|
Lines 1-58
Link Here
|
| 1 |
--- plugins/qca-ossl/qca-ossl.cpp.orig 2020-02-25 09:08:01 UTC |
1 |
Patch from OpenBSD rsadowski@ |
|
|
2 |
|
| 3 |
LibreSSL 3.0.x support from Stefan Strogin <steils@gentoo.org> |
| 4 |
|
| 5 |
Index: plugins/qca-ossl/qca-ossl.cpp |
| 6 |
--- plugins/qca-ossl/qca-ossl.cpp.orig |
| 2 |
+++ plugins/qca-ossl/qca-ossl.cpp |
7 |
+++ plugins/qca-ossl/qca-ossl.cpp |
| 3 |
@@ -43,6 +43,10 @@ |
8 |
@@ -41,7 +41,13 @@ |
|
|
9 |
#include <openssl/pkcs12.h> |
| 10 |
#include <openssl/ssl.h> |
| 4 |
|
11 |
|
| 5 |
#include <openssl/kdf.h> |
|
|
| 6 |
|
| 7 |
+#ifndef RSA_F_RSA_OSSL_PRIVATE_DECRYPT |
12 |
+#ifndef RSA_F_RSA_OSSL_PRIVATE_DECRYPT |
| 8 |
+#define RSA_F_RSA_OSSL_PRIVATE_DECRYPT RSA_F_RSA_EAY_PRIVATE_DECRYPT |
13 |
+#define RSA_F_RSA_OSSL_PRIVATE_DECRYPT RSA_F_RSA_EAY_PRIVATE_DECRYPT |
| 9 |
+#endif |
14 |
+#endif |
| 10 |
+ |
15 |
+ |
|
|
16 |
+#ifndef LIBRESSL_VERSION_NUMBER |
| 17 |
#include <openssl/kdf.h> |
| 18 |
+#endif |
| 19 |
|
| 11 |
using namespace QCA; |
20 |
using namespace QCA; |
| 12 |
|
21 |
|
| 13 |
namespace opensslQCAPlugin { |
22 |
@@ -1262,6 +1268,7 @@ class opensslPbkdf2Context : public KDFContext (public |
| 14 |
@@ -1272,6 +1276,7 @@ class opensslHkdfContext : public HKDFContext (public) |
23 |
protected: |
| 15 |
const InitializationVector &info, unsigned int keyLength) override |
24 |
}; |
| 16 |
{ |
25 |
|
| 17 |
SecureArray out(keyLength); |
26 |
+#ifndef LIBRESSL_VERSION_NUMBER |
| 18 |
+#ifdef EVP_PKEY_HKDF |
27 |
class opensslHkdfContext : public HKDFContext |
| 19 |
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr); |
28 |
{ |
| 20 |
EVP_PKEY_derive_init(pctx); |
29 |
Q_OBJECT |
| 21 |
EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()); |
30 |
@@ -1291,6 +1298,7 @@ class opensslHkdfContext : public HKDFContext (public) |
| 22 |
@@ -1281,6 +1286,36 @@ class opensslHkdfContext : public HKDFContext (public) |
|
|
| 23 |
size_t outlen = out.size(); |
| 24 |
EVP_PKEY_derive(pctx, reinterpret_cast<unsigned char*>(out.data()), &outlen); |
| 25 |
EVP_PKEY_CTX_free(pctx); |
| 26 |
+#else |
| 27 |
+ unsigned char prk[EVP_MAX_MD_SIZE]; |
| 28 |
+ unsigned char *ret; |
| 29 |
+ unsigned int prk_len; |
| 30 |
+ HMAC(EVP_sha256(), salt.data(), salt.size(), reinterpret_cast<const unsigned char*>(secret.data()), secret.size(), prk, &prk_len); |
| 31 |
+ HMAC_CTX hmac; |
| 32 |
+ unsigned char prev[EVP_MAX_MD_SIZE]; |
| 33 |
+ size_t done_len = 0; |
| 34 |
+ size_t dig_len = EVP_MD_size(EVP_sha256()); |
| 35 |
+ size_t n = out.size() / dig_len; |
| 36 |
+ if (out.size() % dig_len) ++n; |
| 37 |
+ HMAC_CTX_init(&hmac); |
| 38 |
+ HMAC_Init_ex(&hmac, prk, prk_len, EVP_sha256(), nullptr); |
| 39 |
+ for (unsigned int i = 1; i <= n; ++i) { |
| 40 |
+ const unsigned char ctr = i; |
| 41 |
+ if (i > 1) { |
| 42 |
+ HMAC_Init_ex(&hmac, nullptr, 0, nullptr, nullptr); |
| 43 |
+ HMAC_Update(&hmac, prev, dig_len); |
| 44 |
+ } |
| 45 |
+ HMAC_Update(&hmac, reinterpret_cast<const unsigned char*>(info.data()), info.size()); |
| 46 |
+ HMAC_Update(&hmac, &ctr, 1); |
| 47 |
