upgrade to openssl 1.1.x.
This commit is contained in:
2
configure
vendored
2
configure
vendored
@ -678,7 +678,7 @@ fi
|
|||||||
# libssl with pkg-config support is required.
|
# libssl with pkg-config support is required.
|
||||||
#
|
#
|
||||||
printf "Checking for libssl via pkg-config ... "
|
printf "Checking for libssl via pkg-config ... "
|
||||||
if $PKGCONFIG_BIN --exists 'libssl < 1.1' && ! $PKGCONFIG_BIN --exists libtls ; then
|
if $PKGCONFIG_BIN --exists 'libssl < 1.2' && ! $PKGCONFIG_BIN --exists libtls ; then
|
||||||
echo "found OpenSSL version $($PKGCONFIG_BIN --modversion libssl)."
|
echo "found OpenSSL version $($PKGCONFIG_BIN --modversion libssl)."
|
||||||
elif $PKGCONFIG_BIN --exists libssl libtls; then
|
elif $PKGCONFIG_BIN --exists libssl libtls; then
|
||||||
echo "found LibreSSL version $($PKGCONFIG_BIN --modversion libssl)."
|
echo "found LibreSSL version $($PKGCONFIG_BIN --modversion libssl)."
|
||||||
|
@ -895,7 +895,7 @@ fetch_ssl_verify_altname(STACK_OF(GENERAL_NAME) *altnames,
|
|||||||
|
|
||||||
for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) {
|
for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) {
|
||||||
name = sk_GENERAL_NAME_value(altnames, i);
|
name = sk_GENERAL_NAME_value(altnames, i);
|
||||||
ns = (const char *)ASN1_STRING_data(name->d.ia5);
|
ns = (const char *)ASN1_STRING_get0_data(name->d.ia5);
|
||||||
nslen = (size_t)ASN1_STRING_length(name->d.ia5);
|
nslen = (size_t)ASN1_STRING_length(name->d.ia5);
|
||||||
|
|
||||||
if (name->type == GEN_DNS && ip == NULL &&
|
if (name->type == GEN_DNS && ip == NULL &&
|
||||||
|
@ -65,12 +65,13 @@ fp2str(unsigned const char *fp, unsigned int len)
|
|||||||
char *
|
char *
|
||||||
xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
|
xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
|
||||||
{
|
{
|
||||||
EVP_MD_CTX mdctx;
|
EVP_MD_CTX *mdctx = NULL;
|
||||||
EVP_PKEY *pPubKey = NULL;
|
EVP_PKEY *pPubKey = NULL;
|
||||||
RSA *pRsa = NULL;
|
RSA *pRsa = NULL;
|
||||||
BIO *bio = NULL;
|
BIO *bio = NULL;
|
||||||
const void *pubkeydata;
|
const void *pubkeydata;
|
||||||
unsigned char md_value[EVP_MAX_MD_SIZE];
|
unsigned char md_value[EVP_MAX_MD_SIZE];
|
||||||
|
const BIGNUM *n, *e;
|
||||||
unsigned char *nBytes = NULL, *eBytes = NULL, *pEncoding = NULL;
|
unsigned char *nBytes = NULL, *eBytes = NULL, *pEncoding = NULL;
|
||||||
unsigned int md_len = 0;
|
unsigned int md_len = 0;
|
||||||
char *hexfpstr = NULL;
|
char *hexfpstr = NULL;
|
||||||
@ -79,6 +80,8 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
|
|||||||
ERR_load_crypto_strings();
|
ERR_load_crypto_strings();
|
||||||
OpenSSL_add_all_algorithms();
|
OpenSSL_add_all_algorithms();
|
||||||
|
|
||||||
|
mdctx = EVP_MD_CTX_new();
|
||||||
|
assert(mdctx);
|
||||||
pubkeydata = xbps_data_data_nocopy(pubkey);
|
pubkeydata = xbps_data_data_nocopy(pubkey);
