support new Op0enSSL 1.1.0 API

master
Marc Wäckerlin 7 years ago
parent 1f7fac1dbc
commit 8e7084e733
  1. 6
      ChangeLog
  2. 1
      bootstrap.sh
  3. 12
      build-in-docker.sh
  4. 26
      examples/openssl-engine-demo.cxx
  5. 4
      src/cryptaux.hxx
  6. 6
      src/cryptoki.cxx
  7. 3
      src/makefile.am
  8. 763
      src/openssl-compatibility.hxx
  9. 13
      src/openssl-engine.cxx
  10. 114
      src/openssl-engine.hxx
  11. 152
      src/openssl.hxx
  12. 2
      template.sh

@ -1,3 +1,9 @@
2017-12-21 15:23
* [r405] COPYING, ChangeLog, INSTALL, ax_init_standard_project.m4,
bootstrap.sh, mac-create-app-bundle.sh, template.sh:
update of build system
2017-12-07 10:19
* [r404] COPYING, INSTALL, ax_check_qt.m4,

@ -1708,6 +1708,7 @@ $(
BuildRequires: rpm-sign, lsb-release
%else
BuildRequires: rpm-sign, redhat-lsb
%global debug_package %{nil}
%endif
%endif
$(

@ -250,16 +250,16 @@ case $mode in
done
docker exec ${DOCKER_ID} apt-get update ${OPTIONS}
docker exec ${DOCKER_ID} apt-get upgrade ${OPTIONS}
docker exec ${DOCKER_ID} apt-get install ${OPTIONS} python-software-properties software-properties-common apt-transport-https dpkg-dev lsb-release || \
docker exec ${DOCKER_ID} apt-get install ${OPTIONS} software-properties-common apt-transport-https dpkg-dev lsb-release || \
docker exec ${DOCKER_ID} apt-get install ${OPTIONS} python-software-properties apt-transport-https dpkg-dev lsb-release;
for repo in "${repos[@]}"; do
ifthenelse "${repo}" "apt-add-repository 'ARG'"
done
docker exec ${DOCKER_ID} apt-get install ${OPTIONS} python-software-properties software-properties-common apt-transport-https dpkg-dev lsb-release wget || \
docker exec ${DOCKER_ID} apt-get install ${OPTIONS} software-properties-common apt-transport-https dpkg-dev lsb-release wget || \
docker exec ${DOCKER_ID} apt-get install ${OPTIONS} python-software-properties apt-transport-https dpkg-dev lsb-release wget;
for key in "${keys[@]}"; do
wget -O- "$key" \
| docker exec -i ${DOCKER_ID} apt-key add -
done
for repo in "${repos[@]}"; do
ifthenelse "${repo}" "apt-add-repository 'ARG'"
done
docker exec ${DOCKER_ID} apt-get update ${OPTIONS}
for package in "${packages[@]}"; do
ifthenelse "${package}" "apt-get install ${OPTIONS} ARG"

@ -21,17 +21,31 @@ class TestEngine: virtual public openssl::Engine {
CRYPTOLOG("log");
return "TestEngine_NAME";
}
};
class OtherTestEngine: virtual public openssl::Engine {
public:
virtual const char* id() {
CRYPTOLOG("log");
return "OtherTestEngine_ID";
}
virtual const char* name() {
CRYPTOLOG("log");
return "OtherTestEngine_NAME";
}
};
int main(int, char**) {
{
openssl::RegisterEngine<> testEngine(new TestEngine);
openssl::RegisterEngine<> testEngine(new TestEngine);
openssl::RegisterEngine<> otherTestEngine(new OtherTestEngine);
for (ENGINE* e(ENGINE_get_first()); e; e = ENGINE_get_next(e)) {
std::cout<<"Found Engine: "<<ENGINE_get_id(e)<<std::endl;
}
for (openssl::Engine::iterator it; it; ++it) {
std::cout<<"Found Engine: "<<(*it).id()<<std::endl;
}
ENGINE_cleanup();
return 0;
}

@ -18,7 +18,9 @@
Auxiliary often used funcions in cryptographic environment, such
as logging, converting binary from and to hexadecimal or creating
readable texts from binary data. */
readable texts from binary data.
