mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2024-11-18 22:54:00 +00:00
737 lines
25 KiB
Diff
737 lines
25 KiB
Diff
From e965ea2e32d467e6937f206c96270cabd381df6e Mon Sep 17 00:00:00 2001
|
|
From: Christian Beer <christian.beer@aei.mpg.de>
|
|
Date: Mon, 27 Jun 2016 18:26:27 +0200
|
|
Subject: [PATCH 1/5] Lib: build against openSSL 1.1.0
|
|
|
|
The upcoming OpenSSL version introduces some API changes (https://wiki.openssl.org/index.php/1.1_API_Changes). In BOINC mainly code related to RSA keys is affected for now.
|
|
|
|
Contributed by: Gianfranco Costamagna
|
|
---
|
|
lib/crypt.cpp | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
|
|
lib/crypt.h | 5 +++
|
|
lib/crypt_prog.cpp | 12 ++++++
|
|
3 files changed, 131 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/crypt.cpp b/lib/crypt.cpp
|
|
index 192bbc2..cd6f04a 100644
|
|
--- a/lib/crypt.cpp
|
|
+++ b/lib/crypt.cpp
|
|
@@ -453,7 +453,7 @@ int read_key_file(const char* keyfile, R_RSA_PRIVATE_KEY& key) {
|
|
return 0;
|
|
}
|
|
|
|
-static void bn_to_bin(BIGNUM* bn, unsigned char* bin, int n) {
|
|
+static void bn_to_bin(const BIGNUM* bn, unsigned char* bin, int n) {
|
|
memset(bin, 0, n);
|
|
int m = BN_num_bytes(bn);
|
|
BN_bn2bin(bn, bin+n-m);
|
|
@@ -463,11 +463,38 @@ void openssl_to_keys(
|
|
RSA* rp, int nbits, R_RSA_PRIVATE_KEY& priv, R_RSA_PUBLIC_KEY& pub
|
|
) {
|
|
pub.bits = nbits;
|
|
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
+ BIGNUM *n;
|
|
+ BIGNUM *e;
|
|
+ BIGNUM *d;
|
|
+ BIGNUM *p;
|
|
+ BIGNUM *q;
|
|
+ BIGNUM *dmp1;
|
|
+ BIGNUM *dmq1;
|
|
+ BIGNUM *iqmp;
|
|
+ RSA_get0_key(rp, &n, &e, &d);
|
|
+ RSA_get0_factors(rp, &p, &q);
|
|
+ RSA_get0_crt_params(rp, &dmp1, &dmq1, &iqmp);
|
|
+
|
|
+ bn_to_bin(n, pub.modulus, sizeof(pub.modulus));
|
|
+ bn_to_bin(e, pub.exponent, sizeof(pub.exponent));
|
|
+#else
|
|
bn_to_bin(rp->n, pub.modulus, sizeof(pub.modulus));
|
|
bn_to_bin(rp->e, pub.exponent, sizeof(pub.exponent));
|
|
+#endif
|
|
|
|
memset(&priv, 0, sizeof(priv));
|
|
priv.bits = nbits;
|
|
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
+ bn_to_bin(n, priv.modulus, sizeof(priv.modulus));
|
|
+ bn_to_bin(e, priv.publicExponent, sizeof(priv.publicExponent));
|
|
+ bn_to_bin(d, priv.exponent, sizeof(priv.exponent));
|
|
+ bn_to_bin(p, priv.prime[0], sizeof(priv.prime[0]));
|
|
+ bn_to_bin(q, priv.prime[1], sizeof(priv.prime[1]));
|
|
+ bn_to_bin(dmp1, priv.primeExponent[0], sizeof(priv.primeExponent[0]));
|
|
+ bn_to_bin(dmq1, priv.primeExponent[1], sizeof(priv.primeExponent[1]));
|
|
+ bn_to_bin(iqmp, priv.coefficient, sizeof(priv.coefficient));
|
|
+#else
|
|
bn_to_bin(rp->n, priv.modulus, sizeof(priv.modulus));
|
|
bn_to_bin(rp->e, priv.publicExponent, sizeof(priv.publicExponent));
|
|
bn_to_bin(rp->d, priv.exponent, sizeof(priv.exponent));
|
|
@@ -476,9 +503,32 @@ void openssl_to_keys(
|
|
bn_to_bin(rp->dmp1, priv.primeExponent[0], sizeof(priv.primeExponent[0]));
|
|
bn_to_bin(rp->dmq1, priv.primeExponent[1], sizeof(priv.primeExponent[1]));
|
|
bn_to_bin(rp->iqmp, priv.coefficient, sizeof(priv.coefficient));
|
|
+#endif
|
|
}
|
|
|
