]>
Commit | Line | Data |
---|---|---|
d625c23e AM |
1 | commit 57878ff44f9bb41155dea425949d344b87652aeb |
2 | Author: Ivan Romanov <drizt@land.ru> | |
3 | Date: Wed Aug 10 12:16:46 2016 +0500 | |
4 | ||
5 | Add support for AES GCM and AES CCM modes | |
6 | ||
7 | Only qca-openssl now can use GCM and CCM. CCM is not tested and | |
8 | planed for future. | |
9 | ||
10 | diff --git a/include/QtCrypto/qca_basic.h b/include/QtCrypto/qca_basic.h | |
11 | index c36a2bd..3806c29 100644 | |
12 | --- a/include/QtCrypto/qca_basic.h | |
13 | +++ b/include/QtCrypto/qca_basic.h | |
14 | @@ -2,6 +2,7 @@ | |
15 | * qca_basic.h - Qt Cryptographic Architecture | |
16 | * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com> | |
17 | * Copyright (C) 2004-2007 Brad Hards <bradh@frogmouth.net> | |
18 | + * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru> | |
19 | * | |
20 | * This library is free software; you can redistribute it and/or | |
21 | * modify it under the terms of the GNU Lesser General Public | |
22 | @@ -583,6 +584,7 @@ private: | |
23 | ||
24 | \ingroup UserAPI | |
25 | */ | |
26 | + | |
27 | class QCA_EXPORT Cipher : public Algorithm, public Filter | |
28 | { | |
29 | public: | |
30 | @@ -599,7 +601,9 @@ public: | |
31 | CFB, ///< operate in %Cipher FeedBack mode | |
32 | ECB, ///< operate in Electronic Code Book mode | |
33 | OFB, ///< operate in Output FeedBack Mode | |
34 | - CTR ///< operate in CounTer Mode | |
35 | + CTR, ///< operate in CounTer Mode | |
36 | + GCM, ///< operate in Galois Counter Mode | |
37 | + CCM ///< operate in Counter with CBC-MAC | |
38 | }; | |
39 | ||
40 | /** | |
41 | @@ -636,6 +640,28 @@ public: | |
42 | const InitializationVector &iv = InitializationVector(), | |
43 | const QString &provider = QString()); | |
44 | ||
45 | + /** | |
46 | + Standard constructor | |
47 | + | |
48 | + \param type the name of the cipher specialisation to use (e.g. | |
49 | + "aes128") | |
50 | + \param mode the operating Mode to use (e.g. QCA::Cipher::CBC) | |
51 | + \param pad the type of Padding to use | |
52 | + \param dir the Direction that this Cipher should use (Encode for | |
53 | + encryption, Decode for decryption) | |
54 | + \param key the SymmetricKey array that is the key | |
55 | + \param iv the InitializationVector to use (not used for ECB mode) | |
56 | + \param tag the AuthTag to use (only for GCM and CCM modes) | |
57 | + \param provider the name of the Provider to use | |
58 | + | |
59 | + \note Padding only applies to CBC and ECB modes. CFB and OFB | |
60 | + ciphertext is always the length of the plaintext. | |
61 | + */ | |
62 | + Cipher(const QString &type, Mode mode, Padding pad, | |
63 | + Direction dir, const SymmetricKey &key, | |
64 | + const InitializationVector &iv, const AuthTag &tag, | |
65 | + const QString &provider = QString()); | |
66 | + | |
67 | /** | |
68 | Standard copy constructor | |
69 | ||
70 | @@ -699,6 +725,11 @@ public: | |
71 | */ | |
72 | int blockSize() const; | |
73 | ||
74 | + /** | |
75 | + return the authentication tag for the cipher object | |
76 | + */ | |
77 | + AuthTag tag() const; | |
78 | + | |
79 | /** | |
80 | reset the cipher object, to allow re-use | |
81 | */ | |
82 | @@ -741,6 +772,22 @@ public: | |
83 | */ | |
84 | void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv = InitializationVector()); | |
85 | ||
86 | + /** | |
87 | + Reset / reconfigure the Cipher | |
88 | + | |
89 | + You can use this to re-use an existing Cipher, rather than creating | |
90 | + a new object with a slightly different configuration. | |
91 | + | |
92 | + \param dir the Direction that this Cipher should use (Encode for | |
93 | + encryption, Decode for decryption) | |
94 | + \param key the SymmetricKey array that is the key | |
95 | + \param iv the InitializationVector to use (not used for ECB Mode) | |
96 | + \param tag the AuthTag to use (only for GCM and CCM modes) | |
97 | + | |
98 | + \note You should not leave iv empty for any Mode except ECB. | |
99 | + */ | |
100 | + void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag); | |
101 | + | |
102 | /** | |
103 | Construct a Cipher type string | |
104 | ||
105 | @@ -751,7 +798,6 @@ public: | |
106 | QCA::PCKS7) | |
107 | */ | |
108 | static QString withAlgorithms(const QString &cipherType, Mode modeType, Padding paddingType); | |
109 | - | |
110 | private: | |
111 | class Private; | |
112 | Private *d; | |
113 | diff --git a/include/QtCrypto/qca_core.h b/include/QtCrypto/qca_core.h | |
114 | index beda5b1..f5c4601 100644 | |
115 | --- a/include/QtCrypto/qca_core.h | |
116 | +++ b/include/QtCrypto/qca_core.h | |
117 | @@ -2,6 +2,7 @@ | |
118 | * qca_core.h - Qt Cryptographic Architecture | |
119 | * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com> | |
120 | * Copyright (C) 2004,2005 Brad Hards <bradh@frogmouth.net> | |
121 | + * Copyright (C) 2014-2016 Ivan Romanov <drizt@land.ru> | |
122 | * | |
123 | * This library is free software; you can redistribute it and/or | |
124 | * modify it under the terms of the GNU Lesser General Public | |
125 | @@ -1294,6 +1295,43 @@ public: | |
126 | InitializationVector(const QByteArray &a); | |
127 | }; | |
128 | ||
129 | +/** | |
130 | + \class AuthTag qca_core.h QtCrypto | |
131 | + | |
132 | + Container for authentication tag | |
133 | + | |
134 | + \ingroup UserAPI | |
135 | +*/ | |
136 | +class QCA_EXPORT AuthTag : public SecureArray | |
137 | +{ | |
138 | +public: | |
139 | + /** | |
140 | + Construct an empty authentication tag | |
141 | + */ | |
142 | + AuthTag(); | |
143 | + | |
144 | + /** | |
145 | + Construct an empty authentication tag of the specified size | |
146 | + | |
147 | + \param size the length of the authentication tag, in bytes | |
148 | + */ | |
149 | + AuthTag(int size); | |
150 | + | |
151 | + /** | |
152 | + Construct an authentication tag from a provided byte array | |
153 | + | |
154 | + \param a the byte array to copy | |
155 | + */ | |
156 | + AuthTag(const SecureArray &a); | |
157 | + | |
158 | + /** | |
159 | + Construct an authentication tag from a provided byte array | |
160 | + | |
161 | + \param a the byte array to copy | |
162 | + */ | |
163 | + AuthTag(const QByteArray &a); | |
164 | +}; | |
165 | + | |
166 | /** | |
167 | \class Event qca_core.h QtCrypto | |
168 | ||
169 | diff --git a/include/QtCrypto/qcaprovider.h b/include/QtCrypto/qcaprovider.h | |
170 | index c8ddff4..d4b54f9 100644 | |
171 | --- a/include/QtCrypto/qcaprovider.h | |
172 | +++ b/include/QtCrypto/qcaprovider.h | |
173 | @@ -234,8 +234,9 @@ public: | |
174 | \param dir the direction for the cipher (encryption/decryption) | |
175 | \param key the symmetric key to use for the cipher | |
