upd: port src to openssl 1.1

author Felix Dörre <felix@dogcraft.de>

Fri, 2 Dec 2016 11:31:19 +0000 (11:31 +0000)

committer Felix Dörre <felix@dogcraft.de>

Fri, 2 Dec 2016 11:31:19 +0000 (11:31 +0000)
author Felix Dörre <felix@dogcraft.de>
Fri, 2 Dec 2016 11:31:19 +0000 (11:31 +0000)
committer Felix Dörre <felix@dogcraft.de>
Fri, 2 Dec 2016 11:31:19 +0000 (11:31 +0000)
diff --git a/src/apps/client.cpp b/src/apps/client.cpp

index 9a7add6badb44fcb0a07817e50b070afa7057cc9..ad4e6b569d20f1d9428dbd3d066421a8e578f33e 100644 (file)
--- a/src/apps/client.cpp
+++ b/src/apps/client.cpp
@@ -16,6 +16,7 @@
  #include "io/bios.h"
  #include "io/slipBio.h"
  #include "config.h"
+#include <internal/bio.h>
  
  #ifdef NO_DAEMON
  #define DAEMON false
@@ -81,7 +82,8 @@ int main( int argc, const char* argv[] ) {
      }
      std::shared_ptr<JobProvider> jp = std::make_shared<PostgresJobProvider>( sqlHost, sqlUser, sqlPass, sqlDB );
      std::shared_ptr<BIO> b = openSerial( serialPath );
-    std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
+    std::shared_ptr<BIO_METHOD> m( toBio<SlipBIO>(), BIO_meth_free);
+    std::shared_ptr<BIO> slip1( BIO_new( m.get() ), BIO_free );
      static_cast<SlipBIO*>( slip1->ptr )->setTarget( std::make_shared<OpensslBIOWrapper>( b ), false );
      auto sign = std::make_shared<RemoteSigner>( slip1, generateSSLContext( false ) );
      // std::shared_ptr<Signer> sign( new SimpleOpensslSigner() );
diff --git a/src/crypto/CRL.cpp b/src/crypto/CRL.cpp

index 41fbe8b6472464af1dbcfab4ed5aec66b7cf44bd..f7aa6a5e2417a70af2ff8640f369a637b851ddcc 100644 (file)
--- a/src/crypto/CRL.cpp
+++ b/src/crypto/CRL.cpp
@@ -42,11 +42,9 @@ std::string CRL::revoke( std::string serial, std::string time ) {
      X509_REVOKED_set_serialNumber( rev, ser.get() );
  
      if( time != "" ) {
-        const unsigned char* data = ( unsigned char* )( time.data() );
-        d2i_ASN1_TIME( &rev->revocationDate, &data, time.size() );
-    } else {
-        X509_REVOKED_set_revocationDate( rev, tmptm.get() );
+      ASN1_TIME_set_string( tmptm.get(), time.data() );
      }
+    X509_REVOKED_set_revocationDate( rev, tmptm.get() );
  
      X509_CRL_add0_revoked( crl.get(), rev );
  
@@ -107,17 +105,21 @@ std::string CRL::toString() {
  }
  
  std::string CRL::getSignature() {
-    int len = i2d_X509_ALGOR( crl->sig_alg, NULL );
-    len += i2d_ASN1_BIT_STRING( crl->signature, NULL );
-    len += i2d_ASN1_TIME( crl->crl->lastUpdate, NULL );
-    len += i2d_ASN1_TIME( crl->crl->nextUpdate, NULL );
+    const X509_ALGOR *palg;
+    const ASN1_BIT_STRING *psig;
+
+    X509_CRL_get0_signature(crl.get(), &psig, &palg);
+    int len = i2d_X509_ALGOR( const_cast<X509_ALGOR*>(palg), NULL );
+    len += i2d_ASN1_BIT_STRING( const_cast<ASN1_BIT_STRING*>(psig), NULL );
+    len += i2d_ASN1_TIME( const_cast<ASN1_TIME*>(X509_CRL_get0_lastUpdate(crl.get())), NULL );
+    len += i2d_ASN1_TIME( const_cast<ASN1_TIME*>(X509_CRL_get0_nextUpdate(crl.get())), NULL );
  
