-engine-demo.cxx
Unescape View File

@ -21,17 +21,31 @@ class TestEngine: virtual public openssl::Engine {
CRYPTOLOG("log");
return "TestEngine_NAME";
}
};
class OtherTestEngine: virtual public openssl::Engine {
public:
virtual const char* id() {
CRYPTOLOG("log");
return "OtherTestEngine_ID";
}
virtual const char* name() {
CRYPTOLOG("log");
return "OtherTestEngine_NAME";
}
};
int main(int, char**) {
{
openssl::RegisterEngine<> testEngine(new TestEngine);
openssl::RegisterEngine<> testEngine(new TestEngine);
openssl::RegisterEngine<> otherTestEngine(new OtherTestEngine);
for (ENGINE* e(ENGINE_get_first()); e; e = ENGINE_get_next(e)) {
std::cout<<"Found Engine: "<<ENGINE_get_id(e)<<std::endl;
}
for (openssl::Engine::iterator it; it; ++it) {
std::cout<<"Found Engine: "<<(*it).id()<<std::endl;
}
ENGINE_cleanup();
return 0;
}

4
src/cryptaux.hxx
Unescape View File

@ -18,7 +18,9 @@
Auxiliary often used funcions in cryptographic environment, such
as logging, converting binary from and to hexadecimal or creating
readable texts from binary data. */
readable texts from binary data.
To enable logging, add @c -DDEBUG to @c CPPFLAGS */
//@{
#define CRYPTOLOG_QUOTE(X) CRYPTOLOG_QUOTE2(X)

6
src/cryptoki.cxx
Unescape View File

@ -207,7 +207,7 @@ namespace cryptoki {
#endif
_fn = 0;
} catch (std::exception& e) {
CRYPTOLOG("unloading cryptoki library failed, reason: "+e.what());
CRYPTOLOG("unloading cryptoki library failed, reason: "<<e.what());
} catch (...) {
CRYPTOLOG("unloading cryptoki library failed");
}
@ -333,8 +333,8 @@ namespace cryptoki {
.from<CK_CERTIFICATE_TYPE>(CKC_X_509));
attrs.push_back(Attribute(CKA_SUBJECT, cert.subjectDER()));
attrs.push_back(Attribute(CKA_ID, cert.id()));
attrs.push_back(Attribute(CKA_ISSUER, cert.issuerDER()));
attrs.push_back(Attribute(CKA_SERIAL_NUMBER, cert.serial()));
//attrs.push_back(Attribute(CKA_ISSUER, cert.issuerDER()));
// attrs.push_back(Attribute(CKA_SERIAL_NUMBER, cert.serialDER()));
attrs.push_back(Attribute(CKA_VALUE, cert.valueDER()));
CRYPTOLOG("create: serial = "<<crypto::hex(cert.serial()));
return create(attrs);

3
src/makefile.am
Unescape View File

@ -6,7 +6,8 @@
## 45678901234567890123456789012345678901234567890123456789012345678901234567890
include_HEADERS = pcsc.hxx cryptoki.hxx openssl.hxx cryptaux.hxx \
openssl-engine.hxx suisseid.hxx cardos.hxx
openssl-engine.hxx suisseid.hxx cardos.hxx \
openssl-compatibility.hxx
noinst_HEADERS = cardgui.hxx cardgui-model.hxx