176 | \param iv the initialization vector to use for the cipher (not used in ECB mode) | |
177 | + \param tag the AuthTag to use (only for GCM and CCM modes) | |
178 | */ | |
179 | - virtual void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv) = 0; | |
180 | + virtual void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag) = 0; | |
181 | ||
182 | /** | |
183 | Returns the KeyLength for this cipher | |
184 | @@ -247,6 +248,11 @@ public: | |
185 | */ | |
186 | virtual int blockSize() const = 0; | |
187 | ||
188 | + /** | |
189 | + Returns the authentication tag for this cipher | |
190 | + */ | |
191 | + virtual AuthTag tag() const = 0; | |
192 | + | |
193 | /** | |
194 | Process a chunk of data. Returns true if successful. | |
195 | ||
196 | diff --git a/plugins/qca-botan/qca-botan.cpp b/plugins/qca-botan/qca-botan.cpp | |
197 | index 1cc984a..f387575 100644 | |
198 | --- a/plugins/qca-botan/qca-botan.cpp | |
199 | +++ b/plugins/qca-botan/qca-botan.cpp | |
200 | @@ -263,8 +263,10 @@ public: | |
201 | ||
202 | void setup(QCA::Direction dir, | |
203 | const QCA::SymmetricKey &key, | |
204 | - const QCA::InitializationVector &iv) | |
205 | + const QCA::InitializationVector &iv, | |
206 | + const QCA::AuthTag &tag) | |
207 | { | |
208 | + Q_UNUSED(tag); | |
209 | try { | |
210 | m_dir = dir; | |
211 | Botan::SymmetricKey keyCopy((Botan::byte*)key.data(), key.size()); | |
212 | @@ -305,6 +307,12 @@ public: | |
213 | return Botan::block_size_of(m_algoName); | |
214 | } | |
215 | ||
216 | + QCA::AuthTag tag() const | |
217 | + { | |
218 | + // For future implementation | |
219 | + return QCA::AuthTag(); | |
220 | + } | |
221 | + | |
222 | bool update(const QCA::SecureArray &in, QCA::SecureArray *out) | |
223 | { | |
224 | m_crypter->write((Botan::byte*)in.data(), in.size()); | |
225 | diff --git a/plugins/qca-gcrypt/qca-gcrypt.cpp b/plugins/qca-gcrypt/qca-gcrypt.cpp | |
226 | index 72f05a1..780fcdd 100644 | |
227 | --- a/plugins/qca-gcrypt/qca-gcrypt.cpp | |
228 | +++ b/plugins/qca-gcrypt/qca-gcrypt.cpp | |
229 | @@ -163,8 +163,10 @@ public: | |
230 | ||
231 | void setup(QCA::Direction dir, | |
232 | const QCA::SymmetricKey &key, | |
233 | - const QCA::InitializationVector &iv) | |
234 | + const QCA::InitializationVector &iv, | |
235 | + const QCA::AuthTag &tag) | |
236 | { | |
237 | + Q_UNUSED(tag); | |
238 | m_direction = dir; | |
239 | err = gcry_cipher_open( &context, m_cryptoAlgorithm, m_mode, 0 ); | |
240 | check_error( "gcry_cipher_open", err ); | |
241 | @@ -195,6 +197,12 @@ public: | |
242 | return blockSize; | |
243 | } | |
244 | ||
245 | + QCA::AuthTag tag() const | |
246 | + { | |
247 | + // For future implementation | |
248 | + return QCA::AuthTag(); | |
249 | + } | |
250 | + | |
251 | bool update(const QCA::SecureArray &in, QCA::SecureArray *out) | |
252 | { | |
253 | QCA::SecureArray result( in.size() ); | |
254 | diff --git a/plugins/qca-nss/qca-nss.cpp b/plugins/qca-nss/qca-nss.cpp | |
255 | index f4fdef3..db01eb0 100644 | |
256 | --- a/plugins/qca-nss/qca-nss.cpp | |
257 | +++ b/plugins/qca-nss/qca-nss.cpp | |
258 | @@ -304,10 +304,12 @@ public: | |
259 | { | |
260 | } | |
261 | ||
262 | - void setup( QCA::Direction dir, | |
263 | - const QCA::SymmetricKey &key, | |
264 | - const QCA::InitializationVector &iv ) | |
265 | + void setup(QCA::Direction dir, | |
266 | + const QCA::SymmetricKey &key, | |
267 | + const QCA::InitializationVector &iv, | |
268 | + const QCA::AuthTag &tag) | |
269 | { | |
270 | + Q_UNUSED(tag); | |
271 | /* Get a slot to use for the crypto operations */ | |
272 | m_slot = PK11_GetBestSlot( m_cipherMechanism, NULL ); | |
273 | if (!m_slot) | |
274 | @@ -365,6 +367,12 @@ public: | |
275 | return PK11_GetBlockSize( m_cipherMechanism, m_params); | |
276 | } | |
277 | ||
278 | + QCA::AuthTag tag() const | |
279 | + { | |
280 | + // For future implementation | |
281 | + return QCA::AuthTag(); | |
282 | + } | |
283 | + | |
284 | bool update( const QCA::SecureArray &in, QCA::SecureArray *out ) | |
285 | { | |
286 | out->resize(in.size()+blockSize()); | |
287 | diff --git a/plugins/qca-ossl/CMakeLists.txt b/plugins/qca-ossl/CMakeLists.txt | |
288 | index cdeaeca..d87bc5a 100644 | |
289 | --- a/plugins/qca-ossl/CMakeLists.txt | |
290 | +++ b/plugins/qca-ossl/CMakeLists.txt | |
291 | @@ -25,6 +25,20 @@ if(OPENSSL_FOUND) | |
292 | message(WARNING "qca-ossl will be compiled without AES CTR mode encryption support") | |
293 | endif(HAVE_OPENSSL_AES_CTR) | |
294 | ||
295 | + check_function_exists(EVP_aes_128_gcm HAVE_OPENSSL_AES_GCM) | |
296 | + if(HAVE_OPENSSL_AES_GCM) | |
297 | + add_definitions(-DHAVE_OPENSSL_AES_GCM) | |
298 | + else() | |
299 | + message(WARNING "qca-ossl will be compiled without AES GCM mode encryption support") | |
300 | + endif() | |
301 | + | |
302 | + check_function_exists(EVP_aes_128_ccm HAVE_OPENSSL_AES_CCM) | |
303 | + if(HAVE_OPENSSL_AES_CCM) | |
304 | + add_definitions(-DHAVE_OPENSSL_AES_CCM) | |
305 | + else() | |
306 | + message(WARNING "qca-ossl will be compiled without AES CCM mode encryption support") | |
307 | + endif() | |
308 | + | |
309 | check_function_exists(EVP_sha HAVE_OPENSSL_SHA0) | |
310 | if(HAVE_OPENSSL_SHA0) | |
311 | add_definitions(-DHAVE_OPENSSL_SHA0) | |
312 | diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp | |
313 | index f0b9431..a507604 100644 | |
314 | --- a/plugins/qca-ossl/qca-ossl.cpp | |
315 | +++ b/plugins/qca-ossl/qca-ossl.cpp | |
316 | @@ -1,6 +1,7 @@ | |
317 | /* | |
318 | * Copyright (C) 2004-2007 Justin Karneges <justin@affinix.com> | |
319 | * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net> | |
320 | + * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru> | |
321 | * | |
322 | * This library is free software; you can redistribute it and/or | |
323 | * modify it under the terms of the GNU Lesser General Public | |
324 | @@ -6761,8 +6762,10 @@ public: | |
325 | ||
326 | void setup(Direction dir, | |
327 | const SymmetricKey &key, | |
328 | - const InitializationVector &iv) | |
329 | + const InitializationVector &iv, | |
330 | + const AuthTag &tag) | |
331 | { | |
332 | + m_tag = tag; | |
333 | m_direction = dir; | |
334 | if ( ( m_cryptoAlgorithm == EVP_des_ede3() ) && (key.size() == 16) ) { | |
335 | // this is really a two key version of triple DES. | |
336 | @@ -6771,12 +6774,20 @@ public: | |
337 | if (Encode == m_direction) { | |
338 | EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0); | |
339 | EVP_CIPHER_CTX_set_key_length(&m_context, key.size()); | |
340 | + if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) { | |
341 | + int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN; | |
342 | + EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL); | |