To enable logging, add @c -DDEBUG to @c CPPFLAGS */
//@{
#define CRYPTOLOG_QUOTE(X) CRYPTOLOG_QUOTE2(X)

@ -207,7 +207,7 @@ namespace cryptoki {
#endif
_fn = 0;
} catch (std::exception& e) {
CRYPTOLOG("unloading cryptoki library failed, reason: "+e.what());
CRYPTOLOG("unloading cryptoki library failed, reason: "<<e.what());
} catch (...) {
CRYPTOLOG("unloading cryptoki library failed");
}
@ -333,8 +333,8 @@ namespace cryptoki {
.from<CK_CERTIFICATE_TYPE>(CKC_X_509));
attrs.push_back(Attribute(CKA_SUBJECT, cert.subjectDER()));
attrs.push_back(Attribute(CKA_ID, cert.id()));
attrs.push_back(Attribute(CKA_ISSUER, cert.issuerDER()));
attrs.push_back(Attribute(CKA_SERIAL_NUMBER, cert.serial()));
//attrs.push_back(Attribute(CKA_ISSUER, cert.issuerDER()));
// attrs.push_back(Attribute(CKA_SERIAL_NUMBER, cert.serialDER()));
attrs.push_back(Attribute(CKA_VALUE, cert.valueDER()));
CRYPTOLOG("create: serial = "<<crypto::hex(cert.serial()));
return create(attrs);

@ -6,7 +6,8 @@
## 45678901234567890123456789012345678901234567890123456789012345678901234567890
include_HEADERS = pcsc.hxx cryptoki.hxx openssl.hxx cryptaux.hxx \
openssl-engine.hxx suisseid.hxx cardos.hxx
openssl-engine.hxx suisseid.hxx cardos.hxx \
openssl-compatibility.hxx
noinst_HEADERS = cardgui.hxx cardgui-model.hxx

@ -0,0 +1,763 @@
/*! @file
@id $Id$
*/
// 1 2 3 4 5 6 7 8
// 45678901234567890123456789012345678901234567890123456789012345678901234567890
#include <openssl/opensslv.h>
#ifndef OPENSSL_VERSION_NUMBER
# error OpenSSL Version Number not Found
#elif OPENSSL_VERSION_NUMBER < 0x00908000L
# ifdef ALLOW_SSL_OLDER_THAN_0_8
# warning OpenSSL older than 0.8 detected please upgrade to 1.0
# else
# error OpenSSL older than 0.8 detected please upgrade to 1.0
# endif
# define OPENSSL_0_7
# define V0_CONST
# define CV_STACK
# define CV_X509
#elif OPENSSL_VERSION_NUMBER < 0x10000000L
# ifdef ALLOW_SSL_0_8
# warning OpenSSL 0.8 detected please upgrade to 1.0
# else
# error OpenSSL 0.8 detected please upgrade to 1.0
# endif
# define OPENSSL_0_8
# define V0_CONST const
# define CV_STACK
# define CV_X509
#else
# define OPENSSL_1_0
# define V0_CONST const
# define CV_STACK (_STACK*)
# define CV_X509 (STACK_OF(X509)*)
#endif
#ifndef OPENSSL_VERSION_NUMBER
# error OpenSSL Version Number not Found
#elif OPENSSL_VERSION_NUMBER < 0x10000000L
# define OPENSSL_0
# define OPENSSL_V0_CONST
#else
# define OPENSSL_1
# define OPENSSL_V0_CONST const
#endif
#include <openssl/crypto.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include <openssl/ossl_typ.h>
namespace openssl {
//==============================================================================
//! @addtogroup opensslcompat
//@{
/// Get OpenSSL runtime and buildtime version information
/** To be displyed in an about box. It also shows mandatory license
information. */
inline std::string version() {
std::string v
((std::string(OPENSSL_VERSION_TEXT)==SSLeay_version(SSLEAY_VERSION))
? SSLeay_version(SSLEAY_VERSION)
: std::string(OPENSSL_VERSION_TEXT) + " (Buildtime)"
+ "\n - Runtime: " + SSLeay_version(SSLEAY_VERSION));
return v
+ "\n - OpenSSL API "+SHLIB_VERSION_NUMBER+" compatible"
+ "\n - " + SSLeay_version(SSLEAY_BUILT_ON)
+ "\n - " + SSLeay_version(SSLEAY_PLATFORM)
+ "\n\n"
"This product includes software developed by the OpenSSL Project"
" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
"\n\n"
"This product includes cryptographic software written by Eric Young"
" (eay@cryptsoft.com)";
}
//------------------------------------------------------------------------------
#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* The following code is copied from:
https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
Provide the new functions to old version of OpenSSL. */
#include <string.h>
#include <openssl/engine.h>
inline static void *OPENSSL_zalloc(size_t num) {
void *ret = OPENSSL_malloc(num);
if (ret != NULL)
memset(ret, 0, num);
return ret;
}
inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
/* If the fields n and e in r are NULL, the corresponding input
* parameters MUST be non-NULL for n and e. d may be
* left NULL (in case only the public key is used).
*/
if ((r->n == NULL && n == NULL)
|| (r->e == NULL && e == NULL))
return 0;
if (n != NULL) {
BN_free(r->n);
r->n = n;
}
if (e != NULL) {
BN_free(r->e);
r->e = e;
}
if (d != NULL) {
BN_free(r->d);
r->d = d;
}
return 1;
}
inline int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) {
/* If the fields p and q in r are NULL, the corresponding input
* parameters MUST be non-NULL.
*/
if ((r->p == NULL && p == NULL)
|| (r->q == NULL && q == NULL))
return 0;
if (p != NULL) {
BN_free(r->p);
r->p = p;
}
if (q != NULL) {
BN_free(r->q);
r->q = q;
}
return 1;
}
inline int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) {
/* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
* parameters MUST be non-NULL.