      unsigned char* buffer = ( unsigned char* ) OPENSSL_malloc( len );
      unsigned char* pos = buffer;
-    i2d_X509_ALGOR( crl->sig_alg, &pos );
-    i2d_ASN1_BIT_STRING( crl->signature, &pos );
-    i2d_ASN1_TIME( crl->crl->lastUpdate, &pos );
-    i2d_ASN1_TIME( crl->crl->nextUpdate, &pos );
+    i2d_X509_ALGOR( const_cast<X509_ALGOR*>(palg), &pos );
+    i2d_ASN1_BIT_STRING( const_cast<ASN1_BIT_STRING*>(psig), &pos );
+    i2d_ASN1_TIME( const_cast<ASN1_TIME*>(X509_CRL_get0_lastUpdate(crl.get())), &pos );
+    i2d_ASN1_TIME( const_cast<ASN1_TIME*>(X509_CRL_get0_nextUpdate(crl.get())), &pos );
      std::string res = std::string( ( char* ) buffer, len );
      OPENSSL_free( buffer );
  
@@ -126,19 +128,33 @@ std::string CRL::getSignature() {
  
  void CRL::setSignature( std::string signature ) {
      X509_CRL_sort( crl.get() );
+    X509_ALGOR *palg;
+    ASN1_BIT_STRING *psig;
+    // this is not intended use of the OPENSSL-API but API-limitations leave us with no other options.
+    X509_CRL_get0_signature(crl.get(), const_cast<const ASN1_BIT_STRING **>(&psig), const_cast<const X509_ALGOR**>(&palg));
+
      const unsigned char* data = ( unsigned char* )( signature.data() );
      const unsigned char* buffer = data;
-    d2i_X509_ALGOR( &crl->sig_alg, &buffer, signature.size() );
-    d2i_ASN1_BIT_STRING( &crl->signature, &buffer, signature.size() + data - buffer );
-    d2i_ASN1_TIME( &crl->crl->lastUpdate, &buffer, signature.size() + data - buffer );
-    d2i_ASN1_TIME( &crl->crl->nextUpdate, &buffer, signature.size() + data - buffer );
+    X509_ALGOR *alg = d2i_X509_ALGOR( NULL, &buffer, signature.size() );
+    ASN1_BIT_STRING *sig = d2i_ASN1_BIT_STRING( NULL, &buffer, signature.size() + data - buffer );
+    ASN1_TIME *a1 = d2i_ASN1_TIME( NULL, &buffer, signature.size() + data - buffer );
+    ASN1_TIME *a2 = d2i_ASN1_TIME( NULL, &buffer, signature.size() + data - buffer );
+    *palg = *alg;
+    *psig = *sig;
+    X509_CRL_set1_lastUpdate( crl.get(), a1);
+    X509_CRL_set1_nextUpdate( crl.get(), a2);
+
+    //X509_ALGOR_free(alg);
+    //ASN1_BIT_STRING_free(sig);
+    ASN1_TIME_free(a1);
+    ASN1_TIME_free(a2);
  }
  
  bool CRL::needsResign() {
      time_t current;
      time( &current );
      current += 60 * 60;// 1 hour
-    auto time = X509_CRL_get_nextUpdate( crl.get() );
+    auto time = X509_CRL_get0_nextUpdate( crl.get() );
  
      if( !time ) {
          return true;
diff --git a/src/crypto/X509.cpp b/src/crypto/X509.cpp

index 1c78a512c332373f9f3e8828dbe180c0a7d8827c..37bb900ff6f281f293dc0489105fbb285eabe94b 100644 (file)
--- a/src/crypto/X509.cpp
+++ b/src/crypto/X509.cpp
@@ -133,7 +133,9 @@ void X509Cert::setPubkeyFrom( std::shared_ptr<X509Req> req ) {
  }
  
  void X509Cert::setSerialNumber( BIGNUM* num ) {
-    BN_to_ASN1_INTEGER( num , target->cert_info->serialNumber );
+    ASN1_INTEGER *i = BN_to_ASN1_INTEGER( num, NULL);
+    X509_set_serialNumber(target.get(), i);
+    ASN1_INTEGER_free(i);
  }
  
  void X509Cert::setTimes( uint32_t before, uint32_t after ) {
@@ -154,7 +156,7 @@ static X509_EXTENSION* do_ext_i2d( int ext_nid, int crit, ASN1_VALUE* ext_struc
          goto merr;
      }
  
-    if( !( ext_oct = M_ASN1_OCTET_STRING_new() ) ) {
+    if( !( ext_oct = ASN1_OCTET_STRING_new() ) ) {
          goto merr;
      }
  
@@ -167,7 +169,7 @@ static X509_EXTENSION* do_ext_i2d( int ext_nid, int crit, ASN1_VALUE* ext_struc
          goto merr;
      }
  