763
src/openssl-compatibility.hxx
Unescape View File

@ -0,0 +1,763 @@
/*! @file
@id $Id$
*/
// 1 2 3 4 5 6 7 8
// 45678901234567890123456789012345678901234567890123456789012345678901234567890
#include <openssl/opensslv.h>
#ifndef OPENSSL_VERSION_NUMBER
# error OpenSSL Version Number not Found
#elif OPENSSL_VERSION_NUMBER < 0x00908000L
# ifdef ALLOW_SSL_OLDER_THAN_0_8
# warning OpenSSL older than 0.8 detected please upgrade to 1.0
# else
# error OpenSSL older than 0.8 detected please upgrade to 1.0
# endif
# define OPENSSL_0_7
# define V0_CONST
# define CV_STACK
# define CV_X509
#elif OPENSSL_VERSION_NUMBER < 0x10000000L
# ifdef ALLOW_SSL_0_8
# warning OpenSSL 0.8 detected please upgrade to 1.0
# else
# error OpenSSL 0.8 detected please upgrade to 1.0
# endif
# define OPENSSL_0_8
# define V0_CONST const
# define CV_STACK
# define CV_X509
#else
# define OPENSSL_1_0
# define V0_CONST const
# define CV_STACK (_STACK*)
# define CV_X509 (STACK_OF(X509)*)
#endif
#ifndef OPENSSL_VERSION_NUMBER
# error OpenSSL Version Number not Found
#elif OPENSSL_VERSION_NUMBER < 0x10000000L
# define OPENSSL_0
# define OPENSSL_V0_CONST
#else
# define OPENSSL_1
# define OPENSSL_V0_CONST const
#endif
#include <openssl/crypto.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include <openssl/ossl_typ.h>
namespace openssl {
//==============================================================================
//! @addtogroup opensslcompat
//@{
/// Get OpenSSL runtime and buildtime version information
/** To be displyed in an about box. It also shows mandatory license
information. */
inline std::string version() {
std::string v
((std::string(OPENSSL_VERSION_TEXT)==SSLeay_version(SSLEAY_VERSION))
? SSLeay_version(SSLEAY_VERSION)
: std::string(OPENSSL_VERSION_TEXT) + " (Buildtime)"
+ "\n - Runtime: " + SSLeay_version(SSLEAY_VERSION));
return v
+ "\n - OpenSSL API "+SHLIB_VERSION_NUMBER+" compatible"
+ "\n - " + SSLeay_version(SSLEAY_BUILT_ON)
+ "\n - " + SSLeay_version(SSLEAY_PLATFORM)
+ "\n\n"
"This product includes software developed by the OpenSSL Project"
" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
"\n\n"
"This product includes cryptographic software written by Eric Young"
" (eay@cryptsoft.com)";
}
//------------------------------------------------------------------------------
#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* The following code is copied from:
https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
Provide the new functions to old version of OpenSSL. */
#include <string.h>
#include <openssl/engine.h>
inline static void *OPENSSL_zalloc(size_t num) {
void *ret = OPENSSL_malloc(num);
if (ret != NULL)
memset(ret, 0, num);
return ret;
}
inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
/* If the fields n and e in r are NULL, the corresponding input
* parameters MUST be non-NULL for n and e. d may be
* left NULL (in case only the public key is used).
*/
if ((r->n == NULL && n == NULL)
|| (r->e == NULL && e == NULL))
return 0;
if (n != NULL) {
BN_free(r->n);
r->n = n;
}
if (e != NULL) {
BN_free(r->e);
r->e = e;
}
if (d != NULL) {
BN_free(r->d);
r->d = d;
}
return 1;
}
inline int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) {
/* If the fields p and q in r are NULL, the corresponding input
* parameters MUST be non-NULL.
*/
if ((r->p == NULL && p == NULL)
|| (r->q == NULL && q == NULL))
return 0;
if (p != NULL) {
BN_free(r->p);
r->p = p;
}
if (q != NULL) {
BN_free(r->q);
r->q = q;
}
return 1;
}
inline int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) {
/* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
* parameters MUST be non-NULL.
*/
if ((r->dmp1 == NULL && dmp1 == NULL)
|| (r->dmq1 == NULL && dmq1 == NULL)
|| (r->iqmp == NULL && iqmp == NULL))
return 0;
if (dmp1 != NULL) {
BN_free(r->dmp1);
r->dmp1 = dmp1;
}
if (dmq1 != NULL) {
BN_free(r->dmq1);
r->dmq1 = dmq1;
}
if (iqmp != NULL) {
BN_free(r->iqmp);
r->iqmp = iqmp;
}
return 1;
}
inline ENGINE* RSA_get0_engine(const RSA *r) {