*/
if ((r->dmp1 == NULL && dmp1 == NULL)
|| (r->dmq1 == NULL && dmq1 == NULL)
|| (r->iqmp == NULL && iqmp == NULL))
return 0;
if (dmp1 != NULL) {
BN_free(r->dmp1);
r->dmp1 = dmp1;
}
if (dmq1 != NULL) {
BN_free(r->dmq1);
r->dmq1 = dmq1;
}
if (iqmp != NULL) {
BN_free(r->iqmp);
r->iqmp = iqmp;
}
return 1;
}
inline ENGINE* RSA_get0_engine(const RSA *r) {
return r->engine;
}
inline void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) {
if (n != NULL)
*n = r->n;
if (e != NULL)
*e = r->e;
if (d != NULL)
*d = r->d;
}
inline void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) {
if (p != NULL)
*p = r->p;
if (q != NULL)
*q = r->q;
}
inline void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp) {
if (dmp1 != NULL)
*dmp1 = r->dmp1;
if (dmq1 != NULL)
*dmq1 = r->dmq1;
if (iqmp != NULL)
*iqmp = r->iqmp;
}
inline void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) {
if (p != NULL)
*p = d->p;
if (q != NULL)
*q = d->q;
if (g != NULL)
*g = d->g;
}
inline int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
/* If the fields p, q and g in d are NULL, the corresponding input
* parameters MUST be non-NULL.
*/
if ((d->p == NULL && p == NULL)
|| (d->q == NULL && q == NULL)
|| (d->g == NULL && g == NULL))
return 0;
if (p != NULL) {
BN_free(d->p);
d->p = p;
}
if (q != NULL) {
BN_free(d->q);
d->q = q;
}
if (g != NULL) {
BN_free(d->g);
d->g = g;
}
return 1;
}
inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) {
if (pub_key != NULL)
*pub_key = d->pub_key;
if (priv_key != NULL)
*priv_key = d->priv_key;
}
inline int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) {
/* If the field pub_key in d is NULL, the corresponding input
* parameters MUST be non-NULL. The priv_key field may
* be left NULL.
*/
if (d->pub_key == NULL && pub_key == NULL)
return 0;
if (pub_key != NULL) {
BN_free(d->pub_key);
d->pub_key = pub_key;
}
if (priv_key != NULL) {
BN_free(d->priv_key);
d->priv_key = priv_key;
}
return 1;
}
inline void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {
if (pr != NULL)
*pr = sig->r;
if (ps != NULL)
*ps = sig->s;
}
inline int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
if (r == NULL || s == NULL)
return 0;
BN_clear_free(sig->r);
BN_clear_free(sig->s);
sig->r = r;
sig->s = s;
return 1;
}
inline void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {
if (pr != NULL)
*pr = sig->r;
if (ps != NULL)
*ps = sig->s;
}
inline int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
if (r == NULL || s == NULL)
return 0;
BN_clear_free(sig->r);
BN_clear_free(sig->s);
sig->r = r;
sig->s = s;
return 1;
}
inline void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) {
if (p != NULL)
*p = dh->p;
if (q != NULL)
*q = dh->q;
if (g != NULL)
*g = dh->g;
}
inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
/* If the fields p and g in d are NULL, the corresponding input
* parameters MUST be non-NULL. q may remain NULL.
*/
if ((dh->p == NULL && p == NULL)
|| (dh->g == NULL && g == NULL))
return 0;
if (p != NULL) {
BN_free(dh->p);
dh->p = p;
}
if (q != NULL) {
BN_free(dh->q);
dh->q = q;
}
if (g != NULL) {
BN_free(dh->g);
dh->g = g;
}
if (q != NULL) {
dh->length = BN_num_bits(q);
}
return 1;
}
inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) {
if (pub_key != NULL)
*pub_key = dh->pub_key;
if (priv_key != NULL)
*priv_key = dh->priv_key;
}
inline int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) {
/* If the field pub_key in dh is NULL, the corresponding input
* parameters MUST be non-NULL. The priv_key field may
* be left NULL.
