278 lines
13 KiB
Diff
278 lines
13 KiB
Diff
--- ./libretroshare/src/gxs/gxssecurity.cc.orig 2017-08-03 21:29:52.000000000 +0200
|
|
+++ ./libretroshare/src/gxs/gxssecurity.cc 2018-04-24 21:55:24.805942754 +0200
|
|
@@ -41,7 +41,7 @@ static const uint32_t MULTI_ENCRYPTION_F
|
|
|
|
static RsGxsId getRsaKeyFingerprint_old_insecure_method(RSA *pubkey)
|
|
{
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
int lenn = BN_num_bytes(pubkey -> n);
|
|
|
|
RsTemporaryMemory tmp(lenn) ;
|
|
@@ -65,7 +65,7 @@ static RsGxsId getRsaKeyFingerprint_old_
|
|
}
|
|
static RsGxsId getRsaKeyFingerprint(RSA *pubkey)
|
|
{
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
int lenn = BN_num_bytes(pubkey -> n);
|
|
int lene = BN_num_bytes(pubkey -> e);
|
|
|
|
--- ./libretroshare/src/gxstunnel/p3gxstunnel.cc.orig 2017-08-03 21:29:52.000000000 +0200
|
|
+++ ./libretroshare/src/gxstunnel/p3gxstunnel.cc 2018-04-24 21:55:24.834942797 +0200
|
|
@@ -1060,7 +1060,7 @@ bool p3GxsTunnelService::locked_sendDHPu
|
|
}
|
|
|
|
RsGxsTunnelDHPublicKeyItem *dhitem = new RsGxsTunnelDHPublicKeyItem ;
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
dhitem->public_key = BN_dup(dh->pub_key) ;
|
|
#else
|
|
const BIGNUM *pub_key=NULL ;
|
|
@@ -1144,7 +1144,7 @@ bool p3GxsTunnelService::locked_initDHSe
|
|
return false ;
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
BN_hex2bn(&dh->p,dh_prime_2048_hex.c_str()) ;
|
|
BN_hex2bn(&dh->g,"5") ;
|
|
#else
|
|
--- ./libretroshare/src/pqi/pqissl.cc.orig 2017-08-03 21:29:52.000000000 +0200
|
|
+++ ./libretroshare/src/pqi/pqissl.cc 2018-04-24 21:55:24.906942906 +0200
|
|
@@ -361,7 +361,7 @@ void pqissl::getCryptoParams(RsPeerCrypt
|
|
|
|
bool pqissl::actAsServer()
|
|
{
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
return (bool)ssl_connection->server;
|
|
#else
|
|
return (bool)SSL_is_server(ssl_connection);
|
|
@@ -1230,7 +1230,7 @@ int pqissl::Extract_Failed_SSL_Certific
|
|
RsPeerId sslid ;
|
|
getX509id(peercert, sslid) ;
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
RsPgpId gpgid(getX509CNString(peercert->cert_info->issuer));
|
|
std::string sslcn = getX509CNString(peercert->cert_info->subject);
|
|
#else
|
|
--- ./libretroshare/src/pqi/pqissllistener.cc.orig 2017-08-03 21:29:52.000000000 +0200
|
|
+++ ./libretroshare/src/pqi/pqissllistener.cc 2018-04-24 21:55:24.919942926 +0200
|
|
@@ -493,7 +493,7 @@ int pqissllistenbase::continueSSL(Incomi
|
|
#endif
|
|
if(x509 != NULL)
|
|
{
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
incoming_connexion_info.gpgid = RsPgpId(std::string(getX509CNString(x509->cert_info->issuer)));
|
|
incoming_connexion_info.sslcn = getX509CNString(x509->cert_info->subject);
|
|
#else
|
|
@@ -892,7 +892,7 @@ int pqissllistener::completeConnection(i
|
|
AuthSSL::getAuthSSL()->CheckCertificate(newPeerId, peercert);
|
|
|
|
/* now need to get GPG id too */
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
RsPgpId pgpid(std::string(getX509CNString(peercert->cert_info->issuer)));
|
|
#else
|
|
RsPgpId pgpid(std::string(getX509CNString(X509_get_issuer_name(peercert))));
|
|
--- ./libretroshare/src/pqi/sslfns.cc.orig 2017-08-03 21:29:52.000000000 +0200
|
|
+++ ./libretroshare/src/pqi/sslfns.cc 2018-04-24 21:55:24.935942950 +0200
|
|
@@ -602,7 +602,7 @@ bool getX509id(X509 *x509, RsPeerId& xid
|
|
}
|
|
|
|
// get the signature from the cert, and copy to the array.