|
||||||
bio = BIO_new_mem_buf(__UNCONST(pubkeydata), xbps_data_size(pubkey));
|
bio = BIO_new_mem_buf(__UNCONST(pubkeydata), xbps_data_size(pubkey));
|
||||||
assert(bio);
|
assert(bio);
|
||||||
@ -91,7 +94,7 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (EVP_PKEY_type(pPubKey->type) != EVP_PKEY_RSA) {
|
if (EVP_PKEY_base_id(pPubKey) != EVP_PKEY_RSA) {
|
||||||
xbps_dbg_printf(xhp, "only RSA public keys are currently supported\n");
|
xbps_dbg_printf(xhp, "only RSA public keys are currently supported\n");
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@ -103,19 +106,20 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
RSA_get0_key(pRsa, &n, &e, NULL);
|
||||||
// reading the modulus
|
// reading the modulus
|
||||||
nLen = BN_num_bytes(pRsa->n);
|
nLen = BN_num_bytes(n);
|
||||||
nBytes = (unsigned char*) malloc(nLen);
|
nBytes = (unsigned char*) malloc(nLen);
|
||||||
if (nBytes == NULL)
|
if (nBytes == NULL)
|
||||||
goto out;
|
goto out;
|
||||||
BN_bn2bin(pRsa->n, nBytes);
|
BN_bn2bin(n, nBytes);
|
||||||
|
|
||||||
// reading the public exponent
|
// reading the public exponent
|
||||||
eLen = BN_num_bytes(pRsa->e);
|
eLen = BN_num_bytes(e);
|
||||||
eBytes = (unsigned char*) malloc(eLen);
|
eBytes = (unsigned char*) malloc(eLen);
|
||||||
if (eBytes == NULL)
|
if (eBytes == NULL)
|
||||||
goto out;
|
goto out;
|
||||||
BN_bn2bin(pRsa->e, eBytes);
|
BN_bn2bin(e, eBytes);
|
||||||
|
|
||||||
encodingLength = 11 + 4 + eLen + 4 + nLen;
|
encodingLength = 11 + 4 + eLen + 4 + nLen;
|
||||||
// correct depending on the MSB of e and N
|
// correct depending on the MSB of e and N
|
||||||
@ -135,18 +139,21 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
|
|||||||
/*
|
/*
|
||||||
* Compute the RSA fingerprint (MD5).
|
* Compute the RSA fingerprint (MD5).
|
||||||
*/
|
*/
|
||||||
EVP_MD_CTX_init(&mdctx);
|
EVP_MD_CTX_init(mdctx);
|
||||||
EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL);
|
EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
|
||||||
EVP_DigestUpdate(&mdctx, pEncoding, encodingLength);
|
EVP_DigestUpdate(mdctx, pEncoding, encodingLength);
|
||||||
if (EVP_DigestFinal_ex(&mdctx, md_value, &md_len) == 0)
|
if (EVP_DigestFinal_ex(mdctx, md_value, &md_len) == 0)
|
||||||
goto out;
|
goto out;
|
||||||
EVP_MD_CTX_cleanup(&mdctx);
|
EVP_MD_CTX_free(mdctx);
|
||||||
|
mdctx = NULL;
|
||||||
/*
|
/*
|
||||||
* Convert result to a compatible OpenSSH hex fingerprint.
|
* Convert result to a compatible OpenSSH hex fingerprint.
|
||||||
*/
|
*/
|
||||||
hexfpstr = fp2str(md_value, md_len);
|
hexfpstr = fp2str(md_value, md_len);
|
||||||
|
|
||||||
out:
|
out:
|
||||||
|
if (mdctx)
|
||||||
|
EVP_MD_CTX_free(mdctx);
|
||||||
if (bio)
|
if (bio)
|
||||||
BIO_free_all(bio);
|
BIO_free_all(bio);
|
||||||
if (pRsa)
|
if (pRsa)
|
||||||
|
Reference in New Issue
Block a user