- Timestamp:
- Sep 14, 2016 12:03:10 PM (8 years ago)
- Location:
- trunk/src/VBox
- Files:
-
- 3 edited
-
RDP/client-1.8.3/ssl.c (modified) (7 diffs)
-
Runtime/VBox/VBoxRTDeps.cpp (modified) (2 diffs)
-
Runtime/common/crypto/pkix-verify.cpp (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/RDP/client-1.8.3/ssl.c
r55123 r63831 97 97 uint8 * exponent) 98 98 { 99 #if OPENSSL_VERSION_NUMBER >= 0x10100000 100 BN_CTX *ctx; 101 BIGNUM *mod, *exp, *x, *y; 102 uint8 inr[SEC_MAX_MODULUS_SIZE]; 103 int outlen; 104 105 reverse(modulus, modulus_size); 106 reverse(exponent, SEC_EXPONENT_SIZE); 107 memcpy(inr, in, len); 108 reverse(inr, len); 109 110 ctx = BN_CTX_new(); 111 mod = BN_new(); 112 exp = BN_new(); 113 x = BN_new(); 114 y = BN_new(); 115 116 BN_bin2bn(modulus, modulus_size, mod); 117 BN_bin2bn(exponent, SEC_EXPONENT_SIZE, exp); 118 BN_bin2bn(inr, len, x); 119 BN_mod_exp(y, x, exp, mod, ctx); 120 outlen = BN_bn2bin(y, out); 121 reverse(out, outlen); 122 if (outlen < (int) modulus_size) 123 memset(out + outlen, 0, modulus_size - outlen); 124 125 BN_free(y); 126 BN_clear_free(x); 127 BN_free(exp); 128 BN_free(mod); 129 BN_CTX_free(ctx); 130 #else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ 99 131 BN_CTX *ctx; 100 132 BIGNUM mod, exp, x, y; … … 127 159 BN_free(&mod); 128 160 BN_CTX_free(ctx); 161 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ 129 162 } 130 163 … … 156 189 Kudos to Richard Levitte for the following (. intiutive .) 157 190 lines of code that resets the OID and let's us extract the key. */ 191 #if OPENSSL_VERSION_NUMBER >= 0x1010000 192 X509_PUBKEY *x509_pk = X509_get_X509_PUBKEY(cert); 193 X509_ALGOR *algor; 194 const ASN1_OBJECT *alg_obj; 195 X509_PUBKEY_get0_param(NULL, NULL, NULL, &algor, x509_pk); 196 X509_ALGOR_get0(&alg_obj, NULL, NULL, algor); 197 nid = OBJ_obj2nid(alg_obj); 198 if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) 199 { 200 DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); 201 X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsaEncryption), 0, NULL); 202 } 203 #else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ 158 204 nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); 159 205 if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) … … 163 209 cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); 164 210 } 211 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ 165 212 epk = X509_get_pubkey(cert); 166 213 if (NULL == epk) … … 211 258 int len; 212 259 260 #if OPENSSL_VERSION_NUMBER >= 0x10100000 261 const BIGNUM *e, *n; 262 RSA_get0_key(rkey, &n, &e, NULL); 263 if ((BN_num_bytes(e) > (int) max_exp_len) || 264 (BN_num_bytes(n) > (int) max_mod_len)) 265 { 266 return 1; 267 } 268 len = BN_bn2bin(e, exponent); 269 reverse(exponent, len); 270 len = BN_bn2bin(n, modulus); 271 reverse(modulus, len); 272 #else 213 273 if ((BN_num_bytes(rkey->e) > (int) max_exp_len) || 214 274 (BN_num_bytes(rkey->n) > (int) max_mod_len)) … … 220 280 len = BN_bn2bin(rkey->n, modulus); 221 281 reverse(modulus, len); 282 #endif 222 283 return 0; 223 284 } … … 239 300 unsigned char *md) 240 301 { 302 #if OPENSSL_VERSION_NUMBER < 0x10100000 241 303 HMAC_CTX ctx; 242 304 HMAC_CTX_init(&ctx); 305 #endif 243 306 HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL); 307 #if OPENSSL_VERSION_NUMBER < 0x10100000 244 308 HMAC_CTX_cleanup(&ctx); 245 } 309 #endif 310 } -