return r->engine;
}
inline void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) {
if (n != NULL)
*n = r->n;
if (e != NULL)
*e = r->e;
if (d != NULL)
*d = r->d;
}
inline void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) {
if (p != NULL)
*p = r->p;
if (q != NULL)
*q = r->q;
}
inline void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp) {
if (dmp1 != NULL)
*dmp1 = r->dmp1;
if (dmq1 != NULL)
*dmq1 = r->dmq1;
if (iqmp != NULL)
*iqmp = r->iqmp;
}
inline void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) {
if (p != NULL)
*p = d->p;
if (q != NULL)
*q = d->q;
if (g != NULL)
*g = d->g;
}
inline int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
/* If the fields p, q and g in d are NULL, the corresponding input
* parameters MUST be non-NULL.
*/
if ((d->p == NULL && p == NULL)
|| (d->q == NULL && q == NULL)
|| (d->g == NULL && g == NULL))
return 0;
if (p != NULL) {
BN_free(d->p);
d->p = p;
}
if (q != NULL) {
BN_free(d->q);
d->q = q;
}
if (g != NULL) {
BN_free(d->g);
d->g = g;
}
return 1;
}
inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) {
if (pub_key != NULL)
*pub_key = d->pub_key;
if (priv_key != NULL)
*priv_key = d->priv_key;
}
inline int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) {
/* If the field pub_key in d is NULL, the corresponding input
* parameters MUST be non-NULL. The priv_key field may
* be left NULL.
*/
if (d->pub_key == NULL && pub_key == NULL)
return 0;
if (pub_key != NULL) {
BN_free(d->pub_key);
d->pub_key = pub_key;
}
if (priv_key != NULL) {
BN_free(d->priv_key);
d->priv_key = priv_key;
}
return 1;
}
inline void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {
if (pr != NULL)
*pr = sig->r;
if (ps != NULL)
*ps = sig->s;
}
inline int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
if (r == NULL || s == NULL)
return 0;
BN_clear_free(sig->r);
BN_clear_free(sig->s);
sig->r = r;
sig->s = s;
return 1;
}
inline void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {
if (pr != NULL)
*pr = sig->r;
if (ps != NULL)
*ps = sig->s;
}
inline int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
if (r == NULL || s == NULL)
return 0;
BN_clear_free(sig->r);
BN_clear_free(sig->s);
sig->r = r;
sig->s = s;
return 1;
}
inline void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) {
if (p != NULL)
*p = dh->p;
if (q != NULL)
*q = dh->q;
if (g != NULL)
*g = dh->g;
}
inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
/* If the fields p and g in d are NULL, the corresponding input
* parameters MUST be non-NULL. q may remain NULL.
*/
if ((dh->p == NULL && p == NULL)
|| (dh->g == NULL && g == NULL))
return 0;
if (p != NULL) {
BN_free(dh->p);
dh->p = p;
}
if (q != NULL) {
BN_free(dh->q);
dh->q = q;
}
if (g != NULL) {
BN_free(dh->g);
dh->g = g;
}
if (q != NULL) {
dh->length = BN_num_bits(q);
}
return 1;
}
inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) {
if (pub_key != NULL)
*pub_key = dh->pub_key;
if (priv_key != NULL)
*priv_key = dh->priv_key;
}
inline int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) {
/* If the field pub_key in dh is NULL, the corresponding input
* parameters MUST be non-NULL. The priv_key field may
* be left NULL.
*/
if (dh->pub_key == NULL && pub_key == NULL)
return 0;
if (pub_key != NULL) {
BN_free(dh->pub_key);
dh->pub_key = pub_key;
}
if (priv_key != NULL) {
BN_free(dh->priv_key);
dh->priv_key = priv_key;
}
return 1;
}
inline int DH_set_length(DH *dh, long length) {
dh->length = length;
return 1;
}
inline const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) {
return ctx->iv;
}
inline unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) {
return ctx->iv;
}
/** @bug
./openssl.hxx:416:26: error: invalid conversion from void* to EVP_MD_CTX* {aka env_md_ctx_st*} [-fpermissive]
return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
^
*/
// EVP_MD_CTX *EVP_MD_CTX_new(void)
// {
// return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
// }