343 | + } | |
344 | EVP_EncryptInit_ex(&m_context, 0, 0, | |
345 | (const unsigned char*)(key.data()), | |
346 | (const unsigned char*)(iv.data())); | |
347 | } else { | |
348 | EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0); | |
349 | EVP_CIPHER_CTX_set_key_length(&m_context, key.size()); | |
350 | + if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) { | |
351 | + int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN; | |
352 | + EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL); | |
353 | + } | |
354 | EVP_DecryptInit_ex(&m_context, 0, 0, | |
355 | (const unsigned char*)(key.data()), | |
356 | (const unsigned char*)(iv.data())); | |
357 | @@ -6795,6 +6806,11 @@ public: | |
358 | return EVP_CIPHER_CTX_block_size(&m_context); | |
359 | } | |
360 | ||
361 | + AuthTag tag() const | |
362 | + { | |
363 | + return m_tag; | |
364 | + } | |
365 | + | |
366 | bool update(const SecureArray &in, SecureArray *out) | |
367 | { | |
368 | // This works around a problem in OpenSSL, where it asserts if | |
369 | @@ -6835,7 +6851,19 @@ public: | |
370 | &resultLength)) { | |
371 | return false; | |
372 | } | |
373 | + if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) { | |
374 | + int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_GET_TAG : EVP_CTRL_CCM_GET_TAG; | |
375 | + if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), (unsigned char*)m_tag.data())) { | |
376 | + return false; | |
377 | + } | |
378 | + } | |
379 | } else { | |
380 | + if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) { | |
381 | + int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_TAG : EVP_CTRL_CCM_SET_TAG; | |
382 | + if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), m_tag.data())) { | |
383 | + return false; | |
384 | + } | |
385 | + } | |
386 | if (0 == EVP_DecryptFinal_ex(&m_context, | |
387 | (unsigned char*)out->data(), | |
388 | &resultLength)) { | |
389 | @@ -6876,6 +6904,7 @@ protected: | |
390 | Direction m_direction; | |
391 | int m_pad; | |
392 | QString m_type; | |
393 | + AuthTag m_tag; | |
394 | }; | |
395 | ||
396 | static QStringList all_hash_types() | |
397 | @@ -6921,6 +6950,12 @@ static QStringList all_cipher_types() | |
398 | list += "aes128-ofb"; | |
399 | #ifdef HAVE_OPENSSL_AES_CTR | |
400 | list += "aes128-ctr"; | |
401 | +#endif | |
402 | +#ifdef HAVE_OPENSSL_AES_GCM | |
403 | + list += "aes128-gcm"; | |
404 | +#endif | |
405 | +#ifdef HAVE_OPENSSL_AES_CCM | |
406 | + list += "aes128-ccm"; | |
407 | #endif | |
408 | list += "aes192-ecb"; | |
409 | list += "aes192-cfb"; | |
410 | @@ -6929,6 +6964,12 @@ static QStringList all_cipher_types() | |
411 | list += "aes192-ofb"; | |
412 | #ifdef HAVE_OPENSSL_AES_CTR | |
413 | list += "aes192-ctr"; | |
414 | +#endif | |
415 | +#ifdef HAVE_OPENSSL_AES_GCM | |
416 | + list += "aes192-gcm"; | |
417 | +#endif | |
418 | +#ifdef HAVE_OPENSSL_AES_CCM | |
419 | + list += "aes192-ccm"; | |
420 | #endif | |
421 | list += "aes256-ecb"; | |
422 | list += "aes256-cbc"; | |
423 | @@ -6937,6 +6978,12 @@ static QStringList all_cipher_types() | |
424 | list += "aes256-ofb"; | |
425 | #ifdef HAVE_OPENSSL_AES_CTR | |
426 | list += "aes256-ctr"; | |
427 | +#endif | |
428 | +#ifdef HAVE_OPENSSL_AES_GCM | |
429 | + list += "aes256-gcm"; | |
430 | +#endif | |
431 | +#ifdef HAVE_OPENSSL_AES_CCM | |
432 | + list += "aes256-ccm"; | |
433 | #endif | |
434 | list += "blowfish-ecb"; | |
435 | list += "blowfish-cbc-pkcs7"; | |
436 | @@ -7216,6 +7263,14 @@ public: | |
437 | #ifdef HAVE_OPENSSL_AES_CTR | |
438 | else if ( type == "aes128-ctr" ) | |
439 | return new opensslCipherContext( EVP_aes_128_ctr(), 0, this, type); | |
440 | +#endif | |
441 | +#ifdef HAVE_OPENSSL_AES_GCM | |
442 | + else if ( type == "aes128-gcm" ) | |
443 | + return new opensslCipherContext( EVP_aes_128_gcm(), 0, this, type); | |
444 | +#endif | |
445 | +#ifdef HAVE_OPENSSL_AES_CCM | |
446 | + else if ( type == "aes128-ccm" ) | |
447 | + return new opensslCipherContext( EVP_aes_128_ccm(), 0, this, type); | |
448 | #endif | |
449 | else if ( type == "aes192-ecb" ) | |
450 | return new opensslCipherContext( EVP_aes_192_ecb(), 0, this, type); | |
451 | @@ -7230,6 +7285,14 @@ public: | |
452 | #ifdef HAVE_OPENSSL_AES_CTR | |
453 | else if ( type == "aes192-ctr" ) | |
454 | return new opensslCipherContext( EVP_aes_192_ctr(), 0, this, type); | |
455 | +#endif | |
456 | +#ifdef HAVE_OPENSSL_AES_GCM | |
457 | + else if ( type == "aes192-gcm" ) | |
458 | + return new opensslCipherContext( EVP_aes_192_gcm(), 0, this, type); | |
459 | +#endif | |
460 | +#ifdef HAVE_OPENSSL_AES_CCM | |
461 | + else if ( type == "aes192-ccm" ) | |
462 | + return new opensslCipherContext( EVP_aes_192_ccm(), 0, this, type); | |
463 | #endif | |
464 | else if ( type == "aes256-ecb" ) | |
465 | return new opensslCipherContext( EVP_aes_256_ecb(), 0, this, type); | |
466 | @@ -7244,6 +7307,14 @@ public: | |
467 | #ifdef HAVE_OPENSSL_AES_CTR | |
468 | else if ( type == "aes256-ctr" ) | |
469 | return new opensslCipherContext( EVP_aes_256_ctr(), 0, this, type); | |
470 | +#endif | |
471 | +#ifdef HAVE_OPENSSL_AES_GCM | |
472 | + else if ( type == "aes256-gcm" ) | |
473 | + return new opensslCipherContext( EVP_aes_256_gcm(), 0, this, type); | |
474 | +#endif | |
475 | +#ifdef HAVE_OPENSSL_AES_CCM | |
476 | + else if ( type == "aes256-ccm" ) | |
477 | + return new opensslCipherContext( EVP_aes_256_ccm(), 0, this, type); | |
478 | #endif | |
479 | else if ( type == "blowfish-ecb" ) | |
480 | return new opensslCipherContext( EVP_bf_ecb(), 0, this, type); | |
481 | diff --git a/src/qca_basic.cpp b/src/qca_basic.cpp | |
482 | index 89bf966..c2e10e1 100644 | |
483 | --- a/src/qca_basic.cpp | |
484 | +++ b/src/qca_basic.cpp | |
485 | @@ -262,6 +262,7 @@ public: | |
486 | Direction dir; | |
487 | SymmetricKey key; | |
488 | InitializationVector iv; | |
489 | + AuthTag tag; | |
490 | ||
491 | bool ok, done; | |
492 | }; | |
493 | @@ -280,6 +281,19 @@ Cipher::Cipher(const QString &type, Mode mode, Padding pad, | |
494 | setup(dir, key, iv); | |
495 | } | |
496 | ||
497 | +Cipher::Cipher(const QString &type, Cipher::Mode mode, Cipher::Padding pad, Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag, const QString &provider) | |
498 | + : Algorithm(withAlgorithms(type, mode, pad), provider) | |
499 | +{ | |
500 | + d = new Private; | |
501 | + d->type = type; | |
502 | + d->mode = mode; | |
503 | + d->pad = pad; | |
504 | + d->tag = tag; | |
505 | + if(!key.isEmpty()) | |
506 | + setup(dir, key, iv, tag); | |
507 | +} | |
508 | + | |
509 | + | |
510 | Cipher::Cipher(const Cipher &from) | |
511 | :Algorithm(from), Filter(from) | |
512 | { | |