*/
if (dh->pub_key == NULL && pub_key == NULL)
return 0;
if (pub_key != NULL) {
BN_free(dh->pub_key);
dh->pub_key = pub_key;
}
if (priv_key != NULL) {
BN_free(dh->priv_key);
dh->priv_key = priv_key;
}
return 1;
}
inline int DH_set_length(DH *dh, long length) {
dh->length = length;
return 1;
}
inline const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) {
return ctx->iv;
}
inline unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) {
return ctx->iv;
}
/** @bug
./openssl.hxx:416:26: error: invalid conversion from void* to EVP_MD_CTX* {aka env_md_ctx_st*} [-fpermissive]
return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
^
*/
// EVP_MD_CTX *EVP_MD_CTX_new(void)
// {
// return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
// }
inline void EVP_MD_CTX_free(EVP_MD_CTX *ctx) {
EVP_MD_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
inline RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) {
RSA_METHOD *ret;
ret = (RSA_METHOD*)OPENSSL_malloc(sizeof(RSA_METHOD));
if (ret != NULL) {
memcpy(ret, meth, sizeof(*meth));
ret->name = OPENSSL_strdup(meth->name);
if (ret->name == NULL) {
OPENSSL_free(ret);
return NULL;
}
}
return ret;
}
inline int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) {
char *tmpname;
tmpname = OPENSSL_strdup(name);
if (tmpname == NULL) {
return 0;
}
OPENSSL_free((char *)meth->name);
meth->name = tmpname;
return 1;
}
// inline int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) {
// meth->rsa_priv_enc = priv_enc;
// return 1;
// }
// inline int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) {
// meth->rsa_priv_dec = priv_dec;
// return 1;
// }
// inline int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) {
// meth->finish = finish;
// return 1;
// }
inline void RSA_meth_free(RSA_METHOD *meth) {
if (meth != NULL) {
OPENSSL_free((char *)meth->name);
OPENSSL_free(meth);
}
}
inline int RSA_bits(const RSA *r) {
return (BN_num_bits(r->n));
}
inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) {
if (pkey->type != EVP_PKEY_RSA) {
return NULL;
}
return pkey->pkey.rsa;
}
inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) {
if (pkey->type != EVP_PKEY_DSA) {
return NULL;
}
return pkey->pkey.dsa;
}
inline DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) {
if (pkey->type != EVP_PKEY_DH) {
return NULL;
}
return pkey->pkey.dh;
}
// HMAC_CTX *HMAC_CTX_new(void)
// {
// HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
// if (ctx != NULL) {
// if (!HMAC_CTX_reset(ctx)) {
// HMAC_CTX_free(ctx);
// return NULL;
// }
// }
// return ctx;
// }
// void HMAC_CTX_free(HMAC_CTX *ctx)
// {
// if (ctx != NULL) {
// hmac_ctx_cleanup(ctx);
// EVP_MD_CTX_free(ctx->i_ctx);
// EVP_MD_CTX_free(ctx->o_ctx);
// EVP_MD_CTX_free(ctx->md_ctx);
// OPENSSL_free(ctx);
// }
// }
/* the following is copied and modified from openssl-1.1.0g/crypto/rsa/rsa_meth.c */
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
// inline RSA_METHOD *RSA_meth_new(const char *name, int flags) {
// RSA_METHOD *meth = OPENSSL_zalloc(sizeof(*meth));
// if (meth != NULL) {
// meth->flags = flags;
// meth->name = OPENSSL_strdup(name);
// if (meth->name != NULL)
// return meth;
// OPENSSL_free(meth);
// }
// RSAerr(RSA_F_RSA_METH_NEW, ERR_R_MALLOC_FAILURE);
// return NULL;
// }
// inline void RSA_meth_free(RSA_METHOD *meth) {
// if (meth != NULL) {
// OPENSSL_free(meth->name);
// OPENSSL_free(meth);
// }
// }
// inline RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) {
// RSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
// if (ret != NULL) {
// memcpy(ret, meth, sizeof(*meth));
// ret->name = OPENSSL_strdup(meth->name);
// if (ret->name != NULL)
// return ret;
// OPENSSL_free(ret);
// }
// RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
// return NULL;
// }
inline const char *RSA_meth_get0_name(const RSA_METHOD *meth) {
return meth->name;
}
// inline int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) {
// char *tmpname = OPENSSL_strdup(name);
// if (tmpname == NULL) {
// RSAerr(RSA_F_RSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
// return 0;
// }
// OPENSSL_free(meth->name);
// meth->name = tmpname;
// return 1;
// }
inline int RSA_meth_get_flags(RSA_METHOD *meth) {
return meth->flags;
}
inline int RSA_meth_set_flags(RSA_METHOD *meth, int flags) {
meth->flags = flags;
return 1;
}
inline void *RSA_meth_get0_app_data(const RSA_METHOD *meth) {
return meth->app_data;
}
// inline int RSA_meth_set0_app_data(RSA_METHOD *meth, char *app_data) {