|
void private_to_openssl(R_RSA_PRIVATE_KEY& priv, RSA* rp) {
|
|
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
+ BIGNUM *n;
|
|
+ BIGNUM *e;
|
|
+ BIGNUM *d;
|
|
+ BIGNUM *p;
|
|
+ BIGNUM *q;
|
|
+ BIGNUM *dmp1;
|
|
+ BIGNUM *dmq1;
|
|
+ BIGNUM *iqmp;
|
|
+
|
|
+ n = BN_bin2bn(priv.modulus, sizeof(priv.modulus), 0);
|
|
+ e = BN_bin2bn(priv.publicExponent, sizeof(priv.publicExponent), 0);
|
|
+ d = BN_bin2bn(priv.exponent, sizeof(priv.exponent), 0);
|
|
+ p = BN_bin2bn(priv.prime[0], sizeof(priv.prime[0]), 0);
|
|
+ q = BN_bin2bn(priv.prime[1], sizeof(priv.prime[1]), 0);
|
|
+ dmp1 = BN_bin2bn(priv.primeExponent[0], sizeof(priv.primeExponent[0]), 0);
|
|
+ dmq1 = BN_bin2bn(priv.primeExponent[1], sizeof(priv.primeExponent[1]), 0);
|
|
+ iqmp = BN_bin2bn(priv.coefficient, sizeof(priv.coefficient), 0);
|
|
+ RSA_set0_key(rp, n, e, d);
|
|
+ RSA_set0_factors(rp, p, q);
|
|
+ RSA_set0_crt_params(rp, dmp1, dmq1, iqmp);
|
|
+#else
|
|
rp->n = BN_bin2bn(priv.modulus, sizeof(priv.modulus), 0);
|
|
rp->e = BN_bin2bn(priv.publicExponent, sizeof(priv.publicExponent), 0);
|
|
rp->d = BN_bin2bn(priv.exponent, sizeof(priv.exponent), 0);
|
|
@@ -487,11 +537,22 @@ void private_to_openssl(R_RSA_PRIVATE_KEY& priv, RSA* rp) {
|
|
rp->dmp1 = BN_bin2bn(priv.primeExponent[0], sizeof(priv.primeExponent[0]), 0);
|
|
rp->dmq1 = BN_bin2bn(priv.primeExponent[1], sizeof(priv.primeExponent[1]), 0);
|
|
rp->iqmp = BN_bin2bn(priv.coefficient, sizeof(priv.coefficient), 0);
|
|
+#endif
|
|
}
|
|
|
|
void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp) {
|
|
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
+ BIGNUM *n;
|
|
+ BIGNUM *e;
|
|
+ BIGNUM *d;
|
|
+ n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0);
|
|
+ e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0);
|
|
+ // d??? FIXME
|
|
+ RSA_set0_key(rp, n, e, d);
|
|
+#else
|
|
rp->n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0);
|
|
rp->e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0);
|
|
+#endif
|
|
}
|
|
|
|
static int _bn2bin(BIGNUM *from, unsigned char *to, int max) {
|
|
@@ -507,6 +568,38 @@ static int _bn2bin(BIGNUM *from, unsigned char *to, int max) {
|
|
}
|
|
|
|
int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
|
|
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
+ BIGNUM *n;
|
|
+ BIGNUM *e;
|
|
+ BIGNUM *d;
|
|
+ BIGNUM *p;
|
|
+ BIGNUM *q;
|
|
+ BIGNUM *dmp1;
|
|
+ BIGNUM *dmq1;
|
|
+ BIGNUM *iqmp;
|
|
+
|
|
+ RSA_get0_key(from, &n, &e, &d);
|
|
+ RSA_get0_factors(from, &p, &q);
|
|
+ RSA_get0_crt_params(from, &dmp1, &dmq1, &iqmp);
|
|
+
|
|
+ to->bits = BN_num_bits(n);
|
|
+ if (!_bn2bin(n,to->modulus,MAX_RSA_MODULUS_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(e,to->publicExponent,MAX_RSA_MODULUS_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(d,to->exponent,MAX_RSA_MODULUS_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(p,to->prime[0],MAX_RSA_PRIME_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(q,to->prime[1],MAX_RSA_PRIME_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
|
|
+ return(0);
|
|
+#else
|
|