513 | @@ -339,10 +353,15 @@ int Cipher::blockSize() const | |
514 | return static_cast<const CipherContext *>(context())->blockSize(); | |
515 | } | |
516 | ||
517 | +AuthTag Cipher::tag() const | |
518 | +{ | |
519 | + return static_cast<const CipherContext *>(context())->tag(); | |
520 | +} | |
521 | + | |
522 | void Cipher::clear() | |
523 | { | |
524 | d->done = false; | |
525 | - static_cast<CipherContext *>(context())->setup(d->dir, d->key, d->iv); | |
526 | + static_cast<CipherContext *>(context())->setup(d->dir, d->key, d->iv, d->tag); | |
527 | } | |
528 | ||
529 | MemoryRegion Cipher::update(const MemoryRegion &a) | |
530 | @@ -370,10 +389,16 @@ bool Cipher::ok() const | |
531 | } | |
532 | ||
533 | void Cipher::setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv) | |
534 | +{ | |
535 | + setup(dir, key, iv, AuthTag()); | |
536 | +} | |
537 | + | |
538 | +void Cipher::setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag) | |
539 | { | |
540 | d->dir = dir; | |
541 | d->key = key; | |
542 | d->iv = iv; | |
543 | + d->tag = tag; | |
544 | clear(); | |
545 | } | |
546 | ||
547 | @@ -396,6 +421,12 @@ QString Cipher::withAlgorithms(const QString &cipherType, Mode modeType, Padding | |
548 | case CTR: | |
549 | mode = "ctr"; | |
550 | break; | |
551 | + case GCM: | |
552 | + mode = "gcm"; | |
553 | + break; | |
554 | + case CCM: | |
555 | + mode = "ccm"; | |
556 | + break; | |
557 | default: | |
558 | Q_ASSERT(0); | |
559 | } | |
560 | diff --git a/src/qca_core.cpp b/src/qca_core.cpp | |
561 | index 15ee385..48460ce 100644 | |
562 | --- a/src/qca_core.cpp | |
563 | +++ b/src/qca_core.cpp | |
564 | @@ -1,6 +1,7 @@ | |
565 | /* | |
566 | * Copyright (C) 2003-2008 Justin Karneges <justin@affinix.com> | |
567 | * Copyright (C) 2004,2005 Brad Hards <bradh@frogmouth.net> | |
568 | + * Copyright (C) 2014-2016 Ivan Romanov <drizt@land.ru> | |
569 | * | |
570 | * This library is free software; you can redistribute it and/or | |
571 | * modify it under the terms of the GNU Lesser General Public | |
572 | @@ -1510,6 +1511,28 @@ InitializationVector::InitializationVector(const QByteArray &a) | |
573 | set(SecureArray(a)); | |
574 | } | |
575 | ||
576 | +//---------------------------------------------------------------------------- | |
577 | +// AuthTag | |
578 | +//---------------------------------------------------------------------------- | |
579 | +AuthTag::AuthTag() | |
580 | +{ | |
581 | +} | |
582 | + | |
583 | +AuthTag::AuthTag(int size) | |
584 | +{ | |
585 | + resize(size); | |
586 | +} | |
587 | + | |
588 | +AuthTag::AuthTag(const SecureArray &a) | |
589 | +{ | |
590 | + set(a); | |
591 | +} | |
592 | + | |
593 | +AuthTag::AuthTag(const QByteArray &a) | |
594 | +{ | |
595 | + set(SecureArray(a)); | |
596 | +} | |
597 | + | |
598 | //---------------------------------------------------------------------------- | |
599 | // Event | |
600 | //---------------------------------------------------------------------------- | |
601 | diff --git a/unittest/cipherunittest/CMakeLists.txt b/unittest/cipherunittest/CMakeLists.txt | |
602 | index 858f56a..a6c775d 100644 | |
603 | --- a/unittest/cipherunittest/CMakeLists.txt | |
604 | +++ b/unittest/cipherunittest/CMakeLists.txt | |
605 | @@ -5,7 +5,7 @@ set(cipherunittest_bin_SRCS cipherunittest.cpp) | |
606 | ||
607 | qt4_wrap_cpp(EXTRA_SRCS cipherunittest.h) | |
608 | ||
609 | -add_executable(cipherunittest ${cipherunittest_bin_SRCS} ${EXTRA_SRCS}) | |
610 | +add_executable(cipherunittest ${cipherunittest_bin_SRCS} ${EXTRA_SRCS} ${cipherunittest_bin_HDRS}) | |
611 | ||
612 | target_link_qca_test_libraries(cipherunittest) | |
613 | ||
614 | diff --git a/unittest/cipherunittest/cipherunittest.cpp b/unittest/cipherunittest/cipherunittest.cpp | |
615 | index 3492caf..2f321fa 100644 | |
616 | --- a/unittest/cipherunittest/cipherunittest.cpp | |
617 | +++ b/unittest/cipherunittest/cipherunittest.cpp | |
618 | @@ -1,5 +1,6 @@ | |
619 | /** | |
620 | * Copyright (C) 2004-2007 Brad Hards <bradh@frogmouth.net> | |
621 | + * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru> | |
622 | * | |
623 | * Redistribution and use in source and binary forms, with or without | |
624 | * modification, are permitted provided that the following conditions | |
625 | @@ -496,6 +497,103 @@ void CipherUnitTest::aes128_ctr() | |
626 | } | |
627 | } | |
628 | ||
629 | +void CipherUnitTest::aes128_gcm_data() | |
630 | +{ | |
631 | + QTest::addColumn<QString>("plainText"); | |
632 | + QTest::addColumn<QString>("payload"); | |
633 | + QTest::addColumn<QString>("tag"); | |
634 | + QTest::addColumn<QString>("keyText"); | |
635 | + QTest::addColumn<QString>("ivText"); | |
636 | + | |
637 | + QTest::newRow("short") << QString("6f6820526f6d656d6f21") | |
638 | + << QString("a9f2558b9a74e6fc551f") | |
639 | + << QString("f8ebf75f108c6f74e6fe49035d268d43") | |
640 | + << QString("1f491f8ddf4856ae4bff9039d418175a") | |
641 | + << QString("f85f8aad39164daf64a12ad9b3fc8a3a"); | |
642 | + | |
643 | + QTest::newRow("long") << QString("54484520515549434b2042524f574e20464f58204a554d504544204f56455220544845204c415a5920444f472753204241434b2031323334353637383930") | |
644 | + << QString("04e321a8870b6b9cd6846239c27a63fb41d0a7b8994f1514c066f0427fa9ed6707ea6e3b4f161fdff0eb5fc087ed3827b569cd72456c697b5a3a62c9e767") | |
645 | + << QString("b0ad4aa545ea25fc3117cbed955ff155") | |
646 | + << QString("56341f2b431d3b0dbad787db003f2215") | |
647 | + << QString("bfcd3a7252f7f199bf788df8cf61032a"); | |
648 | + | |
649 | + | |
650 | + QTest::newRow("wrongtag") << QString("6f6820526f6d656d6f21") | |
651 | + << QString("a9f2558b9a74e6fc551f") | |
652 | + << QString("f8ebf75f108c6f74e6fe49035d268d44") | |
653 | + << QString("1f491f8ddf4856ae4bff9039d418175a") | |
654 | + << QString("f85f8aad39164daf64a12ad9b3fc8a3a"); | |
655 | +} | |
656 | + | |
657 | +void CipherUnitTest::aes128_gcm() | |
658 | +{ | |
659 | + QStringList providersToTest; | |
660 | + providersToTest.append("qca-ossl"); | |
661 | + providersToTest.append("qca-gcrypt"); | |
662 | + providersToTest.append("qca-botan"); | |
663 | + providersToTest.append("qca-nss"); | |
664 | + | |
665 | + foreach (const QString &provider, providersToTest) { | |
666 | + if (!QCA::isSupported( "aes128-gcm", provider)) | |
667 | + QWARN(QString("AES128 GCM not supported for " + provider).toLocal8Bit()); | |
668 | + else { | |
669 | + QFETCH(QString, plainText); | |
670 | + QFETCH(QString, payload); | |
671 | + QFETCH(QString, tag); | |
672 | + QFETCH(QString, keyText); | |
673 | + QFETCH(QString, ivText); | |
674 | + | |
675 | + QCA::SymmetricKey key(QCA::hexToArray(keyText)); | |
676 | + QCA::InitializationVector iv(QCA::hexToArray(ivText)); | |