// meth->app_data = app_data;
// return 1;
// }
inline int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
return meth->rsa_pub_enc;
}
inline int RSA_meth_set_pub_enc(RSA_METHOD *meth,
int (*pub_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding)) {
meth->rsa_pub_enc = pub_enc;
return 1;
}
inline int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
return meth->rsa_pub_dec;
}
inline int RSA_meth_set_pub_dec(RSA_METHOD *meth,
int (*pub_dec) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding)) {
meth->rsa_pub_dec = pub_dec;
return 1;
}
inline int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
return meth->rsa_priv_enc;
}
inline int RSA_meth_set_priv_enc(RSA_METHOD *meth,
int (*priv_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding)) {
meth->rsa_priv_enc = priv_enc;
return 1;
}
inline int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
return meth->rsa_priv_dec;
}
inline int RSA_meth_set_priv_dec(RSA_METHOD *meth,
int (*priv_dec) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding)) {
meth->rsa_priv_dec = priv_dec;
return 1;
}
/* Can be null */
inline int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) {
return meth->rsa_mod_exp;
}
inline int RSA_meth_set_mod_exp(RSA_METHOD *meth,
int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx)) {
meth->rsa_mod_exp = mod_exp;
return 1;
}
/* Can be null */
inline int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) {
return meth->bn_mod_exp;
}
inline int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth,
int (*bn_mod_exp) (BIGNUM *r,
const BIGNUM *a,
const BIGNUM *p,
const BIGNUM *m,
BN_CTX *ctx,
BN_MONT_CTX *m_ctx)) {
meth->bn_mod_exp = bn_mod_exp;
return 1;
}
/* called at new */
inline int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa) {
return meth->init;
}
inline int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa)) {
meth->init = init;
return 1;
}
inline /* called at free */
int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa) {
return meth->finish;
}
inline int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) {
meth->finish = finish;
return 1;
}
inline int (*RSA_meth_get_sign(const RSA_METHOD *meth))
(int type,
const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa) {
return meth->rsa_sign;
}
inline int RSA_meth_set_sign(RSA_METHOD *meth,
int (*sign) (int type, const unsigned char *m,
unsigned int m_length,
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa)) {
meth->rsa_sign = sign;
return 1;
}
inline int (*RSA_meth_get_verify(const RSA_METHOD *meth))
(int dtype, const unsigned char *m,
unsigned int m_length, const unsigned char *sigbuf,
unsigned int siglen, const RSA *rsa) {
return meth->rsa_verify;
}
inline int RSA_meth_set_verify(RSA_METHOD *meth,
int (*verify) (int dtype, const unsigned char *m,
unsigned int m_length,
const unsigned char *sigbuf,
unsigned int siglen, const RSA *rsa)) {
meth->rsa_verify = verify;
return 1;
}
inline int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) {
return meth->rsa_keygen;
}
inline int RSA_meth_set_keygen(RSA_METHOD *meth,
int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
BN_GENCB *cb)) {
meth->rsa_keygen = keygen;
return 1;
}
/* the following is copied and modified from OpenSSL 1.1 openssl-1.1.0g stack.h */
# define OPENSSL_STACK STACK
# define OPENSSL_sk_num sk_num
# define OPENSSL_sk_value sk_value
# define OPENSSL_sk_set sk_set
# define OPENSSL_sk_new sk_new
# define OPENSSL_sk_new_null sk_new_null
# define OPENSSL_sk_free sk_free
# define OPENSSL_sk_pop_free sk_pop_free
# define OPENSSL_sk_deep_copy sk_deep_copy
# define OPENSSL_sk_insert sk_insert
# define OPENSSL_sk_delete sk_delete
# define OPENSSL_sk_delete_ptr sk_delete_ptr
# define OPENSSL_sk_find sk_find
# define OPENSSL_sk_find_ex sk_find_ex
# define OPENSSL_sk_push sk_push
# define OPENSSL_sk_unshift sk_unshift
# define OPENSSL_sk_shift sk_shift
# define OPENSSL_sk_pop sk_pop
# define OPENSSL_sk_zero sk_zero
# define OPENSSL_sk_set_cmp_func sk_set_cmp_func
# define OPENSSL_sk_dup sk_dup
# define OPENSSL_sk_sort sk_sort
# define OPENSSL_sk_is_sorted sk_is_sorted
#endif
// end of copied code
//------------------------------------------------------------------------------
//@}
}

@ -15,3 +15,16 @@
std::map<ENGINE*, openssl::Engine*> openssl::EngineMapper::_map;
std::map<std::string, openssl::Engine*> openssl::EngineMapper::_prototypes;
#if OPENSSL_API_COMPAT < 0x10100000L
namespace openssl {
class CleanupEngine {