to->bits = BN_num_bits(from->n);
|
|
if (!_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN))
|
|
return(0);
|
|
@@ -524,6 +617,7 @@ int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
|
|
return(0);
|
|
if (!_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
|
|
return(0);
|
|
+#endif
|
|
return 1;
|
|
}
|
|
|
|
@@ -569,7 +663,11 @@ int check_validity_of_cert(
|
|
BIO_vfree(bio);
|
|
return 0;
|
|
}
|
|
+#ifdef HAVE_OPAQUE_EVP_PKEY
|
|
+ if (EVP_PKEY_id(pubKey) == EVP_PKEY_RSA) {
|
|
+#else
|
|
if (pubKey->type == EVP_PKEY_RSA) {
|
|
+#endif
|
|
BN_CTX *c = BN_CTX_new();
|
|
if (!c) {
|
|
X509_free(cert);
|
|
@@ -577,18 +675,33 @@ int check_validity_of_cert(
|
|
BIO_vfree(bio);
|
|
return 0;
|
|
}
|
|
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
+ RSA *rsa;
|
|
+ rsa = EVP_PKEY_get0_RSA(pubKey);
|
|
+ if (!RSA_blinding_on(rsa, c)) {
|
|
+#else
|
|
if (!RSA_blinding_on(pubKey->pkey.rsa, c)) {
|
|
+#endif
|
|
X509_free(cert);
|
|
EVP_PKEY_free(pubKey);
|
|
BIO_vfree(bio);
|
|
BN_CTX_free(c);
|
|
return 0;
|
|
}
|
|
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
+ retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, rsa);
|
|
+ RSA_blinding_off(rsa);
|
|
+#else
|
|
retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, pubKey->pkey.rsa);
|
|
RSA_blinding_off(pubKey->pkey.rsa);
|
|
+#endif
|
|
BN_CTX_free(c);
|
|
}
|
|
+#ifdef HAVE_OPAQUE_EVP_PKEY
|
|
+ if (EVP_PKEY_id(pubKey) == EVP_PKEY_DSA) {
|
|
+#else
|
|
if (pubKey->type == EVP_PKEY_DSA) {
|
|
+#endif
|
|
fprintf(stderr,
|
|
"%s: ERROR: DSA keys are not supported.\n",
|
|
time_to_string(dtime())
|
|
diff --git a/lib/crypt.h b/lib/crypt.h
|
|
index 022bd2a..33c62a8 100644
|
|
--- a/lib/crypt.h
|
|
+++ b/lib/crypt.h
|
|
@@ -26,6 +26,11 @@
|
|
|
|
#include <openssl/rsa.h>
|
|
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* OpenSSL 1.1.0+ */
|
|
+#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
|
|
+#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
|
|
+#endif
|
|
+
|
|
#define MAX_RSA_MODULUS_BITS 1024
|
|
#define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8)
|
|
#define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2)
|
|
diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
|
|
index 2a1eb5d..3bc2d53 100644
|
|
--- a/lib/crypt_prog.cpp
|
|
+++ b/lib/crypt_prog.cpp
|
|
@@ -125,7 +125,11 @@ int main(int argc, char** argv) {
|
|
unsigned char signature_buf[256], buf[256], buf2[256];
|
|
FILE *f, *fpriv, *fpub;
|
|
char cbuf[256];
|
|
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
+ RSA *rsa_key;
|
|
+#else
|
|
RSA rsa_key;
|
|
+#endif
|
|
RSA *rsa_key_;
|
|
BIO *bio_out=NULL;
|
|
BIO *bio_err=NULL;
|
|
@@ -330,7 +334,11 @@ int main(int argc, char** argv) {
|
|
retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
|
|
fclose(fpriv);
|
|
if (retval) die("scan_key_hex\n");
|
|
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
+ private_to_openssl(private_key, rsa_key);
|
|
+#else
|
|
private_to_openssl(private_key, &rsa_key);
|
|
+#endif
|
|
|
|
//i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
|
|
// enc, NULL, 0, pass_cb, NULL);