inline void EVP_MD_CTX_free(EVP_MD_CTX *ctx) {
EVP_MD_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
inline RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) {
RSA_METHOD *ret;
ret = (RSA_METHOD*)OPENSSL_malloc(sizeof(RSA_METHOD));
if (ret != NULL) {
memcpy(ret, meth, sizeof(*meth));
ret->name = OPENSSL_strdup(meth->name);
if (ret->name == NULL) {
OPENSSL_free(ret);
return NULL;
}
}
return ret;
}
inline int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) {
char *tmpname;
tmpname = OPENSSL_strdup(name);
if (tmpname == NULL) {
return 0;
}
OPENSSL_free((char *)meth->name);
meth->name = tmpname;
return 1;
}
// inline int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) {
// meth->rsa_priv_enc = priv_enc;
// return 1;
// }
// inline int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) {
// meth->rsa_priv_dec = priv_dec;
// return 1;
// }
// inline int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) {
// meth->finish = finish;
// return 1;
// }
inline void RSA_meth_free(RSA_METHOD *meth) {
if (meth != NULL) {
OPENSSL_free((char *)meth->name);
OPENSSL_free(meth);
}
}
inline int RSA_bits(const RSA *r) {
return (BN_num_bits(r->n));
}
inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) {
if (pkey->type != EVP_PKEY_RSA) {
return NULL;
}
return pkey->pkey.rsa;
}
inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) {
if (pkey->type != EVP_PKEY_DSA) {
return NULL;
}
return pkey->pkey.dsa;
}
inline DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) {
if (pkey->type != EVP_PKEY_DH) {
return NULL;
}
return pkey->pkey.dh;
}
// HMAC_CTX *HMAC_CTX_new(void)
// {
// HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
// if (ctx != NULL) {
// if (!HMAC_CTX_reset(ctx)) {
// HMAC_CTX_free(ctx);
// return NULL;
// }
// }
// return ctx;
// }
// void HMAC_CTX_free(HMAC_CTX *ctx)
// {
// if (ctx != NULL) {
// hmac_ctx_cleanup(ctx);
// EVP_MD_CTX_free(ctx->i_ctx);
// EVP_MD_CTX_free(ctx->o_ctx);
// EVP_MD_CTX_free(ctx->md_ctx);
// OPENSSL_free(ctx);
// }
// }
/* the following is copied and modified from openssl-1.1.0g/crypto/rsa/rsa_meth.c */
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
// inline RSA_METHOD *RSA_meth_new(const char *name, int flags) {
// RSA_METHOD *meth = OPENSSL_zalloc(sizeof(*meth));
// if (meth != NULL) {
// meth->flags = flags;
// meth->name = OPENSSL_strdup(name);
// if (meth->name != NULL)
// return meth;
// OPENSSL_free(meth);
// }
// RSAerr(RSA_F_RSA_METH_NEW, ERR_R_MALLOC_FAILURE);
// return NULL;
// }
// inline void RSA_meth_free(RSA_METHOD *meth) {
// if (meth != NULL) {
// OPENSSL_free(meth->name);
// OPENSSL_free(meth);
// }
// }
// inline RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) {
// RSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
// if (ret != NULL) {
// memcpy(ret, meth, sizeof(*meth));
// ret->name = OPENSSL_strdup(meth->name);
// if (ret->name != NULL)
// return ret;
// OPENSSL_free(ret);
// }
// RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
// return NULL;
// }
inline const char *RSA_meth_get0_name(const RSA_METHOD *meth) {
return meth->name;
}
// inline int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) {
// char *tmpname = OPENSSL_strdup(name);
// if (tmpname == NULL) {
// RSAerr(RSA_F_RSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
// return 0;
// }
// OPENSSL_free(meth->name);
// meth->name = tmpname;
// return 1;
// }
inline int RSA_meth_get_flags(RSA_METHOD *meth) {
return meth->flags;
}
inline int RSA_meth_set_flags(RSA_METHOD *meth, int flags) {
meth->flags = flags;
return 1;
}
inline void *RSA_meth_get0_app_data(const RSA_METHOD *meth) {
return meth->app_data;
}
// inline int RSA_meth_set0_app_data(RSA_METHOD *meth, char *app_data) {
// meth->app_data = app_data;
// return 1;
// }
inline int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
return meth->rsa_pub_enc;
}
inline int RSA_meth_set_pub_enc(RSA_METHOD *meth,
int (*pub_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding)) {