trunk/src/VBox/Runtime/VBox/VBoxRTDeps.cpp
r62635 r63831 77 77 (PFNRT)i2d_X509, 78 78 (PFNRT)i2d_PublicKey, 79 #if OPENSSL_VERSION_NUMBER < 0x10100000 79 80 (PFNRT)RSA_generate_key, 81 #endif 80 82 (PFNRT)RSA_generate_key_ex, 83 #if OPENSSL_VERSION_NUMBER < 0x10100000 81 84 (PFNRT)DH_generate_parameters, 85 #endif 82 86 (PFNRT)DH_generate_parameters_ex, 83 87 (PFNRT)RAND_load_file, 88 #if OPENSSL_VERSION_NUMBER < 0x10100000 84 89 (PFNRT)CRYPTO_set_dynlock_create_callback, 85 90 (PFNRT)CRYPTO_set_dynlock_lock_callback, 86 91 (PFNRT)CRYPTO_set_dynlock_destroy_callback, 92 #endif 87 93 (PFNRT)RTAssertShouldPanic, 88 94 (PFNRT)ASMAtomicReadU64, … … 91 97 (PFNRT)RTBldCfgRevision, 92 98 (PFNRT)SSL_free, 99 #if OPENSSL_VERSION_NUMBER < 0x10100000 93 100 (PFNRT)SSL_library_init, 94 101 (PFNRT)SSL_load_error_strings, 102 #endif 95 103 (PFNRT)SSL_CTX_free, 96 104 (PFNRT)SSL_CTX_use_certificate_file, 97 105 (PFNRT)SSLv23_method, 106 #if OPENSSL_VERSION_NUMBER < 0x10100000 98 107 (PFNRT)TLSv1_server_method, 108 #endif 99 109 NULL 100 110 }; -
trunk/src/VBox/Runtime/common/crypto/pkix-verify.cpp
r62477 r63831 124 124 "EVP_get_digestbyname failed on %s (%s)", pszAlogSn, pAlgorithm->szObjId); 125 125 126 # if OPENSSL_VERSION_NUMBER >= 0x10100000 127 128 EVP_MD_CTX *pEvpMdCtx = EVP_MD_CTX_create(); 129 if (!pEvpMdCtx) 130 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALOG_INIT_FAILED, 131 "EVP_MD_CTX_create failed"); 132 if (!EVP_VerifyInit_ex(pEvpMdCtx, pEvpMdType, NULL /*engine*/)) 133 { 134 EVP_MD_CTX_destroy(pEvpMdCtx); 135 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALOG_INIT_FAILED, 136 "EVP_VerifyInit_ex failed (algorithm type is %s / %s)", pszAlogSn, pAlgorithm->szObjId); 137 } 138 139 /* Create an EVP public key. */ 140 int rcOssl; 141 EVP_PKEY *pEvpPublicKey = EVP_PKEY_new(); 142 if (pEvpPublicKey) 143 { 144 EVP_PKEY_set_type(pEvpPublicKey, iAlgoNid); 145 int keyType = EVP_PKEY_base_id(pEvpPublicKey); 146 if (keyType != NID_undef) 147 { 148 const unsigned char *puchPublicKey = RTASN1BITSTRING_GET_BIT0_PTR(pPublicKey); 149 if (d2i_PublicKey(keyType, &pEvpPublicKey, &puchPublicKey, RTASN1BITSTRING_GET_BYTE_SIZE(pPublicKey))) 150 { 151 /* Digest the data. */ 152 EVP_VerifyUpdate(pEvpMdCtx, pvData, cbData); 153 154 /* Verify the signature. */ 155 if (EVP_VerifyFinal(pEvpMdCtx, 156 RTASN1BITSTRING_GET_BIT0_PTR(pSignatureValue), 157 RTASN1BITSTRING_GET_BYTE_SIZE(pSignatureValue), 158 pEvpPublicKey) > 0) 159 rcOssl = VINF_SUCCESS; 160 else 161 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_VERIFY_FINAL_FAILED, "EVP_VerifyFinal failed"); 162 } 163 else 164 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_D2I_PUBLIC_KEY_FAILED, "d2i_PublicKey failed"); 165 } 166 else 167 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, 168 "EVP_PKEY_type(%d) failed", iAlgoNid); 169 /* Cleanup and return.