|
|
@@ -340,7 +348,11 @@ int main(int argc, char** argv) {
|
|
// NULL, NULL, 0, pass_cb, NULL);
|
|
fpriv = fopen(argv[5], "w+");
|
|
if (!fpriv) die("fopen");
|
|
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
+ PEM_write_RSAPrivateKey(fpriv, rsa_key, NULL, NULL, 0, 0, NULL);
|
|
+#else
|
|
PEM_write_RSAPrivateKey(fpriv, &rsa_key, NULL, NULL, 0, 0, NULL);
|
|
+#endif
|
|
fclose(fpriv);
|
|
//if (i == 0) {
|
|
// ERR_print_errors(bio_err);
|
|
diff --git a/lib/crypt.cpp b/lib/crypt.cpp
|
|
index cd6f04a..30db6d8 100644
|
|
--- a/lib/crypt.cpp
|
|
+++ b/lib/crypt.cpp
|
|
@@ -464,14 +464,14 @@ void openssl_to_keys(
|
|
) {
|
|
pub.bits = nbits;
|
|
#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
- BIGNUM *n;
|
|
- BIGNUM *e;
|
|
- BIGNUM *d;
|
|
- BIGNUM *p;
|
|
- BIGNUM *q;
|
|
- BIGNUM *dmp1;
|
|
- BIGNUM *dmq1;
|
|
- BIGNUM *iqmp;
|
|
+ const BIGNUM *n;
|
|
+ const BIGNUM *e;
|
|
+ const BIGNUM *d;
|
|
+ const BIGNUM *p;
|
|
+ const BIGNUM *q;
|
|
+ const BIGNUM *dmp1;
|
|
+ const BIGNUM *dmq1;
|
|
+ const BIGNUM *iqmp;
|
|
RSA_get0_key(rp, &n, &e, &d);
|
|
RSA_get0_factors(rp, &p, &q);
|
|
RSA_get0_crt_params(rp, &dmp1, &dmq1, &iqmp);
|
|
@@ -544,18 +544,16 @@ void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp) {
|
|
#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
BIGNUM *n;
|
|
BIGNUM *e;
|
|
- BIGNUM *d;
|
|
n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0);
|
|
e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0);
|
|
- // d??? FIXME
|
|
- RSA_set0_key(rp, n, e, d);
|
|
+ RSA_set0_key(rp, n, e, NULL);
|
|
#else
|
|
rp->n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0);
|
|
rp->e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0);
|
|
#endif
|
|
}
|
|
|
|
-static int _bn2bin(BIGNUM *from, unsigned char *to, int max) {
|
|
+static int _bn2bin(const BIGNUM *from, unsigned char *to, int max) {
|
|
int i;
|
|
i=BN_num_bytes(from);
|
|
if (i > max) {
|
|
@@ -569,14 +567,14 @@ static int _bn2bin(BIGNUM *from, unsigned char *to, int max) {
|
|
|
|
int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
|
|
#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
- BIGNUM *n;
|
|
- BIGNUM *e;
|
|
- BIGNUM *d;
|
|
- BIGNUM *p;
|
|
- BIGNUM *q;
|
|
- BIGNUM *dmp1;
|
|
- BIGNUM *dmq1;
|
|
- BIGNUM *iqmp;
|
|
+ const BIGNUM *n;
|
|
+ const BIGNUM *e;
|
|
+ const BIGNUM *d;
|
|
+ const BIGNUM *p;
|
|
+ const BIGNUM *q;
|
|
+ const BIGNUM *dmp1;
|
|
+ const BIGNUM *dmq1;
|
|
+ const BIGNUM *iqmp;
|
|
|
|
RSA_get0_key(from, &n, &e, &d);
|
|
RSA_get0_factors(from, &p, &q);
|
|
diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
|
|
index 3bc2d53..88d9f2d 100644
|
|
--- a/lib/crypt_prog.cpp
|
|
+++ b/lib/crypt_prog.cpp
|
|
@@ -126,7 +126,7 @@ int main(int argc, char** argv) {
|
|
FILE *f, *fpriv, *fpub;
|
|
char cbuf[256];
|
|
#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
- RSA *rsa_key;
|
|
+ RSA *rsa_key = RSA_new();
|
|
#else
|
|
RSA rsa_key;
|
|
#endif
|
|
@@ -136,6 +136,7 @@ int main(int argc, char** argv) {
|
|
char *certpath;
|
|
bool b2o=false; // boinc key to openssl key ?
