upgrade to openssl 1.1.x.

This commit is contained in:
wuhanck
2019-01-24 18:39:07 +08:00
committed by Toyam Cox
parent 0f33859701
commit b4eebafa6d
3 changed files with 20 additions and 13 deletions

2
configure vendored
View File

@ -678,7 +678,7 @@ fi
# libssl with pkg-config support is required. # libssl with pkg-config support is required.
# #
printf "Checking for libssl via pkg-config ... " printf "Checking for libssl via pkg-config ... "
if $PKGCONFIG_BIN --exists 'libssl < 1.1' && ! $PKGCONFIG_BIN --exists libtls ; then if $PKGCONFIG_BIN --exists 'libssl < 1.2' && ! $PKGCONFIG_BIN --exists libtls ; then
echo "found OpenSSL version $($PKGCONFIG_BIN --modversion libssl)." echo "found OpenSSL version $($PKGCONFIG_BIN --modversion libssl)."
elif $PKGCONFIG_BIN --exists libssl libtls; then elif $PKGCONFIG_BIN --exists libssl libtls; then
echo "found LibreSSL version $($PKGCONFIG_BIN --modversion libssl)." echo "found LibreSSL version $($PKGCONFIG_BIN --modversion libssl)."

View File

@ -895,7 +895,7 @@ fetch_ssl_verify_altname(STACK_OF(GENERAL_NAME) *altnames,
for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) { for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) {
name = sk_GENERAL_NAME_value(altnames, i); name = sk_GENERAL_NAME_value(altnames, i);
ns = (const char *)ASN1_STRING_data(name->d.ia5); ns = (const char *)ASN1_STRING_get0_data(name->d.ia5);
nslen = (size_t)ASN1_STRING_length(name->d.ia5); nslen = (size_t)ASN1_STRING_length(name->d.ia5);
if (name->type == GEN_DNS && ip == NULL && if (name->type == GEN_DNS && ip == NULL &&

View File

@ -65,12 +65,13 @@ fp2str(unsigned const char *fp, unsigned int len)
char * char *
xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey) xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
{ {
EVP_MD_CTX mdctx; EVP_MD_CTX *mdctx = NULL;
EVP_PKEY *pPubKey = NULL; EVP_PKEY *pPubKey = NULL;
RSA *pRsa = NULL; RSA *pRsa = NULL;
BIO *bio = NULL; BIO *bio = NULL;
const void *pubkeydata; const void *pubkeydata;
unsigned char md_value[EVP_MAX_MD_SIZE]; unsigned char md_value[EVP_MAX_MD_SIZE];
const BIGNUM *n, *e;
unsigned char *nBytes = NULL, *eBytes = NULL, *pEncoding = NULL; unsigned char *nBytes = NULL, *eBytes = NULL, *pEncoding = NULL;
unsigned int md_len = 0; unsigned int md_len = 0;
char *hexfpstr = NULL; char *hexfpstr = NULL;
@ -79,6 +80,8 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
mdctx = EVP_MD_CTX_new();
assert(mdctx);
pubkeydata = xbps_data_data_nocopy(pubkey); pubkeydata = xbps_data_data_nocopy(pubkey);
bio = BIO_new_mem_buf(__UNCONST(pubkeydata), xbps_data_size(pubkey)); bio = BIO_new_mem_buf(__UNCONST(pubkeydata), xbps_data_size(pubkey));
assert(bio); assert(bio);
@ -91,7 +94,7 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
goto out; goto out;
} }
if (EVP_PKEY_type(pPubKey->type) != EVP_PKEY_RSA) { if (EVP_PKEY_base_id(pPubKey) != EVP_PKEY_RSA) {
xbps_dbg_printf(xhp, "only RSA public keys are currently supported\n"); xbps_dbg_printf(xhp, "only RSA public keys are currently supported\n");
goto out; goto out;
} }
@ -103,19 +106,20 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
goto out; goto out;
} }
RSA_get0_key(pRsa, &n, &e, NULL);
// reading the modulus // reading the modulus
nLen = BN_num_bytes(pRsa->n); nLen = BN_num_bytes(n);
nBytes = (unsigned char*) malloc(nLen); nBytes = (unsigned char*) malloc(nLen);
if (nBytes == NULL) if (nBytes == NULL)
goto out; goto out;
BN_bn2bin(pRsa->n, nBytes); BN_bn2bin(n, nBytes);
// reading the public exponent // reading the public exponent
eLen = BN_num_bytes(pRsa->e); eLen = BN_num_bytes(e);
eBytes = (unsigned char*) malloc(eLen); eBytes = (unsigned char*) malloc(eLen);
if (eBytes == NULL) if (eBytes == NULL)
goto out; goto out;
BN_bn2bin(pRsa->e, eBytes); BN_bn2bin(e, eBytes);
encodingLength = 11 + 4 + eLen + 4 + nLen; encodingLength = 11 + 4 + eLen + 4 + nLen;
// correct depending on the MSB of e and N // correct depending on the MSB of e and N
@ -135,18 +139,21 @@ xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
/* /*
* Compute the RSA fingerprint (MD5). * Compute the RSA fingerprint (MD5).
*/ */
EVP_MD_CTX_init(&mdctx); EVP_MD_CTX_init(mdctx);
EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL); EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
EVP_DigestUpdate(&mdctx, pEncoding, encodingLength); EVP_DigestUpdate(mdctx, pEncoding, encodingLength);
if (EVP_DigestFinal_ex(&mdctx, md_value, &md_len) == 0) if (EVP_DigestFinal_ex(mdctx, md_value, &md_len) == 0)
goto out; goto out;
EVP_MD_CTX_cleanup(&mdctx); EVP_MD_CTX_free(mdctx);
mdctx = NULL;
/* /*
* Convert result to a compatible OpenSSH hex fingerprint. * Convert result to a compatible OpenSSH hex fingerprint.
*/ */
hexfpstr = fp2str(md_value, md_len); hexfpstr = fp2str(md_value, md_len);
out: out:
if (mdctx)
EVP_MD_CTX_free(mdctx);
if (bio) if (bio)
BIO_free_all(bio); BIO_free_all(bio);
if (pRsa) if (pRsa)