*/ 170 EVP_PKEY_free(pEvpPublicKey); 171 } 172 else 173 rcOssl = RTErrInfoSetF(pErrInfo, VERR_NO_MEMORY, "EVP_PKEY_new(%d) failed", iAlgoNid); 174 EVP_MD_CTX_destroy(pEvpMdCtx); 175 176 # else /* OPENSSL_VERSION_NUMBER < 0x1010000 */ 177 126 178 /* Initialize the EVP message digest context. */ 127 179 EVP_MD_CTX EvpMdCtx; … … 167 219 EVP_MD_CTX_cleanup(&EvpMdCtx); 168 220 221 # endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ 222 169 223 /* 170 224 * Check the result. … … 256 310 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP, 257 311 "EVP_get_digestbyname failed on %s (%s)", pszAlogSn, pszAlgObjId); 312 313 # if OPENSSL_VERSION_NUMBER >= 0x10100000 314 315 /* Create an EVP public key. */ 316 int rcOssl; 317 EVP_PKEY *pEvpPublicKey = EVP_PKEY_new(); 318 if (pEvpPublicKey) 319 { 320 EVP_PKEY_set_type(pEvpPublicKey, iAlgoNid); 321 int keyType = EVP_PKEY_base_id(pEvpPublicKey); 322 if (keyType != NID_undef) 323 { 324 const unsigned char *puchPublicKey = RTASN1BITSTRING_GET_BIT0_PTR(pPublicKey); 325 if (d2i_PublicKey(keyType, &pEvpPublicKey, &puchPublicKey, RTASN1BITSTRING_GET_BYTE_SIZE(pPublicKey))) 326 { 327 /* Create an EVP public key context we can use to validate the digest. */ 328 EVP_PKEY_CTX *pEvpPKeyCtx = EVP_PKEY_CTX_new(pEvpPublicKey, NULL); 329 if (pEvpPKeyCtx) 330 { 331 rcOssl = EVP_PKEY_verify_init(pEvpPKeyCtx); 332 if (rcOssl > 0) 333 { 334 rcOssl = EVP_PKEY_CTX_set_signature_md(pEvpPKeyCtx, pEvpMdType); 335 if (rcOssl > 0) 336 { 337 /* Get the digest from hDigest and verify it. */ 338 rcOssl = EVP_PKEY_verify(pEvpPKeyCtx, 339 (uint8_t const *)pvSignedDigest, 340 cbSignedDigest, 341 RTCrDigestGetHash(hDigest), 342 RTCrDigestGetHashSize(hDigest)); 343 if (rcOssl > 0) 344 rcOssl = VINF_SUCCESS; 345 else 346 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_VERIFY_FINAL_FAILED, 347 "EVP_PKEY_verify failed (%d)", rcOssl); 348 } 349 else 350 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, 351 "EVP_PKEY_CTX_set_signature_md failed (%d)", rcOssl); 352 } 353 else 354 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, 355 "EVP_PKEY_verify_init failed (%d)", rcOssl); 356 EVP_PKEY_CTX_free(pEvpPKeyCtx); 357 } 358 else 359 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, "EVP_PKEY_CTX_new failed"); 360 } 361 else 362 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_D2I_PUBLIC_KEY_FAILED, "d2i_PublicKey failed"); 363 } 364 else 365 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, 366 "EVP_PKEY_type(%d) failed", iAlgoNid); 367 /* Cleanup and return.*/ 368 EVP_PKEY_free(pEvpPublicKey); 369 } 370 else 371 rcOssl = RTErrInfoSetF(pErrInfo, VERR_NO_MEMORY, "EVP_PKEY_new(%d) failed", iAlgoNid); 372 373 # else /* OPENSSL_VERSION_NUMBER < 0x1010000 */ 258 374 259 375 /* Create an EVP public key. */ … … 314 430 rcOssl = RTErrInfoSetF(pErrInfo, VERR_NO_MEMORY, "EVP_PKEY_new(%d) failed", pEvpMdType->required_pkey_type[0]); 315 431 432 # endif /* OPENSSL_VERSION_NUMBER < 0x1010000 */ 433 316 434 /* 317 435 * Check the result.
Note:
See TracChangeset
for help on using the changeset viewer.