-    M_ASN1_OCTET_STRING_free( ext_oct );
+    ASN1_OCTET_STRING_free( ext_oct );
      return ext;
  
  merr:
@@ -206,7 +208,7 @@ void X509Cert::setExtensions( std::shared_ptr<X509> caCert, std::vector<std::sha
          gen->type = name->type == "DNS" ? GEN_DNS : name->type == "email" ? GEN_EMAIL : 0; // GEN_EMAIL;
  
          if( !gen->type
-                || !( gen->d.ia5 = M_ASN1_IA5STRING_new() )
+                || !( gen->d.ia5 = ASN1_IA5STRING_new() )
                  || !ASN1_STRING_set( gen->d.ia5, name->content.data(), name->content.size() ) ) {
              GENERAL_NAME_free( gen );
              throw std::runtime_error("initing iasting5 failed");
@@ -260,7 +262,7 @@ std::shared_ptr<SignedCertificate> X509Cert::sign( std::shared_ptr<EVP_PKEY> caK
      auto res = std::make_shared<SignedCertificate>();
      res->certificate = std::string( buf->data, buf->data + buf->length );
  
-    std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( target->cert_info->serialNumber, NULL ), BN_free );
+    std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( X509_get_serialNumber(target.get()), NULL ), BN_free );
  
      if( !ser ) {
          throw std::runtime_error("Failed to retrieve certificate serial of signed certificate.");
diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp

index 1c32ba0ed513f877f13811557865cb7989da49f7..a953458d8842f11f006afef1ab350d60c7ea8864 100644 (file)
--- a/src/crypto/remoteSigner.cpp
+++ b/src/crypto/remoteSigner.cpp
@@ -114,13 +114,13 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
              buf += dlen;
          }
  
-        std::shared_ptr<X509> pem( PEM_read_bio_X509( bios.get(), NULL, 0, NULL ) );
+        std::shared_ptr<X509> pem( PEM_read_bio_X509( bios.get(), NULL, 0, NULL ), X509_free );
  
          if( !pem ) {
              throw std::runtime_error("Pem was not readable");
          }
  
-        std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( pem->cert_info->serialNumber, NULL ), BN_free );
+        std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( X509_get_serialNumber(pem.get()), NULL), BN_free );
          std::shared_ptr<char> serStr(
              BN_bn2hex( ser.get() ),
              []( char* p ) {
diff --git a/src/crypto/sslUtil.cpp b/src/crypto/sslUtil.cpp

index 39df1ffc6a8695ee15162551335a16be0fa7fdb1..3b63769a6fdee9987e0325edf0578c61db9c9a7f 100644 (file)
--- a/src/crypto/sslUtil.cpp
+++ b/src/crypto/sslUtil.cpp
@@ -91,7 +91,7 @@ static std::shared_ptr<DH> dh_param;
  
  std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
      std::shared_ptr<SSL_CTX> ctx = std::shared_ptr<SSL_CTX>(
-        SSL_CTX_new( TLSv1_2_method() ),
+        SSL_CTX_new( TLS_method() ),
          []( SSL_CTX* p ) {
              SSL_CTX_free( p );
          } );
@@ -125,14 +125,13 @@ std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
              } else {
                  dh_param = std::shared_ptr<DH>( DH_new(), DH_free );
                  logger::note( "Generating DH params" );
-                BN_GENCB cb;
-                cb.ver = 2;
-                cb.arg = 0;
-                cb.cb.cb_2 = gencb;
+                BN_GENCB *cb = BN_GENCB_new();
+               BN_GENCB_set(cb, gencb, NULL);
  
-                if( !DH_generate_parameters_ex( dh_param.get(), 2048, 5, &cb ) ) {
+                if( !DH_generate_parameters_ex( dh_param.get(), 2048, 5, cb ) ) {
                      throw std::runtime_error("DH generation failed");
                  }
+               BN_GENCB_free(cb);
  
                  std::cout << std::endl;
                  paramfile = std::shared_ptr<FILE>( fopen( "dh_param.pem", "w" ), fclose );
@@ -194,7 +193,7 @@ extern std::string crtPrefix;
  CAConfig::CAConfig( const std::string& name ) : path( "ca/" + name ), name( name ) {
      ca = loadX509FromFile( path + "/ca.crt" );
      caKey = loadPkeyFromFile( path + "/ca.key" );
-    ASN1_TIME* tm = X509_get_notBefore( ca );
+    ASN1_TIME* tm = X509_get_notBefore( ca.get() );
      notBefore = std::shared_ptr<ASN1_TIME>( tm, ASN1_TIME_free );
      std::size_t pos = name.find("_");
      if (pos == std::string::npos) {
@@ -210,7 +209,7 @@ CAConfig::CAConfig( const std::string& name ) : path( "ca/" + name ), name( name
  