public:
CleanupEngine() {}
~CleanupEngine() {
ENGINE_cleanup();
}
void test() {}
} doCleanupEngine;
}
#endif

@ -16,16 +16,7 @@
#include <cryptaux.hxx>
#include <openssl/opensslv.h>
#ifndef OPENSSL_VERSION_NUMBER
# error OpenSSL Version Number not Found
#elif OPENSSL_VERSION_NUMBER < 0x10000000L
# define OPENSSL_0
# define OPENSSL_V0_CONST
#else
# define OPENSSL_1
# define OPENSSL_V0_CONST const
#endif
#include <openssl-compatibility.hxx>
#undef DATADIR
#include <openssl/engine.h>
@ -82,12 +73,12 @@ namespace openssl {
public:
Engine(): _e(ENGINE_new()) {
Engine(): _e(ENGINE_new()), _cleanup(true) {
CRYPTOLOG("log");
}
virtual ~Engine() {
CRYPTOLOG("log");
OPENSSL_CHECK(ENGINE_free(_e));
if (_cleanup) OPENSSL_CHECK(ENGINE_free(_e));
}
virtual const char* id() = 0;
virtual const char* name() = 0;
@ -136,10 +127,75 @@ namespace openssl {
return 1;
}
class iterator;
protected:
friend class EngineMapper;
friend class iterator;
Engine(ENGINE* e): _e(e), _cleanup(false) {
CRYPTOLOG("log");
}
Engine(const Engine&); // forbidden
Engine& operator=(const Engine&); // forbidden
ENGINE* _e;
bool _cleanup;
};
class Engine::iterator {
private:
class MyEngine: public Engine {
public:
MyEngine(ENGINE*e): Engine(e) {}
virtual const char* id() {
return ENGINE_get_id(_e);
}
virtual const char* name() {
return ENGINE_get_name(_e);
}
};
public:
iterator(): _e(new MyEngine(ENGINE_get_first())) {
CRYPTOLOG("log");
}
~iterator() {
CRYPTOLOG("log");
delete _e;
}
Engine& operator*() {
CRYPTOLOG("log");
return *_e;
}
Engine* operator->() {
CRYPTOLOG("log");
return _e;
}
iterator& operator++() {
CRYPTOLOG("log");
_e->_e = ENGINE_get_next(_e->_e);
return *this;
}
operator bool() const {
CRYPTOLOG("log: "<<_e->_e<<" ---- "<<ENGINE_get_first());
return _e->_e!=0;
}
private:
Engine* _e;
};
@ -180,7 +236,7 @@ namespace openssl {
_map.erase(e->_e);
delete e;
}
private:
static int destroy(ENGINE*) {
@ -216,7 +272,7 @@ namespace openssl {
unsigned char *to,
RSA *rsa, int padding) {
CRYPTOLOG("log");
Map::iterator it(_map.find(rsa->engine));
Map::iterator it(_map.find(RSA_get0_engine(rsa)));
if (it==_map.end()) return 0;
try {
std::string res(it->second->rsaEncrypt
@ -232,7 +288,7 @@ namespace openssl {
static int rsaDecrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
CRYPTOLOG("log");
Map::iterator it(_map.find(rsa->engine));
Map::iterator it(_map.find(RSA_get0_engine(rsa)));
if (it==_map.end()) return 0;
try {
std::string res(it->second->rsaDecrypt
@ -251,7 +307,7 @@ namespace openssl {
unsigned int*tlen,
const RSA *rsa) {
CRYPTOLOG("log");
Map::iterator it(_map.find(rsa->engine));
Map::iterator it(_map.find(RSA_get0_engine(rsa)));
if (it==_map.end()) return 0;
try {
std::string res(it->second->rsaSign
@ -271,12 +327,12 @@ namespace openssl {
unsigned int, OPENSSL_V0_CONST unsigned char*,
unsigned int, const RSA* rsa) {
CRYPTOLOG("log");
Map::iterator it(_map.find(rsa->engine));
Map::iterator it(_map.find(RSA_get0_engine(rsa)));
return it!=_map.end()?it->second->rsaVerify():0;
}
static int rsaFinish(RSA *rsa) {
CRYPTOLOG("log");
Map::iterator it(_map.find(rsa->engine));
Map::iterator it(_map.find(RSA_get0_engine(rsa)));
return it!=_map.end()?it->second->rsaFinish():0;
}
@ -284,20 +340,20 @@ namespace openssl {
static RSA_METHOD* rsa() {
CRYPTOLOG("log");
static RSA_METHOD ops;
if (!ops.rsa_priv_enc) {
ops = *RSA_get_default_method();
ops.rsa_pub_enc = rsaEncrypt;
ops.rsa_priv_dec = rsaDecrypt;
static RSA_METHOD* ops(0);
if (!ops) {
ops = RSA_meth_dup(RSA_get_default_method());
RSA_meth_set_pub_enc(ops, rsaEncrypt);
RSA_meth_set_priv_dec(ops, rsaDecrypt);
// a.k.a Verify/Sign. actLibrary just allows the proper functions
// and has this 'backdoor' closed. Breaks 'rsautl', sadly.
ops.rsa_pub_dec = NULL;
ops.rsa_priv_enc = NULL;
ops.rsa_sign = rsaSign;
ops.rsa_verify = rsaVerify;
ops.finish = rsaFinish;
RSA_meth_set_pub_dec(ops, 0);
RSA_meth_set_priv_enc(ops, 0);
RSA_meth_set_sign(ops, rsaSign);
RSA_meth_set_verify(ops, rsaVerify);
RSA_meth_set_finish(ops, rsaFinish);
}
return &ops;
return ops;
}
private:

@ -26,72 +26,23 @@
#include <openssl/err.h>
#include <vector>
#include <openssl/opensslv.h>
#ifndef OPENSSL_VERSION_NUMBER
# error OpenSSL Version Number not Found
#elif OPENSSL_VERSION_NUMBER < 0x00908000L
# ifdef ALLOW_SSL_OLDER_THAN_0_8
# warning OpenSSL older than 0.8 detected please upgrade to 1.0
# else
# error OpenSSL older than 0.8 detected please upgrade to 1.0
# endif
# define OPENSSL_0_7
# define V0_CONST
# define CV_STACK
# define CV_X509
#elif OPENSSL_VERSION_NUMBER < 0x10000000L