|
|
bool kpriv=false; // private key ?
|
|
+ BIGNUM *e;
|
|
|
|
if (argc == 1) {
|
|
usage();
|
|
@@ -150,7 +151,16 @@ int main(int argc, char** argv) {
|
|
n = atoi(argv[2]);
|
|
|
|
srand(random_int());
|
|
- RSA* rp = RSA_generate_key(n, 65537, 0, 0);
|
|
+ e = BN_new();
|
|
+ retval = BN_set_word(e, (unsigned long)65537);
|
|
+ if (retval != 1) {
|
|
+ die("BN_set_word");
|
|
+ }
|
|
+ RSA *rp = RSA_new();
|
|
+ retval = RSA_generate_key_ex(rp, n, e, NULL);
|
|
+ if (retval != 1) {
|
|
+ die("RSA_generate_key_ex");
|
|
+ }
|
|
openssl_to_keys(rp, n, private_key, public_key);
|
|
fpriv = fopen(argv[3], "w");
|
|
if (!fpriv) die("fopen");
|
|
diff --git a/lib/crypt.cpp b/lib/crypt.cpp
|
|
index 30db6d8..cb1f49c 100644
|
|
--- a/lib/crypt.cpp
|
|
+++ b/lib/crypt.cpp
|
|
@@ -554,15 +554,15 @@ void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp) {
|
|
}
|
|
|
|
static int _bn2bin(const BIGNUM *from, unsigned char *to, int max) {
|
|
- int i;
|
|
- i=BN_num_bytes(from);
|
|
- if (i > max) {
|
|
- return(0);
|
|
- }
|
|
- memset(to,0,(unsigned int)max);
|
|
- if (!BN_bn2bin(from,&(to[max-i])))
|
|
- return(0);
|
|
- return(1);
|
|
+ int i;
|
|
+ i=BN_num_bytes(from);
|
|
+ if (i > max) {
|
|
+ return(0);
|
|
+ }
|
|
+ memset(to,0,(unsigned int)max);
|
|
+ if (!BN_bn2bin(from,&(to[max-i])))
|
|
+ return(0);
|
|
+ return(1);
|
|
}
|
|
|
|
int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
|
|
@@ -598,23 +598,23 @@ int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
|
|
if (!_bn2bin(iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
|
|
return(0);
|
|
#else
|
|
- to->bits = BN_num_bits(from->n);
|
|
- if (!_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN))
|
|
- return(0);
|
|
- if (!_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN))
|
|
- return(0);
|
|
- if (!_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN))
|
|
- return(0);
|
|
- if (!_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN))
|
|
- return(0);
|
|
- if (!_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN))
|
|
- return(0);
|
|
- if (!_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN))
|
|
- return(0);
|
|
- if (!_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN))
|
|
- return(0);
|
|
- if (!_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
|
|
- return(0);
|
|
+ to->bits = BN_num_bits(from->n);
|
|
+ if (!_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN))
|
|
+ return(0);
|
|
+ if (!_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
|
|
+ return(0);
|
|
#endif
|
|
return 1;
|
|
}
|
|
@@ -634,8 +634,8 @@ int check_validity_of_cert(
|
|
bio = BIO_new(BIO_s_file());
|
|
BIO_read_filename(bio, cFile);
|
|
if (NULL == (cert = PEM_read_bio_X509(bio, NULL, 0, NULL))) {
|
|
- BIO_vfree(bio);
|
|
- return 0;
|
|
+ BIO_vfree(bio);
|
|
+ return 0;
|
|
}
|
|
// verify certificate
|
|
store = X509_STORE_new();
|
|
@@ -668,32 +668,32 @@ int check_validity_of_cert(