  std::string timeToString( std::shared_ptr<ASN1_TIME> time ) {
      std::shared_ptr<ASN1_GENERALIZEDTIME> gtime( ASN1_TIME_to_generalizedtime( time.get(), 0 ) );
-    std::string strdate( ( char* ) ASN1_STRING_data( gtime.get() ), ASN1_STRING_length( gtime.get() ) );
+    std::string strdate( ( char* ) ASN1_STRING_get0_data( gtime.get() ), ASN1_STRING_length( gtime.get() ) );
  
      logger::notef("openssl formatted me a date: %s", strdate);
      if( strdate[strdate.size() - 1] != 'Z' ) {
diff --git a/src/crypto/sslUtil.h b/src/crypto/sslUtil.h

index 079989939a5e3829dabb6e90ffbf6b993bc58815..569c20058eccd47dac2c2125e7e138bd6b774d96 100644 (file)
--- a/src/crypto/sslUtil.h
+++ b/src/crypto/sslUtil.h
@@ -2,6 +2,7 @@
  
  #include <memory>
  #include <string>
+#include <string.h>
  #include <vector>
  #include <cinttypes>
  #include <ctime>
diff --git a/src/io/bios.h b/src/io/bios.h

index e1f26b481623cf2fdb011040ba48c9ae047ecfdd..b1acf18f06794ab3c9d5833459a14b5493a1fb09 100644 (file)
--- a/src/io/bios.h
+++ b/src/io/bios.h
@@ -2,6 +2,27 @@
  
  #include <openssl/bio.h>
  
+struct bio_st {
+  const BIO_METHOD *method;
+  /* bio, mode, argp, argi, argl, ret */
+  long (*callback) (struct bio_st *, int, const char *, int, long, long);
+  char *cb_arg;               /* first argument for the callback */
+  int init;
+  int shutdown;
+  int flags;                  /* extra storage */
+  int retry_reason;
+  int num;
+  void *ptr;
+  struct bio_st *next_bio;    /* used by filter BIOs */
+  struct bio_st *prev_bio;    /* used by filter BIOs */
+  int references;
+  uint64_t num_read;
+  uint64_t num_write;
+  CRYPTO_EX_DATA ex_data;
+  CRYPTO_RWLOCK *lock;
+};
+
+
  #define BIO_TYPE_CUSTOM 0xff
  
  class OpensslBIO {
@@ -47,18 +68,14 @@ BIO_METHOD* toBio() {
  
  template <typename T>
  BIO_METHOD* toBio( int ( *newfunc )( BIO* ) ) {
-    static BIO_METHOD new_method = {
-        T::typeID,
-        T::getName(),
-        BIOWrapper::write,
-        BIOWrapper::read,
-        BIOWrapper::puts,
-        BIOWrapper::gets,
-        BIOWrapper::ctrl,
-        newfunc,
-        BIOWrapper::free,
-        NULL,
-    };
-
-    return &new_method;
+    BIO_METHOD *meth = BIO_meth_new(T::typeID, T::getName());
+    BIO_meth_set_write(meth, BIOWrapper::write);
+    BIO_meth_set_read(meth, BIOWrapper::read);
+    BIO_meth_set_puts(meth, BIOWrapper::puts);
+    BIO_meth_set_gets(meth, BIOWrapper::gets);
+    BIO_meth_set_ctrl(meth, BIOWrapper::ctrl);
+    BIO_meth_set_destroy(meth, BIOWrapper::free);
+    BIO_meth_set_create(meth, newfunc);
+
+    return meth;
  }
author	Felix Dörre <felix@dogcraft.de>
	Fri, 2 Dec 2016 11:31:19 +0000 (11:31 +0000)
committer	Felix Dörre <felix@dogcraft.de>
	Fri, 2 Dec 2016 11:31:19 +0000 (11:31 +0000)
src/apps/client.cpp		patch \| blob \| history
src/crypto/CRL.cpp		patch \| blob \| history
src/crypto/X509.cpp		patch \| blob \| history
src/crypto/remoteSigner.cpp		patch \| blob \| history
src/crypto/sslUtil.cpp		patch \| blob \| history
src/crypto/sslUtil.h		patch \| blob \| history
src/io/bios.h		patch \| blob \| history