meth->rsa_pub_enc = pub_enc;
return 1;
}
inline int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
return meth->rsa_pub_dec;
}
inline int RSA_meth_set_pub_dec(RSA_METHOD *meth,
int (*pub_dec) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding)) {
meth->rsa_pub_dec = pub_dec;
return 1;
}
inline int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
return meth->rsa_priv_enc;
}
inline int RSA_meth_set_priv_enc(RSA_METHOD *meth,
int (*priv_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding)) {
meth->rsa_priv_enc = priv_enc;
return 1;
}
inline int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
return meth->rsa_priv_dec;
}
inline int RSA_meth_set_priv_dec(RSA_METHOD *meth,
int (*priv_dec) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding)) {
meth->rsa_priv_dec = priv_dec;
return 1;
}
/* Can be null */
inline int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) {
return meth->rsa_mod_exp;
}
inline int RSA_meth_set_mod_exp(RSA_METHOD *meth,
int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx)) {
meth->rsa_mod_exp = mod_exp;
return 1;
}
/* Can be null */
inline int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) {
return meth->bn_mod_exp;
}
inline int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth,
int (*bn_mod_exp) (BIGNUM *r,
const BIGNUM *a,
const BIGNUM *p,
const BIGNUM *m,
BN_CTX *ctx,
BN_MONT_CTX *m_ctx)) {
meth->bn_mod_exp = bn_mod_exp;
return 1;
}
/* called at new */
inline int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa) {
return meth->init;
}
inline int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa)) {
meth->init = init;
return 1;
}
inline /* called at free */
int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa) {
return meth->finish;
}
inline int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) {
meth->finish = finish;
return 1;
}
inline int (*RSA_meth_get_sign(const RSA_METHOD *meth))
(int type,
const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa) {
return meth->rsa_sign;
}
inline int RSA_meth_set_sign(RSA_METHOD *meth,
int (*sign) (int type, const unsigned char *m,
unsigned int m_length,
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa)) {
meth->rsa_sign = sign;
return 1;
}
inline int (*RSA_meth_get_verify(const RSA_METHOD *meth))
(int dtype, const unsigned char *m,
unsigned int m_length, const unsigned char *sigbuf,
unsigned int siglen, const RSA *rsa) {
return meth->rsa_verify;
}
inline int RSA_meth_set_verify(RSA_METHOD *meth,
int (*verify) (int dtype, const unsigned char *m,
unsigned int m_length,
const unsigned char *sigbuf,
unsigned int siglen, const RSA *rsa)) {
meth->rsa_verify = verify;
return 1;
}
inline int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) {
return meth->rsa_keygen;
}
inline int RSA_meth_set_keygen(RSA_METHOD *meth,
int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
BN_GENCB *cb)) {
meth->rsa_keygen = keygen;
return 1;
}
/* the following is copied and modified from OpenSSL 1.1 openssl-1.1.0g stack.h */
# define OPENSSL_STACK STACK
# define OPENSSL_sk_num sk_num
# define OPENSSL_sk_value sk_value
# define OPENSSL_sk_set sk_set
# define OPENSSL_sk_new sk_new
# define OPENSSL_sk_new_null sk_new_null
# define OPENSSL_sk_free sk_free
# define OPENSSL_sk_pop_free sk_pop_free
# define OPENSSL_sk_deep_copy sk_deep_copy
# define OPENSSL_sk_insert sk_insert
# define OPENSSL_sk_delete sk_delete
# define OPENSSL_sk_delete_ptr sk_delete_ptr
# define OPENSSL_sk_find sk_find
# define OPENSSL_sk_find_ex sk_find_ex
# define OPENSSL_sk_push sk_push
# define OPENSSL_sk_unshift sk_unshift
# define OPENSSL_sk_shift sk_shift
# define OPENSSL_sk_pop sk_pop
# define OPENSSL_sk_zero sk_zero
# define OPENSSL_sk_set_cmp_func sk_set_cmp_func
# define OPENSSL_sk_dup sk_dup
# define OPENSSL_sk_sort sk_sort
# define OPENSSL_sk_is_sorted sk_is_sorted
#endif
// end of copied code
//------------------------------------------------------------------------------
//@}
}