|
|
#endif
|
|
BN_CTX *c = BN_CTX_new();
|
|
if (!c) {
|
|
- X509_free(cert);
|
|
- EVP_PKEY_free(pubKey);
|
|
- BIO_vfree(bio);
|
|
- return 0;
|
|
- }
|
|
+ X509_free(cert);
|
|
+ EVP_PKEY_free(pubKey);
|
|
+ BIO_vfree(bio);
|
|
+ return 0;
|
|
+ }
|
|
#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
RSA *rsa;
|
|
rsa = EVP_PKEY_get0_RSA(pubKey);
|
|
if (!RSA_blinding_on(rsa, c)) {
|
|
#else
|
|
- if (!RSA_blinding_on(pubKey->pkey.rsa, c)) {
|
|
+ if (!RSA_blinding_on(pubKey->pkey.rsa, c)) {
|
|
#endif
|
|
- X509_free(cert);
|
|
- EVP_PKEY_free(pubKey);
|
|
- BIO_vfree(bio);
|
|
- BN_CTX_free(c);
|
|
- return 0;
|
|
- }
|
|
+ X509_free(cert);
|
|
+ EVP_PKEY_free(pubKey);
|
|
+ BIO_vfree(bio);
|
|
+ BN_CTX_free(c);
|
|
+ return 0;
|
|
+ }
|
|
#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, rsa);
|
|
RSA_blinding_off(rsa);
|
|
#else
|
|
- retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, pubKey->pkey.rsa);
|
|
- RSA_blinding_off(pubKey->pkey.rsa);
|
|
+ retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, pubKey->pkey.rsa);
|
|
+ RSA_blinding_off(pubKey->pkey.rsa);
|
|
#endif
|
|
- BN_CTX_free(c);
|
|
+ BN_CTX_free(c);
|
|
}
|
|
#ifdef HAVE_OPAQUE_EVP_PKEY
|
|
if (EVP_PKEY_id(pubKey) == EVP_PKEY_DSA) {
|
|
@@ -730,7 +730,7 @@ char *check_validity(
|
|
if (!of) return NULL;
|
|
MD5_Init(&md5CTX);
|
|
while (0 != (rbytes = (int)fread(rbuf, 1, sizeof(rbuf), of))) {
|
|
- MD5_Update(&md5CTX, rbuf, rbytes);
|
|
+ MD5_Update(&md5CTX, rbuf, rbytes);
|
|
}
|
|
MD5_Final(md5_md, &md5CTX);
|
|
fclose(of);
|
|
@@ -740,12 +740,12 @@ char *check_validity(
|
|
char file[MAXPATHLEN];
|
|
while (!dir_scan(file, dir, sizeof(file))) {
|
|
char fpath[MAXPATHLEN];
|
|
- snprintf(fpath, sizeof(fpath), "%s/%s", certPath, file);
|
|
+ snprintf(fpath, sizeof(fpath), "%s/%s", certPath, file);
|
|
// TODO : replace '128'
|
|
- if (check_validity_of_cert(fpath, md5_md, signature, 128, caPath)) {
|
|
- dir_close(dir);
|
|
- return strdup(fpath);
|
|
- }
|
|
+ if (check_validity_of_cert(fpath, md5_md, signature, 128, caPath)) {
|
|
+ dir_close(dir);
|
|
+ return strdup(fpath);
|
|
+ }
|
|
}
|
|
|
|
dir_close(dir);
|
|
@@ -778,7 +778,7 @@ int cert_verify_file(
|
|
if (!of) return false;
|
|
MD5_Init(&md5CTX);
|
|
while (0 != (rbytes = (int)fread(rbuf, 1, sizeof(rbuf), of))) {
|
|
- MD5_Update(&md5CTX, rbuf, rbytes);
|
|
+ MD5_Update(&md5CTX, rbuf, rbytes);
|
|
}
|
|
MD5_Final(md5_md, &md5CTX);
|
|
fclose(of);
|
|
@@ -805,10 +805,10 @@ int cert_verify_file(
|
|
bio = BIO_new(BIO_s_file());
|
|
BIO_read_filename(bio, fbuf);
|
|
if (NULL == (cert = PEM_read_bio_X509(bio, NULL, 0, NULL))) {
|
|
- BIO_vfree(bio);
|
|
+ BIO_vfree(bio);
|
|
printf("Cannot read certificate ('%s')\n", fbuf);
|
|
file_counter++;
|
|
- continue;
|
|
+ continue;
|
|
}
|
|
fflush(stdout);
|
|
subj = X509_get_subject_name(cert);
|
|
@@ -816,7 +816,7 @@ int cert_verify_file(
|
|
// ???