677 | + QCA::AuthTag authTag(16); | |
678 | + QCA::Cipher forwardCipher(QString("aes128"), | |
679 | + QCA::Cipher::GCM, | |
680 | + QCA::Cipher::NoPadding, | |
681 | + QCA::Encode, | |
682 | + key, | |
683 | + iv, | |
684 | + authTag, | |
685 | + provider); | |
686 | + QString update = QCA::arrayToHex(forwardCipher.update(QCA::hexToArray(plainText)).toByteArray()); | |
687 | + QVERIFY(forwardCipher.ok()); | |
688 | + update += QCA::arrayToHex(forwardCipher.final().toByteArray()); | |
689 | + authTag = forwardCipher.tag(); | |
690 | + QEXPECT_FAIL("wrongtag", "It's OK", Continue); | |
691 | + QCOMPARE(QCA::arrayToHex(authTag.toByteArray()), tag); | |
692 | + QCOMPARE(update, payload); | |
693 | + QVERIFY(forwardCipher.ok()); | |
694 | + | |
695 | + QCA::Cipher reverseCipher(QString( "aes128"), | |
696 | + QCA::Cipher::GCM, | |
697 | + QCA::Cipher::NoPadding, | |
698 | + QCA::Decode, | |
699 | + key, | |
700 | + iv, | |
701 | + QCA::AuthTag(QCA::hexToArray(tag)), | |
702 | + provider); | |
703 | + | |
704 | + update = QCA::arrayToHex(reverseCipher.update(QCA::hexToArray(payload)).toByteArray()); | |
705 | + QVERIFY(reverseCipher.ok()); | |
706 | + QCOMPARE(update, plainText.left(update.size())); | |
707 | + update += QCA::arrayToHex(reverseCipher.final().toByteArray()); | |
708 | + QEXPECT_FAIL("wrongtag", "It's OK", Continue); | |
709 | + QCOMPARE(update, plainText); | |
710 | + QEXPECT_FAIL("wrongtag", "It's OK", Continue); | |
711 | + QVERIFY(reverseCipher.ok()); | |
712 | + } | |
713 | + } | |
714 | +} | |
715 | + | |
716 | +void CipherUnitTest::aes128_ccm_data() | |
717 | +{ | |
718 | + | |
719 | +} | |
720 | + | |
721 | +void CipherUnitTest::aes128_ccm() | |
722 | +{ | |
723 | + // For future implementation | |
724 | +} | |
725 | + | |
726 | void CipherUnitTest::aes192_data() | |
727 | { | |
728 | QTest::addColumn<QString>("plainText"); | |
729 | @@ -950,6 +1048,104 @@ void CipherUnitTest::aes192_ctr() | |
730 | } | |
731 | } | |
732 | ||
733 | +void CipherUnitTest::aes192_gcm_data() | |
734 | +{ | |
735 | + QTest::addColumn<QString>("plainText"); | |
736 | + QTest::addColumn<QString>("payload"); | |
737 | + QTest::addColumn<QString>("tag"); | |
738 | + QTest::addColumn<QString>("keyText"); | |
739 | + QTest::addColumn<QString>("ivText"); | |
740 | + | |
741 | + QTest::newRow("short") << QString("6f6820526f6d656d6f21") | |
742 | + << QString("01ca25ff74121917f397") | |
743 | + << QString("b90e97706d8eacbabc0be5e0a671b4e4") | |
744 | + << QString("7ecb21a647fae54a0996ad281ab0c1a00cb905d9e2eb3b82") | |
745 | + << QString("f85f8aad39164daf64a12ad9b3fc8a3a"); | |
746 | + | |
747 | + QTest::newRow("long") << QString("54484520515549434b2042524f574e20464f58204a554d504544204f56455220544845204c415a5920444f472753204241434b2031323334353637383930") | |
748 | + << QString("4c1c5874877f0bee6efd450ec341b1c591e1e100da40bd4744e1035ed0ed0fb458f8efdb7c4b0b2101e29c950c56dc2489c2febec2d7062da28b9a033173") | |
749 | + << QString("af3ea1b7f275ea1e4d4e1fdce63f83fe") | |
750 | + << QString("7ecb21a647fae54a0996ad281ab0c1a00cb905d9e2eb3b82") | |
751 | + << QString("bfcd3a7252f7f199bf788df8cf61032a"); | |
752 | + | |
753 | + | |
754 | + QTest::newRow("wrongtag") << QString("6f6820526f6d656d6f21") | |
755 | + << QString("773c3d06b94727c04afc") | |
756 | + << QString("c558aca7f19050db49d94d99119277af") | |
757 | + << QString("7ecb21a647fae54a0996ad281ab0c1a00cb905d9e2eb3b82") | |
758 | + << QString("bfcd3a7252f7f199bf788df8cf61032a"); | |
759 | +} | |
760 | + | |
761 | +void CipherUnitTest::aes192_gcm() | |
762 | +{ | |
763 | + QStringList providersToTest; | |
764 | + providersToTest.append("qca-ossl"); | |
765 | + providersToTest.append("qca-gcrypt"); | |
766 | + providersToTest.append("qca-botan"); | |
767 | + providersToTest.append("qca-nss"); | |
768 | + | |
769 | + foreach (const QString &provider, providersToTest) { | |
770 | + if (!QCA::isSupported( "aes192-gcm", provider)) | |
771 | + QWARN(QString("AES128 GCM not supported for " + provider).toLocal8Bit()); | |
772 | + else { | |
773 | + QFETCH(QString, plainText); | |
774 | + QFETCH(QString, payload); | |
775 | + QFETCH(QString, tag); | |
776 | + QFETCH(QString, keyText); | |
777 | + QFETCH(QString, ivText); | |
778 | + | |
779 | + QCA::SymmetricKey key(QCA::hexToArray(keyText)); | |
780 | + QCA::InitializationVector iv(QCA::hexToArray(ivText)); | |
781 | + QCA::AuthTag authTag(16); | |
782 | + QCA::Cipher forwardCipher(QString("aes192"), | |
783 | + QCA::Cipher::GCM, | |
784 | + QCA::Cipher::NoPadding, | |
785 | + QCA::Encode, | |
786 | + key, | |
787 | + iv, | |
788 | + authTag, | |
789 | + provider); | |
790 | + QString update = QCA::arrayToHex(forwardCipher.update(QCA::hexToArray(plainText)).toByteArray()); | |
791 | + QVERIFY(forwardCipher.ok()); | |
792 | + update += QCA::arrayToHex(forwardCipher.final().toByteArray()); | |
793 | + authTag = forwardCipher.tag(); | |
794 | + QEXPECT_FAIL("wrongtag", "It's OK", Continue); | |
795 | + QCOMPARE(QCA::arrayToHex(authTag.toByteArray()), tag); | |
796 | + QCOMPARE(update, payload); | |
797 | + QVERIFY(forwardCipher.ok()); | |
798 | + | |
799 | + QCA::Cipher reverseCipher(QString( "aes192"), | |
800 | + QCA::Cipher::GCM, | |
801 | + QCA::Cipher::NoPadding, | |
802 | + QCA::Decode, | |
803 | + key, | |
804 | + iv, | |
805 | + QCA::AuthTag(QCA::hexToArray(tag)), | |
806 | + provider); | |
807 | + | |
808 | + update = QCA::arrayToHex(reverseCipher.update(QCA::hexToArray(payload)).toByteArray()); | |
809 | + QVERIFY(reverseCipher.ok()); | |
810 | + QCOMPARE(update, plainText.left(update.size())); | |
811 | + update += QCA::arrayToHex(reverseCipher.final().toByteArray()); | |
812 | + QEXPECT_FAIL("wrongtag", "It's OK", Continue); | |
813 | + QCOMPARE(update, plainText); | |
814 | + QEXPECT_FAIL("wrongtag", "It's OK", Continue); | |
815 | + QVERIFY(reverseCipher.ok()); | |
816 | + } | |
817 | + } | |
818 | +} | |
819 | + | |
820 | + | |
821 | +void CipherUnitTest::aes192_ccm_data() | |
822 | +{ | |
823 | + | |
824 | +} | |
825 | + | |
826 | +void CipherUnitTest::aes192_ccm() | |
827 | +{ | |
828 | + // For future implementation | |
829 | +} | |
830 | + | |
831 | void CipherUnitTest::aes256_data() | |
832 | { | |
833 | QTest::addColumn<QString>("plainText"); | |
834 | @@ -1442,6 +1638,103 @@ void CipherUnitTest::aes256_ctr() | |
835 | } | |
836 | } | |
837 | ||
838 | +void CipherUnitTest::aes256_gcm_data() | |
839 | +{ | |
840 | + QTest::addColumn<QString>("plainText"); | |
841 | + QTest::addColumn<QString>("payload"); | |
842 | + QTest::addColumn<QString>("tag"); | |
843 | + QTest::addColumn<QString>("keyText"); | |
844 | + QTest::addColumn<QString>("ivText"); | |
845 | + | |