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
ASN1_BIT_STRING *signature = x509->signature;
|
|
#else
|
|
const ASN1_BIT_STRING *signature = NULL ;
|
|
@@ -700,7 +700,7 @@ int LoadCheckX509(const char *cert_file,
|
|
if (valid)
|
|
{
|
|
// extract the name.
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
issuerName = RsPgpId(std::string(getX509CNString(x509->cert_info->issuer)));
|
|
location = getX509LocString(x509->cert_info->subject);
|
|
#else
|
|
--- ./libretroshare/src/util/rsrecogn.cc.orig 2017-08-03 21:29:52.000000000 +0200
|
|
+++ ./libretroshare/src/util/rsrecogn.cc 2018-04-24 21:55:24.955942980 +0200
|
|
@@ -508,7 +508,7 @@ bool RsRecogn::itemToRadix64(RsItem *ite
|
|
|
|
std::string RsRecogn::getRsaKeyId(RSA *pubkey)
|
|
{
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
int len = BN_num_bytes(pubkey -> n);
|
|
unsigned char tmp[len];
|
|
BN_bn2bin(pubkey -> n, tmp);
|
|
--- ./openpgpsdk/src/openpgpsdk/openssl_crypto.c.orig 2017-08-03 21:29:52.000000000 +0200
|
|
+++ ./openpgpsdk/src/openpgpsdk/openssl_crypto.c 2018-04-24 21:55:24.966942997 +0200
|
|
@@ -45,7 +45,7 @@ void test_secret_key(const ops_secret_ke
|
|
{
|
|
RSA* test=RSA_new();
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
test->n=BN_dup(skey->public_key.key.rsa.n);
|
|
test->e=BN_dup(skey->public_key.key.rsa.e);
|
|
test->d=BN_dup(skey->key.rsa.d);
|
|
@@ -402,7 +402,7 @@ ops_boolean_t ops_dsa_verify(const unsig
|
|
|
|
osig=DSA_SIG_new();
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
osig->r=sig->r;
|
|
osig->s=sig->s;
|
|
#else
|
|
@@ -417,7 +417,7 @@ ops_boolean_t ops_dsa_verify(const unsig
|
|
already_said=ops_true ;
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
osig->r=NULL; // in this case, the values are not copied.
|
|
osig->s=NULL;
|
|
#endif
|
|
@@ -427,7 +427,7 @@ ops_boolean_t ops_dsa_verify(const unsig
|
|
}
|
|
|
|
odsa=DSA_new();
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
odsa->p=dsa->p;
|
|
odsa->q=dsa->q;
|
|
odsa->g=dsa->g;
|
|
@@ -471,7 +471,7 @@ ops_boolean_t ops_dsa_verify(const unsig
|
|
return ops_false ;
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
osig->r=NULL;
|
|
osig->s=NULL;
|
|
|
|
@@ -503,7 +503,7 @@ int ops_rsa_public_decrypt(unsigned char
|
|
int n;
|
|
|
|
orsa=RSA_new();
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
orsa->n=rsa->n;
|
|
orsa->e=rsa->e;
|
|
#else
|
|
@@ -512,7 +512,7 @@ int ops_rsa_public_decrypt(unsigned char
|
|
|
|
n=RSA_public_decrypt(length,in,out,orsa,RSA_NO_PADDING);
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
orsa->n=orsa->e=NULL;
|
|
#endif
|
|
RSA_free(orsa);
|
|
@@ -538,7 +538,7 @@ int ops_rsa_private_encrypt(unsigned cha
|
|
int n;
|
|
|
|
orsa=RSA_new();
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
orsa->n=rsa->n; // XXX: do we need n?