|
|
//X509_NAME_free(subj);
|
|
X509_free(cert);
|
|
- BIO_vfree(bio);
|
|
+ BIO_vfree(bio);
|
|
if (strcmp(buf, signatures->signatures.at(i).subject)) {
|
|
printf("Subject does not match ('%s' <-> '%s')\n", buf, signatures->signatures.at(i).subject);
|
|
file_counter++;
|
|
diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
|
|
index 88d9f2d..7174afc 100644
|
|
--- a/lib/crypt_prog.cpp
|
|
+++ b/lib/crypt_prog.cpp
|
|
@@ -62,23 +62,23 @@ void die(const char* p) {
|
|
|
|
void usage() {
|
|
fprintf(stderr,
|
|
- "Usage: crypt_prog options\n\n"
|
|
- "Options:\n\n"
|
|
- "-genkey n private_keyfile public_keyfile\n"
|
|
- " create an n-bit key pair\n"
|
|
- "-sign file private_keyfile\n"
|
|
- " create a signature for a given file, write to stdout\n"
|
|
- "-sign_string string private_keyfile\n"
|
|
- " create a signature for a given string\n"
|
|
- "-verify file signature_file public_keyfile\n"
|
|
- " verify a signature\n"
|
|
- "-test_crypt private_keyfile public_keyfile\n"
|
|
- " test encrypt/decrypt functions\n"
|
|
- "-conkey o2b/b20 priv/pub input_file output_file\n"
|
|
- " convert keys between BOINC and OpenSSL format\n"
|
|
- "-cert_verify file signature certificate_dir\n"
|
|
- " verify a signature using a directory of certificates\n"
|
|
- );
|
|
+ "Usage: crypt_prog options\n\n"
|
|
+ "Options:\n\n"
|
|
+ "-genkey n private_keyfile public_keyfile\n"
|
|
+ " create an n-bit key pair\n"
|
|
+ "-sign file private_keyfile\n"
|
|
+ " create a signature for a given file, write to stdout\n"
|
|
+ "-sign_string string private_keyfile\n"
|
|
+ " create a signature for a given string\n"
|
|
+ "-verify file signature_file public_keyfile\n"
|
|
+ " verify a signature\n"
|
|
+ "-test_crypt private_keyfile public_keyfile\n"
|
|
+ " test encrypt/decrypt functions\n"
|
|
+ "-conkey o2b/b20 priv/pub input_file output_file\n"
|
|
+ " convert keys between BOINC and OpenSSL format\n"
|
|
+ "-cert_verify file signature certificate_dir\n"
|
|
+ " verify a signature using a directory of certificates\n"
|
|
+ );
|
|
}
|
|
|
|
unsigned int random_int() {
|
|
@@ -93,7 +93,7 @@ unsigned int random_int() {
|
|
die("Can't load ADVAPI32.DLL");
|
|
}
|
|
BOOLEAN (APIENTRY *pfn)(void*, ULONG) =
|
|
- (BOOLEAN (APIENTRY *)(void*,ULONG))GetProcAddress(hLib,"SystemFunction036");
|
|
+ (BOOLEAN (APIENTRY *)(void*,ULONG))GetProcAddress(hLib,"SystemFunction036");
|
|
if (pfn) {
|
|
char buff[32];
|
|
ULONG ulCbBuff = sizeof(buff);
|
|
@@ -131,7 +131,7 @@ int main(int argc, char** argv) {
|
|
RSA rsa_key;
|
|
#endif
|
|
RSA *rsa_key_;
|
|
- BIO *bio_out=NULL;
|
|
+ BIO *bio_out=NULL;
|
|
BIO *bio_err=NULL;
|
|
char *certpath;
|
|
bool b2o=false; // boinc key to openssl key ?