846 | + QTest::newRow("short") << QString("6f6820526f6d656d6f21") | |
847 | + << QString("4ce2f4df041252820847") | |
848 | + << QString("1c570805832dfe7babc1b386c26bcd04") | |
849 | + << QString("3fa609690bf07a81a75839b0a4c0add774f54eb804d4f02df488691910298b04") | |
850 | + << QString("f85f8aad39164daf64a12ad9b3fc8a3a"); | |
851 | + | |
852 | + QTest::newRow("long") << QString("54484520515549434b2042524f574e20464f58204a554d504544204f56455220544845204c415a5920444f472753204241434b2031323334353637383930") | |
853 | + << QString("e516c267146d6cfd3af3300e24aba7ac23ab3c5cb4765937a6c0156e454cae357e14f4c0dfb0def9624f4f70de90ad2bc9cd555171c4551c26b6346922ed") | |
854 | + << QString("f59aac31ab9dace3fcc693e114dd6610") | |
855 | + << QString("3fa609690bf07a81a75839b0a4c0add774f54eb804d4f02df488691910298b04") | |
856 | + << QString("bfcd3a7252f7f199bf788df8cf61032a"); | |
857 | + | |
858 | + | |
859 | + QTest::newRow("wrongtag") << QString("6f6820526f6d656d6f21") | |
860 | + << QString("4ce2f4df041252820847") | |
861 | + << QString("1c570805833dfe7babc1b386c26bcd04") | |
862 | + << QString("3fa609690bf07a81a75839b0a4c0add774f54eb804d4f02df488691910298b04") | |
863 | + << QString("f85f8aad39164daf64a12ad9b3fc8a3a"); | |
864 | +} | |
865 | + | |
866 | +void CipherUnitTest::aes256_gcm() | |
867 | +{ | |
868 | + QStringList providersToTest; | |
869 | + providersToTest.append("qca-ossl"); | |
870 | + providersToTest.append("qca-gcrypt"); | |
871 | + providersToTest.append("qca-botan"); | |
872 | + providersToTest.append("qca-nss"); | |
873 | + | |
874 | + foreach (const QString &provider, providersToTest) { | |
875 | + if (!QCA::isSupported( "aes256-gcm", provider)) | |
876 | + QWARN(QString("AES256 GCM not supported for " + provider).toLocal8Bit()); | |
877 | + else { | |
878 | + QFETCH(QString, plainText); | |
879 | + QFETCH(QString, payload); | |
880 | + QFETCH(QString, tag); | |
881 | + QFETCH(QString, keyText); | |
882 | + QFETCH(QString, ivText); | |
883 | + | |
884 | + QCA::SymmetricKey key(QCA::hexToArray(keyText)); | |
885 | + QCA::InitializationVector iv(QCA::hexToArray(ivText)); | |
886 | + QCA::AuthTag authTag(16); | |
887 | + QCA::Cipher forwardCipher(QString("aes256"), | |
888 | + QCA::Cipher::GCM, | |
889 | + QCA::Cipher::NoPadding, | |
890 | + QCA::Encode, | |
891 | + key, | |
892 | + iv, | |
893 | + authTag, | |
894 | + provider); | |
895 | + QString update = QCA::arrayToHex(forwardCipher.update(QCA::hexToArray(plainText)).toByteArray()); | |
896 | + QVERIFY(forwardCipher.ok()); | |
897 | + update += QCA::arrayToHex(forwardCipher.final().toByteArray()); | |
898 | + authTag = forwardCipher.tag(); | |
899 | + QEXPECT_FAIL("wrongtag", "It's OK", Continue); | |
900 | + QCOMPARE(QCA::arrayToHex(authTag.toByteArray()), tag); | |
901 | + QCOMPARE(update, payload); | |
902 | + QVERIFY(forwardCipher.ok()); | |
903 | + | |
904 | + QCA::Cipher reverseCipher(QString( "aes256"), | |
905 | + QCA::Cipher::GCM, | |
906 | + QCA::Cipher::NoPadding, | |
907 | + QCA::Decode, | |
908 | + key, | |
909 | + iv, | |
910 | + QCA::AuthTag(QCA::hexToArray(tag)), | |
911 | + provider); | |
912 | + | |
913 | + update = QCA::arrayToHex(reverseCipher.update(QCA::hexToArray(payload)).toByteArray()); | |
914 | + QVERIFY(reverseCipher.ok()); | |
915 | + QCOMPARE(update, plainText.left(update.size())); | |
916 | + update += QCA::arrayToHex(reverseCipher.final().toByteArray()); | |
917 | + QEXPECT_FAIL("wrongtag", "It's OK", Continue); | |
918 | + QCOMPARE(update, plainText); | |
919 | + QEXPECT_FAIL("wrongtag", "It's OK", Continue); | |
920 | + QVERIFY(reverseCipher.ok()); | |
921 | + } | |
922 | + } | |
923 | +} | |
924 | + | |
925 | +void CipherUnitTest::aes256_ccm_data() | |
926 | +{ | |
927 | + | |
928 | +} | |
929 | + | |
930 | +void CipherUnitTest::aes256_ccm() | |
931 | +{ | |
932 | + // For future implementation | |
933 | +} | |
934 | + | |
935 | void CipherUnitTest::tripleDES_data() | |
936 | { | |
937 | QTest::addColumn<QString>("plainText"); | |
938 | diff --git a/unittest/cipherunittest/cipherunittest.h b/unittest/cipherunittest/cipherunittest.h | |
939 | index 97f5627..bb3ece4 100644 | |
940 | --- a/unittest/cipherunittest/cipherunittest.h | |
941 | +++ b/unittest/cipherunittest/cipherunittest.h | |
942 | @@ -1,3 +1,29 @@ | |
943 | +/** | |
944 | + * Copyright (C) 2004-2007 Brad Hards <bradh@frogmouth.net> | |
945 | + * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru> | |
946 | + * | |
947 | + * Redistribution and use in source and binary forms, with or without | |
948 | + * modification, are permitted provided that the following conditions | |
949 | + * are met: | |
950 | + * | |
951 | + * 1. Redistributions of source code must retain the above copyright | |
952 | + * notice, this list of conditions and the following disclaimer. | |
953 | + * 2. Redistributions in binary form must reproduce the above copyright | |
954 | + * notice, this list of conditions and the following disclaimer in the | |
955 | + * documentation and/or other materials provided with the distribution. | |
956 | + * | |
957 | + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
958 | + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
959 | + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
960 | + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
961 | + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
962 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
963 | + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
964 | + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
965 | + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
966 | + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
967 | + */ | |
968 | + | |
969 | #ifndef CIPHERUNITTEST_H | |
970 | #define CIPHERUNITTEST_H | |
971 | ||
972 | @@ -23,6 +49,10 @@ private slots: | |
973 | void aes128_ofb(); | |
974 | void aes128_ctr_data(); | |
975 | void aes128_ctr(); | |
976 | + void aes128_gcm_data(); | |
977 | + void aes128_gcm(); | |
978 | + void aes128_ccm_data(); | |
979 | + void aes128_ccm(); | |
980 | ||
981 | void aes192_data(); | |
982 | void aes192(); | |
983 | @@ -36,6 +66,10 @@ private slots: | |
984 | void aes192_ofb(); | |
985 | void aes192_ctr_data(); | |
986 | void aes192_ctr(); | |
987 | + void aes192_gcm_data(); | |
988 | + void aes192_gcm(); | |
989 | + void aes192_ccm_data(); | |
990 | + void aes192_ccm(); | |
991 | ||
992 | void aes256_data(); | |
993 | void aes256(); | |
994 | @@ -49,6 +83,10 @@ private slots: | |
995 | void aes256_ofb(); | |
996 | void aes256_ctr_data(); | |
997 | void aes256_ctr(); | |
998 | + void aes256_gcm_data(); | |
999 | + void aes256_gcm(); | |
1000 | + void aes256_ccm_data(); | |
1001 | + void aes256_ccm(); | |