# ifdef ALLOW_SSL_0_8
# warning OpenSSL 0.8 detected please upgrade to 1.0
# else
# error OpenSSL 0.8 detected please upgrade to 1.0
# endif
# define OPENSSL_0_8
# define V0_CONST const
# define CV_STACK
# define CV_X509
#else
# define OPENSSL_1_0
# define V0_CONST const
# define CV_STACK (_STACK*)
# define CV_X509 (STACK_OF(X509)*)
#endif
#include <openssl/x509v3.h> // BASIC_CONSTRAINTS
#include <openssl/bn.h>
#include <cryptaux.hxx>
#include <cstdio>
#include <cassert>
#include <openssl-compatibility.hxx>
/*! @defgroup gopenssl C++ Wrapper around OpenSSL API
Support for SSL-connections, engines, keys and certificates. */
//@{
//! @defgroup openssllib OpenSSL C++ Library
//! @defgroup opensslcompat OpenSSL Compatibility Wrapper
//! @defgroup opensslexceptions OpenSSL Exceptions
//! @ref gopenssl @copydoc gpcsc
namespace openssl {
/// Get OpenSSL runtime and buildtime version information
/** To be displyed in an about box. It also shows mandatory license
information. */
inline std::string version() {
std::string v
((std::string(OPENSSL_VERSION_TEXT)==SSLeay_version(SSLEAY_VERSION))
? SSLeay_version(SSLEAY_VERSION)
: std::string(OPENSSL_VERSION_TEXT) + " (Buildtime)"
+ "\n - Runtime: " + SSLeay_version(SSLEAY_VERSION));
return v
+ "\n - OpenSSL API "+SHLIB_VERSION_NUMBER+" compatible"
+ "\n - " + SSLeay_version(SSLEAY_BUILT_ON)
+ "\n - " + SSLeay_version(SSLEAY_PLATFORM)
+ "\n\n"
"This product includes software developed by the OpenSSL Project"
" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
"\n\n"
"This product includes cryptographic software written by Eric Young"
" (eay@cryptsoft.com)";
}
//============================================================================
//! @addtogroup opensslexceptions
//@{
@ -570,7 +521,7 @@ namespace openssl {
CRYPTOLOG("log");
return string(_bn);
}
static std::string string(BIGNUM* a) {
static std::string string(const BIGNUM* a) {
CRYPTOLOG("log");
std::string res(BN_num_bytes(a), '0');
BN_bn2bin(a, (unsigned char*)res.begin().operator->());
@ -886,20 +837,18 @@ namespace openssl {
OPENSSL_free(c);
return res;
}
//! Get DER encoded serial number.
std::string serialDER() const {
CRYPTOLOG("log");
unsigned char* c(0);
int len(i2d_ASN1_INTEGER(X509_get_serialNumber(_x509), &c));
std::string res((char*)c, len);
OPENSSL_free(c);
return res;
}
//! Get serial number.
std::string serial() const {
CRYPTOLOG("log");
/* @bug tcp://albistechnologies.com reports: «could be a
failure in openSSL: len too short by 1 if serial number
starts with 00 ASN1_INTEGER* ser =
X509_get_serialNumber(_x509);»
@code
ASN1_INTEGER* ser(X509_get_serialNumber(_x509));
return std::string((char*)ser->data, ser->length);
@endcode
- requires memory free?
- ser->type?!? tcp://albistechnologies.com prepends
tag and length in the first two char-fields. */
unsigned char* c(0);
int len(i2d_X509(_x509, &c));
if (len<15 || len<15+c[14]) {
@ -914,9 +863,10 @@ namespace openssl {
std::string id() const {
CRYPTOLOG("log");
unsigned char c[SHA_DIGEST_LENGTH];
SHA1(_x509->cert_info->key->public_key->data,
_x509->cert_info->key->public_key->length,
c);
const unsigned char *pk(0);
int ppklen(0);
X509_PUBKEY_get0_param(0, &pk, &ppklen, 0, X509_get_X509_PUBKEY(_x509));
SHA1(pk, ppklen, c);
return std::string((char*)c, SHA_DIGEST_LENGTH);
}
//! Get common name.
@ -927,8 +877,8 @@ namespace openssl {
(X509_NAME_ENTRY_get_data
(X509_NAME_get_entry
(name, X509_NAME_get_index_by_NID(name, NID_commonName, -1))));
return std::string((char*)M_ASN1_STRING_data(cn),
M_ASN1_STRING_length(cn));
return std::string((char*)ASN1_STRING_data(cn),
ASN1_STRING_length(cn));
}
//! Get country name.
std::string countryName() const {
@ -938,8 +888,8 @@ namespace openssl {
(X509_NAME_ENTRY_get_data
(X509_NAME_get_entry
(name, X509_NAME_get_index_by_NID(name, NID_countryName, -1))));
return std::string((char*)M_ASN1_STRING_data(cn),
M_ASN1_STRING_length(cn));
return std::string((char*)ASN1_STRING_data(cn),
ASN1_STRING_length(cn));
}
//! Get locality name.
std::string localityName() const {
@ -949,8 +899,8 @@ namespace openssl {
(X509_NAME_ENTRY_get_data
(X509_NAME_get_entry
(name, X509_NAME_get_index_by_NID(name, NID_localityName, -1))));
return std::string((char*)M_ASN1_STRING_data(cn),
M_ASN1_STRING_length(cn));
return std::string((char*)ASN1_STRING_data(cn),
ASN1_STRING_length(cn));
}
//! Get state or province name.