+ HMAC_Final(&hmac, prev, nullptr); |
| 48 |
+ size_t copy_len = (done_len + dig_len > out.size()) ? |
| 49 |
+ out.size() - done_len : dig_len; |
| 50 |
+ memcpy(reinterpret_cast<unsigned char *>(out.data()) + done_len, prev, copy_len); |
| 51 |
+ done_len += copy_len; |
| 52 |
+ } |
| 53 |
+ HMAC_CTX_cleanup(&hmac); |
| 54 |
+ OPENSSL_cleanse(prk, sizeof prk); |
| 55 |
+#endif |
| 56 |
return out; |
31 |
return out; |
| 57 |
} |
32 |
} |
| 58 |
}; |
33 |
}; |
|
|
34 |
+#endif // LIBRESSL_VERSION_NUMBER |
| 35 |
|
| 36 |
class opensslHMACContext : public MACContext |
| 37 |
{ |
| 38 |
@@ -4990,7 +4998,11 @@ class MyTLSContext : public TLSContext (public) |
| 39 |
case TLS::TLS_v1: |
| 40 |
ctx = SSL_CTX_new(TLS_client_method()); |
| 41 |
SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); |
| 42 |
+#ifdef TLS1_3_VERSION |
| 43 |
SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); |
| 44 |
+#else |
| 45 |
+ SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION); |
| 46 |
+#endif |
| 47 |
break; |
| 48 |
case TLS::DTLS_v1: |
| 49 |
default: |
| 50 |
@@ -5011,7 +5023,11 @@ class MyTLSContext : public TLSContext (public) |
| 51 |
QStringList cipherList; |
| 52 |
for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { |
| 53 |
const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i); |
| 54 |
+#ifndef LIBRESSL_VERSION_NUMBER |
| 55 |
cipherList += QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher)); |
| 56 |
+#else |
| 57 |
+ cipherList += QString::fromLatin1(SSL_CIPHER_get_name(thisCipher)); |
| 58 |
+#endif |
| 59 |
} |
| 60 |
sk_SSL_CIPHER_free(sk); |
| 61 |
|
| 62 |
@@ -5404,7 +5420,11 @@ class MyTLSContext : public TLSContext (public) |
| 63 |
sessInfo.version = TLS::TLS_v1; |
| 64 |
} |
| 65 |
|
| 66 |
+#ifndef LIBRESSL_VERSION_NUMBER |
| 67 |
sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl))); |
| 68 |
+#else |
| 69 |
+ sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_get_name(SSL_get_current_cipher(ssl))); |
| 70 |
+#endif |
| 71 |
|
| 72 |
sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits)); |
| 73 |
|
| 74 |
@@ -6751,7 +6771,9 @@ class opensslProvider : public Provider (public) |
| 75 |
#endif |
| 76 |
list += QStringLiteral("pbkdf1(sha1)"); |
| 77 |
list += QStringLiteral("pbkdf2(sha1)"); |
| 78 |
+#ifndef LIBRESSL_VERSION_NUMBER |
| 79 |
list += QStringLiteral("hkdf(sha256)"); |
| 80 |
+#endif |
| 81 |
list += QStringLiteral("pkey"); |
| 82 |
list += QStringLiteral("dlgroup"); |
| 83 |
list += QStringLiteral("rsa"); |
| 84 |
@@ -6820,8 +6842,10 @@ class opensslProvider : public Provider (public) |
| 85 |
#endif |
| 86 |
else if ( type == QLatin1String("pbkdf2(sha1)") ) |
| 87 |
return new opensslPbkdf2Context( this, type ); |
| 88 |
+#ifndef LIBRESSL_VERSION_NUMBER |
| 89 |
else if ( type == QLatin1String("hkdf(sha256)") ) |
| 90 |
return new opensslHkdfContext( this, type ); |
| 91 |
+#endif |
| 92 |
else if ( type == QLatin1String("hmac(md5)") ) |
| 93 |
return new opensslHMACContext( EVP_md5(), this, type ); |
| 94 |
else if ( type == QLatin1String("hmac(sha1)") ) |