13
src/openssl-engine.cxx
Unescape View File

@ -15,3 +15,16 @@
std::map<ENGINE*, openssl::Engine*> openssl::EngineMapper::_map;
std::map<std::string, openssl::Engine*> openssl::EngineMapper::_prototypes;
#if OPENSSL_API_COMPAT < 0x10100000L
namespace openssl {
class CleanupEngine {
public:
CleanupEngine() {}
~CleanupEngine() {
ENGINE_cleanup();
}
void test() {}
} doCleanupEngine;
}
#endif

114
src/openssl-engine.hxx
Unescape View File

@ -16,16 +16,7 @@
#include <cryptaux.hxx>
#include <openssl/opensslv.h>
#ifndef OPENSSL_VERSION_NUMBER
# error OpenSSL Version Number not Found
#elif OPENSSL_VERSION_NUMBER < 0x10000000L
# define OPENSSL_0
# define OPENSSL_V0_CONST
#else
# define OPENSSL_1
# define OPENSSL_V0_CONST const
#endif
#include <openssl-compatibility.hxx>
#undef DATADIR
#include <openssl/engine.h>
@ -82,12 +73,12 @@ namespace openssl {
public:
Engine(): _e(ENGINE_new()) {
Engine(): _e(ENGINE_new()), _cleanup(true) {
CRYPTOLOG("log");
}
virtual ~Engine() {
CRYPTOLOG("log");
OPENSSL_CHECK(ENGINE_free(_e));
if (_cleanup) OPENSSL_CHECK(ENGINE_free(_e));
}
virtual const char* id() = 0;
virtual const char* name() = 0;
@ -136,10 +127,75 @@ namespace openssl {
return 1;
}
class iterator;
protected:
friend class EngineMapper;
friend class iterator;
Engine(ENGINE* e): _e(e), _cleanup(false) {
CRYPTOLOG("log");
}
Engine(const Engine&); // forbidden
Engine& operator=(const Engine&); // forbidden
ENGINE* _e;
bool _cleanup;
};
class Engine::iterator {
private:
class MyEngine: public Engine {
public:
MyEngine(ENGINE*e): Engine(e) {}
virtual const char* id() {
return ENGINE_get_id(_e);
}
virtual const char* name() {
return ENGINE_get_name(_e);
}
};
public:
iterator(): _e(new MyEngine(ENGINE_get_first())) {
CRYPTOLOG("log");
}
~iterator() {
CRYPTOLOG("log");
delete _e;
}
Engine& operator*() {
CRYPTOLOG("log");
return *_e;
}
Engine* operator->() {
CRYPTOLOG("log");
return _e;
}
iterator& operator++() {
CRYPTOLOG("log");
_e->_e = ENGINE_get_next(_e->_e);
return *this;
}
operator bool() const {
CRYPTOLOG("log: "<<_e->_e<<" ---- "<<ENGINE_get_first());
return _e->_e!=0;
}
private:
Engine* _e;
};
@ -180,7 +236,7 @@ namespace openssl {
_map.erase(e->_e);
delete e;
}
private:
static int destroy(ENGINE*) {
@ -216,7 +272,7 @@ namespace openssl {
unsigned char *to,
RSA *rsa, int padding) {
CRYPTOLOG("log");
Map::iterator it(_map.find(rsa->engine));
Map::iterator it(_map.find(RSA_get0_engine(rsa)));
if (it==_map.end()) return 0;
try {
std::string res(it->second->rsaEncrypt
@ -232,7 +288,7 @@ namespace openssl {
static int rsaDecrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
CRYPTOLOG("log");
Map::iterator it(_map.find(rsa->engine));
Map::iterator it(_map.find(RSA_get0_engine(rsa)));
if (it==_map.end()) return 0;
try {
std::string res(it->second->rsaDecrypt
@ -251,7 +307,7 @@ namespace openssl {
unsigned int*tlen,
const RSA *rsa) {
CRYPTOLOG("log");
Map::iterator it(_map.find(rsa->engine));
Map::iterator it(_map.find(RSA_get0_engine(rsa)));
if (it==_map.end()) return 0;
try {
std::string res(it->second->rsaSign
@ -271,12 +327,12 @@ namespace openssl {
unsigned int, OPENSSL_V0_CONST unsigned char*,
unsigned int, const RSA* rsa) {
CRYPTOLOG("log");
Map::iterator it(_map.find(rsa->engine));
Map::iterator it(_map.find(RSA_get0_engine(rsa)));
return it!=_map.end()?it->second->rsaVerify():0;
}
static int rsaFinish(RSA *rsa) {
CRYPTOLOG("log");
Map::iterator it(_map.find(rsa->engine));
Map::iterator it(_map.find(RSA_get0_engine(rsa)));
return it!=_map.end()?it->second->rsaFinish():0;
}
@ -284,20 +340,20 @@ namespace openssl {
static RSA_METHOD* rsa() {
CRYPTOLOG("log");
static RSA_METHOD ops;
if (!ops.rsa_priv_enc) {
ops = *RSA_get_default_method();
ops.rsa_pub_enc = rsaEncrypt;
ops.rsa_priv_dec = rsaDecrypt;
static RSA_METHOD* ops(0);
if (!ops) {
ops = RSA_meth_dup(RSA_get_default_method());
RSA_meth_set_pub_enc(ops, rsaEncrypt);
RSA_meth_set_priv_dec(ops, rsaDecrypt);
// a.k.a Verify/Sign. actLibrary just allows the proper functions
// and has this 'backdoor' closed. Breaks 'rsautl', sadly.
ops.rsa_pub_dec = NULL;
ops.rsa_priv_enc = NULL;
ops.rsa_sign = rsaSign;
ops.rsa_verify = rsaVerify;
ops.finish = rsaFinish;
RSA_meth_set_pub_dec(ops, 0);
RSA_meth_set_priv_enc(ops, 0);
RSA_meth_set_sign(ops, rsaSign);
RSA_meth_set_verify(ops, rsaVerify);
RSA_meth_set_finish(ops, rsaFinish);
}
return &ops;
return ops;
}
private:

152
src/openssl.hxx
Unescape View File

@ -26,72 +26,23 @@
#include <openssl/err.h>
#include <vector>
#include <openssl/opensslv.h>
#ifndef OPENSSL_VERSION_NUMBER
# error OpenSSL Version Number not Found
#elif OPENSSL_VERSION_NUMBER < 0x00908000L
# ifdef ALLOW_SSL_OLDER_THAN_0_8
# warning OpenSSL older than 0.8 detected please upgrade to 1.0
# else
# error OpenSSL older than 0.8 detected please upgrade to 1.0
# endif
# define OPENSSL_0_7
# define V0_CONST
# define CV_STACK
# define CV_X509
#elif OPENSSL_VERSION_NUMBER < 0x10000000L
# ifdef ALLOW_SSL_0_8
# warning OpenSSL 0.8 detected please upgrade to 1.0
# else
# error OpenSSL 0.8 detected please upgrade to 1.0
# endif
# define OPENSSL_0_8
# define V0_CONST const
# define CV_STACK
# define CV_X509
#else
# define OPENSSL_1_0
# define V0_CONST const
# define CV_STACK (_STACK*)
# define CV_X509 (STACK_OF(X509)*)
#endif
#include <openssl/x509v3.h> // BASIC_CONSTRAINTS
#include <openssl/bn.h>
#include <cryptaux.hxx>
#include <cstdio>
#include <cassert>
#include <openssl-compatibility.hxx>
/*! @defgroup gopenssl C++ Wrapper around OpenSSL API
Support for SSL-connections, engines, keys and certificates. */
//@{
//! @defgroup openssllib OpenSSL C++ Library
//! @defgroup opensslcompat OpenSSL Compatibility Wrapper
//! @defgroup opensslexceptions OpenSSL Exceptions
//! @ref gopenssl @copydoc gpcsc
namespace openssl {
/// Get OpenSSL runtime and buildtime version information
/** To be displyed in an about box. It also shows mandatory license
information. */
inline std::string version() {
std::string v
((std::string(OPENSSL_VERSION_TEXT)==SSLeay_version(SSLEAY_VERSION))
? SSLeay_version(SSLEAY_VERSION)
: std::string(OPENSSL_VERSION_TEXT) + " (Buildtime)"
+ "\n - Runtime: " + SSLeay_version(SSLEAY_VERSION));
return v
+ "\n - OpenSSL API "+SHLIB_VERSION_NUMBER+" compatible"
+ "\n - " + SSLeay_version(SSLEAY_BUILT_ON)
+ "\n - " + SSLeay_version(SSLEAY_PLATFORM)
+ "\n\n"
"This product includes software developed by the OpenSSL Project"
" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
"\n\n"
"This product includes cryptographic software written by Eric Young"
" (eay@cryptsoft.com)";
}
//============================================================================
//! @addtogroup opensslexceptions
//@{
@ -570,7 +521,7 @@ namespace openssl {
CRYPTOLOG("log");
return string(_bn);
}
static std::string string(BIGNUM* a) {
static std::string string(const BIGNUM* a) {
CRYPTOLOG("log");
std::string res(BN_num_bytes(a), '0');
BN_bn2bin(a, (unsigned char*)res.begin().operator->());
@ -886,20 +837,18 @@ namespace openssl {
OPENSSL_free(c);
return res;
}
//! Get DER encoded serial number.
std::string serialDER() const {
CRYPTOLOG("log");
unsigned char* c(0);
int len(i2d_ASN1_INTEGER(X509_get_serialNumber(_x509), &c));
std::string res((char*)c, len);
OPENSSL_free(c);
return res;
}
//! Get serial number.
std::string serial() const {
CRYPTOLOG("log");
/* @bug tcp://albistechnologies.com reports: «could be a
failure in openSSL: len too short by 1 if serial number
starts with 00 ASN1_INTEGER* ser =
X509_get_serialNumber(_x509);»
@code
ASN1_INTEGER* ser(X509_get_serialNumber(_x509));
return std::string((char*)ser->data, ser->length);
@endcode
- requires memory free?
- ser->type?!? tcp://albistechnologies.com prepends
tag and length in the first two char-fields. */
unsigned char* c(0);
int len(i2d_X509(_x509, &c));
if (len<15 || len<15+c[14]) {
@ -914,9 +863,10 @@ namespace openssl {
std::string id() const {
CRYPTOLOG("log");
unsigned char c[SHA_DIGEST_LENGTH];
SHA1(_x509->cert_info->key->public_key->data,
_x509->cert_info->key->public_key->length,
c);
const unsigned char *pk(0);
int ppklen(0);
X509_PUBKEY_get0_param(0, &pk, &ppklen, 0, X509_get_X509_PUBKEY(_x509));
SHA1(pk, ppklen, c);
return std::string((char*)c, SHA_DIGEST_LENGTH);
}
//! Get common name.
@ -927,8 +877,8 @@ namespace openssl {
(X509_NAME_ENTRY_get_data
(X509_NAME_get_entry
(name, X509_NAME_get_index_by_NID(name, NID_commonName, -1))));
return std::string((char*)M_ASN1_STRING_data(cn),
M_ASN1_STRING_length(cn));
return std::string((char*)ASN1_STRING_data(cn),
ASN1_STRING_length(cn));
}
//! Get country name.
std::string countryName() const {
@ -938,8 +888,8 @@ namespace openssl {
(X509_NAME_ENTRY_get_data
(X509_NAME_get_entry
(name, X509_NAME_get_index_by_NID(name, NID_countryName, -1))));
return std::string((char*)M_ASN1_STRING_data(cn),
M_ASN1_STRING_length(cn));
return std::string((char*)ASN1_STRING_data(cn),
ASN1_STRING_length(cn));