std::string stateOrProvinceName() const {
@ -961,8 +911,8 @@ namespace openssl {
(X509_NAME_get_entry
(name, X509_NAME_get_index_by_NID
(name, NID_stateOrProvinceName, -1))));
return std::string((char*)M_ASN1_STRING_data(cn),
M_ASN1_STRING_length(cn));
return std::string((char*)ASN1_STRING_data(cn),
ASN1_STRING_length(cn));
}
//! Get organization name.
std::string organizationName() const {
@ -973,8 +923,8 @@ namespace openssl {
(X509_NAME_get_entry
(name, X509_NAME_get_index_by_NID
(name, NID_organizationName, -1))));
return std::string((char*)M_ASN1_STRING_data(cn),
M_ASN1_STRING_length(cn));
return std::string((char*)ASN1_STRING_data(cn),
ASN1_STRING_length(cn));
}
//! Check whether it's a CA certificate.
bool isCa() {
@ -994,8 +944,8 @@ namespace openssl {
(X509_NAME_get_entry
(name, X509_NAME_get_index_by_NID
(name, NID_organizationalUnitName, -1))));
return std::string((char*)M_ASN1_STRING_data(cn),
M_ASN1_STRING_length(cn));
return std::string((char*)ASN1_STRING_data(cn),
ASN1_STRING_length(cn));
}
//! Get key usage flags.
int keyUsageFlags() const {
@ -1005,8 +955,8 @@ namespace openssl {
if (pos>=0) {
ASN1_BIT_STRING* ku((ASN1_BIT_STRING*)X509V3_EXT_d2i
(X509_get_ext(_x509, pos)));
std::string val((char*)M_ASN1_STRING_data(ku),
M_ASN1_STRING_length(ku));
std::string val((char*)ASN1_STRING_data(ku),
ASN1_STRING_length(ku));
if (val.size()<=sizeof(int))
val = std::string(sizeof(int)-val.size(), '\0')+val;
assert(val.size()==sizeof(int));
@ -1045,35 +995,51 @@ namespace openssl {
}
std::string modulus() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->n);
const BIGNUM **n(0);
RSA_get0_key(rsa(), n, 0, 0);
return BigNum::string(*n);
}
std::string publicExponent() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->e);
const BIGNUM **e(0);
RSA_get0_key(rsa(), 0, e, 0);
return BigNum::string(*e);
}
std::string privateExponent() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->d);
const BIGNUM **d(0);
RSA_get0_key(rsa(), 0, 0, d);
return BigNum::string(*d);
}
std::string prime1() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->p);
const BIGNUM **p(0);
RSA_get0_factors(rsa(), p, 0);
return BigNum::string(*p);
}
std::string prime2() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->q);
const BIGNUM **q(0);
RSA_get0_factors(rsa(), 0, q);
return BigNum::string(*q);
}
std::string exponent1() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->dmp1);
const BIGNUM **dmp1(0);
RSA_get0_crt_params(rsa(), dmp1, 0, 0);
return BigNum::string(*dmp1);
}
std::string exponent2() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->dmq1);
const BIGNUM **dmq1(0);
RSA_get0_crt_params(rsa(), 0, dmq1, 0);
return BigNum::string(*dmq1);
}
std::string coefficient() const {
CRYPTOLOG("log");
return BigNum::string(rsa()->iqmp);
const BIGNUM **iqmp(0);
RSA_get0_crt_params(rsa(), 0, 0, iqmp);
return BigNum::string(*iqmp);
}
private:
void copy(const PrivateKey& o) {
@ -1111,20 +1077,20 @@ namespace openssl {
RSA* rsa() const {
CRYPTOLOG("log");
//! @todo throw exception if 0?
return EVP_PKEY_get1_RSA(_key);
return EVP_PKEY_get0_RSA(_key);
}
DSA* dsa() const {
CRYPTOLOG("log");
return EVP_PKEY_get1_DSA(_key);
return EVP_PKEY_get0_DSA(_key);
}
DH* dh() const {
CRYPTOLOG("log");
return EVP_PKEY_get1_DH(_key);
return EVP_PKEY_get0_DH(_key);
}
/* Not available on mac osx
EC_KEY* ec() const {
CRYPTOLOG("log");
return EVP_PKEY_get1_EC_KEY(_key);
return EVP_PKEY_get0_EC_KEY(_key);
}*/
EVP_PKEY* _key;
};
@ -1247,7 +1213,7 @@ namespace openssl {
BIO_free(mem);
if (!p7) throw pkcs7_parsing_failed();
try {
if (PKCS7_type_is_signed(p7)) while ((CV_STACK p7->d.sign->cert)->num>0)
if (PKCS7_type_is_signed(p7)) while (OPENSSL_sk_num(CV_STACK p7->d.sign->cert)>0)
_certs.push_back(new X509((::X509*)sk_pop(CV_STACK p7->d.sign->cert)));
else //! @todo to be implemented: check for other types
throw pkcs7_unsupported_format();

@ -39,7 +39,7 @@ message() {
if test $# -eq 0; then
return
fi
echo "${bold}${while}$*${normal}" 1>&2
echo "${bold}${white}$*${normal}" 1>&2
}
# write a success message

Loading…
Cancel
Save