1002 | ||
1003 | void tripleDES_data(); | |
1004 | void tripleDES(); | |
1005 | ||
1006 | commit 28245c731ed9fefac75fa8a918a06dbb22945ee3 | |
1007 | Author: Ivan Romanov <drizt@land.ru> | |
1008 | Date: Sat Aug 20 20:35:55 2016 +0500 | |
1009 | ||
1010 | Add base64 convenience functions | |
1011 | ||
1012 | diff --git a/include/QtCrypto/qca_core.h b/include/QtCrypto/qca_core.h | |
1013 | index f5c4601..7e7cf87 100644 | |
1014 | --- a/include/QtCrypto/qca_core.h | |
1015 | +++ b/include/QtCrypto/qca_core.h | |
1016 | @@ -619,6 +619,32 @@ if (QCA::hexToArray(QString("62626262626262006262") ) == test ) | |
1017 | */ | |
1018 | QCA_EXPORT QByteArray hexToArray(const QString &hexString); | |
1019 | ||
1020 | +/** | |
1021 | + Convert a byte array to printable base64 | |
1022 | + representation. | |
1023 | + | |
1024 | + This is a convenience function to convert an arbitrary | |
1025 | + QByteArray to a printable representation. | |
1026 | + | |
1027 | + \param array the array to be converted | |
1028 | + \return a printable representation | |
1029 | +*/ | |
1030 | +QCA_EXPORT QString arrayToBase64(const QByteArray &array); | |
1031 | + | |
1032 | +/** | |
1033 | + Convert a QString containing a base64 representation | |
1034 | + of a byte array into a QByteArray | |
1035 | + | |
1036 | + This is a convenience function to convert a printable | |
1037 | + representation into a QByteArray - effectively the inverse | |
1038 | + of QCA::arrayToBase64. | |
1039 | + | |
1040 | + \param base64String the string containing a printable | |
1041 | + representation to be converted | |
1042 | + \return the equivalent QByteArray | |
1043 | +*/ | |
1044 | +QCA_EXPORT QByteArray base64ToArray(const QString &base64String); | |
1045 | + | |
1046 | /** | |
1047 | \class Initializer qca_core.h QtCrypto | |
1048 | ||
1049 | diff --git a/src/qca_core.cpp b/src/qca_core.cpp | |
1050 | index 48460ce..dfb93b7 100644 | |
1051 | --- a/src/qca_core.cpp | |
1052 | +++ b/src/qca_core.cpp | |
1053 | @@ -813,6 +813,16 @@ QByteArray hexToArray(const QString &str) | |
1054 | return Hex().stringToArray(str).toByteArray(); | |
1055 | } | |
1056 | ||
1057 | +QString arrayToBase64(const QByteArray &a) | |
1058 | +{ | |
1059 | + return Base64().arrayToString(a); | |
1060 | +} | |
1061 | + | |
1062 | +QByteArray base64ToArray(const QString &base64String) | |
1063 | +{ | |
1064 | + return Base64().stringToArray(base64String).toByteArray(); | |
1065 | +} | |
1066 | + | |
1067 | static Provider *getProviderForType(const QString &type, const QString &provider) | |
1068 | { | |
1069 | Provider *p = 0; | |
1070 | diff --git a/unittest/base64unittest/base64unittest.cpp b/unittest/base64unittest/base64unittest.cpp | |
1071 | index f37dcfa..b354aea 100644 | |
1072 | --- a/unittest/base64unittest/base64unittest.cpp | |
1073 | +++ b/unittest/base64unittest/base64unittest.cpp | |
1074 | @@ -120,6 +120,9 @@ void Base64UnitTest::test2() | |
1075 | ||
1076 | QCOMPARE( base64Object.encodeString(raw), encoded ); | |
1077 | QCOMPARE( base64Object.decodeString(encoded), raw ); | |
1078 | + | |
1079 | + QCOMPARE( QCA::arrayToBase64(raw.toUtf8()), encoded ); | |
1080 | + QCOMPARE( QLatin1String(QCA::base64ToArray(encoded)), raw ); | |
1081 | } | |
1082 | ||
1083 | QTEST_MAIN(Base64UnitTest) | |
1084 | ||
1085 | commit d320ef4fdb2b5a70a2485a7027e52b520f0c4b48 | |
1086 | Author: Ivan Romanov <drizt@land.ru> | |
1087 | Date: Mon Oct 10 21:50:18 2016 +0500 | |
1088 | ||
1089 | Add some missed headers to Qt Creator project | |
1090 | ||
1091 | diff --git a/plugins/qca-gnupg/CMakeLists.txt b/plugins/qca-gnupg/CMakeLists.txt | |
1092 | index 6dbcaed..1ed8e21 100644 | |
1093 | --- a/plugins/qca-gnupg/CMakeLists.txt | |
1094 | +++ b/plugins/qca-gnupg/CMakeLists.txt | |
1095 | @@ -21,6 +21,23 @@ set(QCA_GNUPG_NONMOC_SOURCES | |
1096 | gpgproc/gpgproc.cpp | |
1097 | ) | |
1098 | ||
1099 | +set(QCA_GNUPG_HEADERS | |
1100 | + gpgaction.h | |
1101 | + ringwatch.h | |
1102 | + gpgop.h | |
1103 | + gpgop_p.h | |
1104 | + lineconverter.h | |
1105 | + mypgpkeycontext.h | |
1106 | + mykeystoreentry.h | |
1107 | + mykeystorelist.h | |
1108 | + gpgproc/gpgproc_p.h | |
1109 | + gpgproc/sprocess.h | |
1110 | + gpgproc/gpgproc.h | |
1111 | + utils.h | |
1112 | + mymessagecontext.h | |
1113 | + myopenpgpcontext.h | |
1114 | +) | |
1115 | + | |
1116 | my_automoc(QCA_GNUPG_MOC_SOURCES) | |
1117 | ||
1118 | qt4_wrap_cpp(EXTRA_GNUPG_SOURCES gpgop.h) | |
1119 | @@ -33,7 +50,7 @@ qt4_wrap_cpp(EXTRA_GNUPG_SOURCES mykeystorelist.h) | |
1120 | qt4_wrap_cpp(EXTRA_GNUPG_SOURCES mymessagecontext.h) | |
1121 | qt4_wrap_cpp(EXTRA_GNUPG_SOURCES gpgaction.h) | |
1122 | ||
1123 | -add_library(qca-gnupg ${PLUGIN_TYPE} ${QCA_GNUPG_MOC_SOURCES} ${QCA_GNUPG_NONMOC_SOURCES} ${EXTRA_GNUPG_SOURCES}) | |
1124 | +add_library(qca-gnupg ${PLUGIN_TYPE} ${QCA_GNUPG_MOC_SOURCES} ${QCA_GNUPG_NONMOC_SOURCES} ${EXTRA_GNUPG_SOURCES} ${QCA_GNUPG_HEADERS}) | |
1125 | ||
1126 | if(APPLE AND ${PLUGIN_TYPE} STREQUAL "MODULE") | |
1127 | set_property(TARGET qca-gnupg PROPERTY SUFFIX ".dylib") | |
1128 | ||
1129 | commit 7ba0ee591e0f50a7e7b532f9eb7e500e7da784fb | |
1130 | Author: Samuel Gaist <samuel.gaist@edeltech.ch> | |
1131 | Date: Thu Oct 20 13:34:23 2016 +0200 | |
1132 | ||
1133 | OS X build and warning fix | |
1134 | ||
1135 | Revert "Add missed file" | |
1136 | ||
1137 | This reverts commit 4c9f27270e0a7c00c10cbc56ce5c6842b47e5ab2. | |
1138 | ||
1139 | FindCoreFoundation.cmake is not needed since CoreFoundation | |
1140 | is a system framework. Its use has been removed by | |
1141 | commit f223ce03d4b94ffbb093fc8be5adf8d968f54434 | |
1142 | ||
1143 | Acked by: Ivan ÄukiÄ | |
1144 | ||
1145 | REVIEW: 126285 | |
1146 | ||
1147 | diff --git a/cmake/modules/FindCoreFoundation.cmake b/cmake/modules/FindCoreFoundation.cmake | |
1148 | deleted file mode 100644 | |
1149 | index c08e529..0000000 | |
1150 | --- a/cmake/modules/FindCoreFoundation.cmake | |
1151 | +++ /dev/null | |
1152 | @@ -1,13 +0,0 @@ | |
1153 | -# Copyright (c) 2014, Samuel Gaist, <samuel.gaist@edeltech.ch> | |
1154 | -# | |
1155 | -# Redistribution and use is allowed according to the terms of the BSD license. | |
1156 | -# For details see the accompanying COPYING-CMAKE-SCRIPTS file. | |
1157 | - | |
1158 | -INCLUDE(CMakeFindFrameworks) | |
1159 | - | |
1160 | -CMAKE_FIND_FRAMEWORKS(CoreFoundation) | |
1161 | - | |
1162 | -if (CoreFoundation_FRAMEWORKS) | |
1163 | - set(COREFOUNDATION_LIBRARY "-framework CoreFoundation" CACHE FILEPATH "CoreFoundation framework" FORCE) | |
1164 | - set(COREFOUNDATION_FOUND 1) | |
1165 | -endif (CoreFoundation_FRAMEWORKS) | |
1166 | ||
1167 | commit b435c1b87b14ac2d2de9f83e586bfd6d8c2a755e | |