}
//! Get locality name.
std::string localityName() const {
@ -949,8 +899,8 @@ namespace openssl {
(X509_NAME_ENTRY_get_data
(X509_NAME_get_entry
(name, X509_NAME_get_index_by_NID(name, NID_localityName, -1))));
return std::string((char*)M_ASN1_STRING_data(cn),
M_ASN1_STRING_length(cn));
return std::string((char*)ASN1_STRING_data(cn),
ASN1_STRING_length(cn));
}
//! Get state or province name.
std::string stateOrProvinceName() const {
@ -961,8 +911,8 @@ namespace openssl {
(X509_NAME_get_entry
(name, X509_NAME_get_index_by_NID
(name, NID_stateOrProvinceName, -1))));
return std::string((char*)M_ASN1_STRING_data(cn),
M_ASN1_STRING_length(cn));
return std::string((char*)ASN1_STRING_data(cn),
ASN1_STRING_length(cn));
}
//! Get organization name.
std::string organizationName() const {
@ -973,8 +923,8 @@ namespace openssl {
(X509_NAME_get_entry
(name, X509_NAME_get_index_by_NID
(name, NID_organizationName, -1))));
return std::string((char*)M_ASN1_STRING_data(cn),
M_ASN1_STRING_length(cn));
return std::string((char*)ASN1_STRING_data(cn),
ASN1_STRING_length(cn));
}
//! Check whether it's a CA certificate.
bool isCa() {
@ -994,8 +944,8 @@ namespace openssl {
(X509_NAME_get_entry
(name, X509_NAME_get_index_by_NID
(name, NID_organizationalUnitName, -1))));
return std::string((char*)M_ASN1_STRING_data(cn),
M_ASN1_STRING_length(cn));
return std::string((char*)ASN1_STRING_data(cn),
ASN1_STRING_length(cn));
}
//! Get key usage flags.
int keyUsageFlags() const {
@ -1005,8 +955,8 @@ namespace openssl {
if (pos>=0) {
ASN1_BIT_STRING* ku((ASN1_BIT_STRING*)X509V3_EXT_d2i
(X509_get_ext(_x509, pos)));
std::string val((char*)M_ASN1_STRING_data(ku),
M_ASN1_STRING_length(ku));
std::string val((char*)ASN1_STRING_data(ku),
ASN1_STRING_length(ku));
if (val.size()<=sizeof(int))
val = std::string(sizeof(int)-val.size(), '\0')+val;
assert(val.size()==sizeof(int));
@ -1045,35 +995,51 @@ namespace openssl {
}
std::string modulus() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->n);
const BIGNUM **n(0);
RSA_get0_key(rsa(), n, 0, 0);
return BigNum::string(*n);
}
std::string publicExponent() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->e);
const BIGNUM **e(0);
RSA_get0_key(rsa(), 0, e, 0);
return BigNum::string(*e);
}
std::string privateExponent() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->d);
const BIGNUM **d(0);
RSA_get0_key(rsa(), 0, 0, d);
return BigNum::string(*d);
}
std::string prime1() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->p);
const BIGNUM **p(0);
RSA_get0_factors(rsa(), p, 0);
return BigNum::string(*p);
}
std::string prime2() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->q);
const BIGNUM **q(0);
RSA_get0_factors(rsa(), 0, q);
return BigNum::string(*q);
}
std::string exponent1() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->dmp1);
const BIGNUM **dmp1(0);
RSA_get0_crt_params(rsa(), dmp1, 0, 0);
return BigNum::string(*dmp1);
}
std::string exponent2() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->dmq1);
const BIGNUM **dmq1(0);
RSA_get0_crt_params(rsa(), 0, dmq1, 0);
return BigNum::string(*dmq1);
}
std::string coefficient() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->iqmp);
const BIGNUM **iqmp(0);
RSA_get0_crt_params(rsa(), 0, 0, iqmp);
return BigNum::string(*iqmp);
}
private:
void copy(const PrivateKey& o) {
@ -1111,20 +1077,20 @@ namespace openssl {
RSA* rsa() const {
CRYPTOLOG("log");
//! @todo throw exception if 0?
return EVP_PKEY_get1_RSA(_key);
return EVP_PKEY_get0_RSA(_key);
}
DSA* dsa() const {
CRYPTOLOG("log");
return EVP_PKEY_get1_DSA(_key);
return EVP_PKEY_get0_DSA(_key);
}
DH* dh() const {
CRYPTOLOG("log");
return EVP_PKEY_get1_DH(_key);
return EVP_PKEY_get0_DH(_key);
}
/* Not available on mac osx
EC_KEY* ec() const {
CRYPTOLOG("log");
return EVP_PKEY_get1_EC_KEY(_key);
return EVP_PKEY_get0_EC_KEY(_key);
}*/
EVP_PKEY* _key;
};
@ -1247,7 +1213,7 @@ namespace openssl {
BIO_free(mem);
if (!p7) throw pkcs7_parsing_failed();
try {
if (PKCS7_type_is_signed(p7)) while ((CV_STACK p7->d.sign->cert)->num>0)
if (PKCS7_type_is_signed(p7)) while (OPENSSL_sk_num(CV_STACK p7->d.sign->cert)>0)
_certs.push_back(new X509((::X509*)sk_pop(CV_STACK p7->d.sign->cert)));
else //! @todo to be implemented: check for other types
throw pkcs7_unsupported_format();

2
template.sh
Unescape View File

@ -39,7 +39,7 @@ message() {
if test $# -eq 0; then
return
fi
echo "${bold}${while}$*${normal}" 1>&2
echo "${bold}${white}$*${normal}" 1>&2
}
# write a success message

Write Preview
Loading…
Cancel
Save