|
|
orsa->d=srsa->d;
|
|
orsa->p=srsa->q;
|
|
@@ -564,7 +564,7 @@ int ops_rsa_private_encrypt(unsigned cha
|
|
|
|
n=RSA_private_encrypt(length,in,out,orsa,RSA_NO_PADDING);
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
orsa->n=orsa->d=orsa->p=orsa->q=NULL;
|
|
orsa->e=NULL;
|
|
#endif
|
|
@@ -592,7 +592,7 @@ int ops_rsa_private_decrypt(unsigned cha
|
|
char errbuf[1024];
|
|
|
|
orsa=RSA_new();
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
orsa->n=rsa->n; // XXX: do we need n?
|
|
orsa->d=srsa->d;
|
|
orsa->p=srsa->q;
|
|
@@ -618,7 +618,7 @@ int ops_rsa_private_decrypt(unsigned cha
|
|
ERR_error_string(err,&errbuf[0]);
|
|
fprintf(stderr,"openssl error : %s\n",errbuf);
|
|
}
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
orsa->n=orsa->d=orsa->p=orsa->q=NULL;
|
|
orsa->e=NULL;
|
|
#endif
|
|
@@ -644,7 +644,7 @@ int ops_rsa_public_encrypt(unsigned char
|
|
// printf("ops_rsa_public_encrypt: length=%ld\n", length);
|
|
|
|
orsa=RSA_new();
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
orsa->n=rsa->n;
|
|
orsa->e=rsa->e;
|
|
#else
|
|
@@ -664,7 +664,7 @@ int ops_rsa_public_encrypt(unsigned char
|
|
BIO_free(fd_out) ;
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
orsa->n=orsa->e=NULL;
|
|
#endif
|
|
RSA_free(orsa);
|
|
@@ -744,7 +744,7 @@ ops_boolean_t ops_rsa_generate_keypair(c
|
|
skey->public_key.days_valid=0;
|
|
skey->public_key.algorithm= OPS_PKA_RSA;
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
skey->public_key.key.rsa.n=BN_dup(rsa->n);
|
|
skey->public_key.key.rsa.e=BN_dup(rsa->e);
|
|
skey->key.rsa.d=BN_dup(rsa->d);
|
|
@@ -766,7 +766,7 @@ ops_boolean_t ops_rsa_generate_keypair(c
|
|
skey->octet_count=0;
|
|
skey->checksum=0;
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
skey->key.rsa.p=BN_dup(rsa->p);
|
|
skey->key.rsa.q=BN_dup(rsa->q);
|
|
skey->key.rsa.u=BN_mod_inverse(NULL,rsa->p, rsa->q, ctx);
|
|
@@ -888,7 +888,7 @@ DSA_SIG* ops_dsa_sign(unsigned char* has
|
|
DSA_SIG *dsasig;
|
|
|
|
odsa=DSA_new();
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
odsa->p=dsa->p;
|
|
odsa->q=dsa->q;
|
|
odsa->g=dsa->g;
|
|
@@ -901,7 +901,7 @@ DSA_SIG* ops_dsa_sign(unsigned char* has
|
|
|
|
dsasig=DSA_do_sign(hashbuf,hashsize,odsa);
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
odsa->p=odsa->q=odsa->g=odsa->pub_key=odsa->priv_key=NULL;
|
|
#endif
|
|
DSA_free(odsa);
|
|
--- ./openpgpsdk/src/openpgpsdk/signature.c.orig 2017-08-03 21:29:52.000000000 +0200
|
|
+++ ./openpgpsdk/src/openpgpsdk/signature.c 2018-04-24 21:55:24.992943036 +0200
|
|
@@ -298,7 +298,7 @@ static ops_boolean_t dsa_sign(ops_hash_t
|
|
dsasig=ops_dsa_sign(hashbuf, hashsize, sdsa, dsa);
|
|
|
|
// convert and write the sig out to memory
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
ops_write_mpi(dsasig->r, cinfo);
|
|
ops_write_mpi(dsasig->s, cinfo);
|
|
#else
|