|
|
@@ -214,8 +214,8 @@ int main(int argc, char** argv) {
|
|
retval = md5_file(argv[2], md5_buf, size);
|
|
if (retval) die("md5_file");
|
|
retval = check_file_signature(
|
|
- md5_buf, public_key, signature, is_valid
|
|
- );
|
|
+ md5_buf, public_key, signature, is_valid
|
|
+ );
|
|
if (retval) die("check_file_signature");
|
|
if (is_valid) {
|
|
printf("file is valid\n");
|
|
@@ -262,9 +262,9 @@ int main(int argc, char** argv) {
|
|
printf("siganture verified using certificate '%s'.\n\n", certpath);
|
|
free(certpath);
|
|
}
|
|
- // this converts, but an executable signed with sign_executable,
|
|
- // and signature converted to OpenSSL format cannot be verified with
|
|
- // OpenSSL
|
|
+ // this converts, but an executable signed with sign_executable,
|
|
+ // and signature converted to OpenSSL format cannot be verified with
|
|
+ // OpenSSL
|
|
} else if (!strcmp(argv[1], "-convsig")) {
|
|
if (argc < 5) {
|
|
usage();
|
|
@@ -320,18 +320,18 @@ int main(int argc, char** argv) {
|
|
die("either 'pub' or 'priv' must be defined for -convkey\n");
|
|
}
|
|
OpenSSL_add_all_algorithms();
|
|
- ERR_load_crypto_strings();
|
|
- ENGINE_load_builtin_engines();
|
|
- if (bio_err == NULL) {
|
|
- bio_err = BIO_new_fp(stdout, BIO_NOCLOSE);
|
|
+ ERR_load_crypto_strings();
|
|
+ ENGINE_load_builtin_engines();
|
|
+ if (bio_err == NULL) {
|
|
+ bio_err = BIO_new_fp(stdout, BIO_NOCLOSE);
|
|
}
|
|
//enc=EVP_get_cipherbyname("des");
|
|
//if (enc == NULL)
|
|
// die("could not get cypher.\n");
|
|
// no encription yet.
|
|
bio_out=BIO_new(BIO_s_file());
|
|
- if (BIO_write_filename(bio_out,argv[5]) <= 0) {
|
|
- perror(argv[5]);
|
|
+ if (BIO_write_filename(bio_out,argv[5]) <= 0) {
|
|
+ perror(argv[5]);
|
|
die("could not create output file.\n");
|
|
}
|
|
if (b2o) {
|
|
@@ -351,11 +351,11 @@ int main(int argc, char** argv) {
|
|
#endif
|
|
|
|
//i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
|
|
- // enc, NULL, 0, pass_cb, NULL);
|
|
- // no encryption yet.
|
|
-
|
|
+ // enc, NULL, 0, pass_cb, NULL);
|
|
+ // no encryption yet.
|
|
+
|
|
//i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
|
|
- // NULL, NULL, 0, pass_cb, NULL);
|
|
+ // NULL, NULL, 0, pass_cb, NULL);
|
|
fpriv = fopen(argv[5], "w+");
|
|
if (!fpriv) die("fopen");
|
|
#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
@@ -364,10 +364,10 @@ int main(int argc, char** argv) {
|
|
PEM_write_RSAPrivateKey(fpriv, &rsa_key, NULL, NULL, 0, 0, NULL);
|
|
#endif
|
|
fclose(fpriv);
|
|
- //if (i == 0) {
|
|
+ //if (i == 0) {
|
|
// ERR_print_errors(bio_err);
|
|
// die("could not write key file.\n");
|
|
- //}
|
|
+ //}
|
|
} else {
|
|
fpub = fopen(argv[4], "r");
|
|
if (!fpub) {
|
|
@@ -381,11 +381,11 @@ int main(int argc, char** argv) {
|
|
die("fopen");
|
|
}
|
|
public_to_openssl(public_key, rsa_key_);
|
|
- i = PEM_write_RSA_PUBKEY(fpub, rsa_key_);
|
|
- if (i == 0) {
|
|
+ i = PEM_write_RSA_PUBKEY(fpub, rsa_key_);
|
|
+ if (i == 0) {
|
|
ERR_print_errors(bio_err);
|
|
die("could not write key file.\n");
|
|
- }
|
|
+ }
|
|
fclose(fpub);
|
|
}
|
|
} else {
|
|
diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
|
|
index 7174afc..8cfffc2 100644
|
|
--- a/lib/crypt_prog.cpp
|
|
+++ b/lib/crypt_prog.cpp
|
|
@@ -74,7 +74,7 @@ void usage() {
|
|
" verify a signature\n"
|
|
"-test_crypt private_keyfile public_keyfile\n"
|
|
" test encrypt/decrypt functions\n"
|
|
- "-conkey o2b/b20 priv/pub input_file output_file\n"
|
|
+ "-convkey o2b/b2o priv/pub input_file output_file\n"
|
|
" convert keys between BOINC and OpenSSL format\n"
|
|
"-cert_verify file signature certificate_dir\n"
|
|
" verify a signature using a directory of certificates\n"
|