1168 | Author: Ivan Romanov <drizt@land.ru> | |
1169 | Date: Sun Jan 29 14:06:08 2017 +0500 | |
1170 | ||
1171 | Avoid @rpath on Mac OS | |
1172 | ||
1173 | diff --git a/CMakeLists.txt b/CMakeLists.txt | |
1174 | index 605621b..34bffb9 100644 | |
1175 | --- a/CMakeLists.txt | |
1176 | +++ b/CMakeLists.txt | |
1177 | @@ -23,6 +23,10 @@ set(QCA_LIB_PATCH_VERSION "0") | |
1178 | # qtmain.lib. | |
1179 | cmake_policy(SET CMP0020 OLD) | |
1180 | ||
1181 | +if(POLICY CMP0042) | |
1182 | + cmake_policy(SET CMP0042 OLD) | |
1183 | +endif() | |
1184 | + | |
1185 | option(BUILD_TESTS "Create test" ON) | |
1186 | option(BUILD_TOOLS "Compile mozcerts and qcatool" ON) | |
1187 | set(BUILD_PLUGINS "auto" CACHE STRING "Plugins for building (also possible values: none, all and auto)") | |
1188 | ||
1189 | commit f4b2eb0ced5310f3c43398eb1f03e0c065e08a82 | |
1190 | Author: Ivan Romanov <drizt@land.ru> | |
1191 | Date: Sun Jan 29 15:08:12 2017 +0500 | |
1192 | ||
1193 | Fix previous commit | |
1194 | ||
1195 | diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt | |
1196 | index 92204f2..2e81974 100644 | |
1197 | --- a/src/CMakeLists.txt | |
1198 | +++ b/src/CMakeLists.txt | |
1199 | @@ -148,9 +148,15 @@ if(WIN32) | |
1200 | endif(WIN32) | |
1201 | ||
1202 | if(APPLE) | |
1203 | - set(COREFOUNDATION_LIBRARY "-framework CoreFoundation") | |
1204 | - set(COREFOUNDATION_LIBRARY_SECURITY "-framework Security") | |
1205 | - TARGET_LINK_LIBRARIES(${QCA_LIB_NAME} ${COREFOUNDATION_LIBRARY} ${COREFOUNDATION_LIBRARY_SECURITY}) | |
1206 | + set(COREFOUNDATION_LIBRARY "-framework CoreFoundation") | |
1207 | + set(COREFOUNDATION_LIBRARY_SECURITY "-framework Security") | |
1208 | + TARGET_LINK_LIBRARIES(${QCA_LIB_NAME} ${COREFOUNDATION_LIBRARY} ${COREFOUNDATION_LIBRARY_SECURITY}) | |
1209 | + | |
1210 | + if(OSX_FRAMEWORK AND NOT USE_RELATIVE_PATHS) | |
1211 | + set_target_properties(${QCA_LIB_NAME} PROPERTIES | |
1212 | + INSTALL_NAME_DIR "${QCA_LIBRARY_INSTALL_DIR}" | |
1213 | + ) | |
1214 | + endif() | |
1215 | endif(APPLE) | |
1216 | ||
1217 | if(NOT ANDROID) | |
1218 | ||
1219 | commit be55b9c98dca67e42709ac6eadc272390ee49f03 | |
1220 | Author: Ivan Romanov <drizt@land.ru> | |
1221 | Date: Wed Mar 1 13:22:48 2017 +0500 | |
1222 | ||
1223 | Fix Qt5.7 warning | |
1224 | ||
1225 | diff --git a/src/support/console.cpp b/src/support/console.cpp | |
1226 | index c3c5570..ee94998 100644 | |
1227 | --- a/src/support/console.cpp | |
1228 | +++ b/src/support/console.cpp | |
1229 | @@ -857,7 +857,7 @@ public: | |
1230 | return false; | |
1231 | } | |
1232 | ||
1233 | - if(c == '\b' || c == 0x7f) | |
1234 | + if(c == '\b' || c.unicode() == 0x7f) | |
1235 | { | |
1236 | if(at > 0) | |
1237 | { | |
1238 | ||
1239 | commit 5f18ebc705ec98e883aa63cb537e36e6a08b7e34 | |
1240 | Author: Alon Bar-Lev <alon.barlev@gmail.com> | |
1241 | Date: Tue Mar 21 12:23:17 2017 +0200 | |
1242 | ||
1243 | build: fix C++11 throwing distructors | |
1244 | ||
1245 | For >=C++11, explicitly mark throwing destructors `noexcept(false)` | |
1246 | ||
1247 | Thanks: Peter-Levine <plevine457@gmail.com> | |
1248 | ||
1249 | diff --git a/Doxyfile.in b/Doxyfile.in | |
1250 | index 59d9afe..844c234 100644 | |
1251 | --- a/Doxyfile.in | |
1252 | +++ b/Doxyfile.in | |
1253 | @@ -1070,7 +1070,7 @@ PREDEFINED = DOXYGEN_SHOULD_SKIP_THIS \ | |
1254 | # The macro definition that is found in the sources will be used. | |
1255 | # Use the PREDEFINED tag if you want to use a different macro definition. | |
1256 | ||
1257 | -EXPAND_AS_DEFINED = QCA_EXPORT | |
1258 | +EXPAND_AS_DEFINED = QCA_EXPORT QCA_NOEXCEPT | |
1259 | ||
1260 | # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then | |
1261 | # doxygen's preprocessor will remove all function-like macros that are alone | |
1262 | diff --git a/src/botantools/botan/alloc_mmap/mmap_mem.cpp b/src/botantools/botan/alloc_mmap/mmap_mem.cpp | |
1263 | index 362b688..54f0d23 100644 | |
1264 | --- a/src/botantools/botan/alloc_mmap/mmap_mem.cpp | |
1265 | +++ b/src/botantools/botan/alloc_mmap/mmap_mem.cpp | |
1266 | @@ -107,7 +107,7 @@ void* MemoryMapping_Allocator::alloc_block(u32bit n) | |
1267 | umask(old_umask); | |
1268 | } | |
1269 | ||
1270 | - ~TemporaryFile() | |
1271 | + ~TemporaryFile() QCA_NOEXCEPT(false) | |
1272 | { | |
1273 | delete[] filepath; | |
1274 | if(fd != -1 && close(fd) == -1) | |
1275 | diff --git a/src/botantools/botan/botan/allocate.h b/src/botantools/botan/botan/allocate.h | |
1276 | index 0ac351e..52bc397 100644 | |
1277 | --- a/src/botantools/botan/botan/allocate.h | |
1278 | +++ b/src/botantools/botan/botan/allocate.h | |
1279 | @@ -40,6 +40,12 @@ namespace QCA { // WRAPNS_LINE | |
1280 | #include <string> | |
1281 | namespace QCA { // WRAPNS_LINE | |
1282 | ||
1283 | +#if __cplusplus >= 201103L | |
1284 | +#define QCA_NOEXCEPT(x) noexcept(x) | |
1285 | +#else | |
1286 | +#define QCA_NOEXCEPT(x) | |
1287 | +#endif | |
1288 | + | |
1289 | namespace Botan { | |
1290 | ||
1291 | /************************************************* | |
1292 | @@ -58,7 +64,7 @@ class Allocator | |
1293 | virtual void init() {} | |
1294 | virtual void destroy() {} | |
1295 | ||
1296 | - virtual ~Allocator() {} | |
1297 | + virtual ~Allocator() QCA_NOEXCEPT(false) {} | |
1298 | }; | |
1299 | ||
1300 | /************************************************* | |
1301 | diff --git a/src/botantools/botan/botan/mem_pool.h b/src/botantools/botan/botan/mem_pool.h | |
1302 | index 32834b8..1cb903e 100644 | |
1303 | --- a/src/botantools/botan/botan/mem_pool.h | |
1304 | +++ b/src/botantools/botan/botan/mem_pool.h | |
1305 | @@ -63,7 +63,7 @@ class Pooling_Allocator : public Allocator | |
1306 | void destroy(); | |
1307 | ||
1308 | Pooling_Allocator(u32bit, bool); | |
1309 | - ~Pooling_Allocator(); | |
1310 | + ~Pooling_Allocator() QCA_NOEXCEPT(false); | |
1311 | private: | |
1312 | void get_more_core(u32bit); | |
1313 | byte* allocate_blocks(u32bit); | |
1314 | diff --git a/src/botantools/botan/mem_pool.cpp b/src/botantools/botan/mem_pool.cpp | |
1315 | index 00280ec..baa47aa 100644 | |
1316 | --- a/src/botantools/botan/mem_pool.cpp | |
1317 | +++ b/src/botantools/botan/mem_pool.cpp | |
1318 | @@ -171,7 +171,7 @@ Pooling_Allocator::Pooling_Allocator(u32bit p_size, bool) : | |
1319 | /************************************************* | |
1320 | * Pooling_Allocator Destructor * | |
1321 | *************************************************/ | |
1322 | -Pooling_Allocator::~Pooling_Allocator() | |
1323 | +Pooling_Allocator::~Pooling_Allocator() QCA_NOEXCEPT(false) | |
1324 | { | |
1325 | delete mutex; | |
1326 | if(blocks.size()) | |
1327 | ||
1328 | commit df794c0181a09c42a883f2f886af20526f2e219e | |
1329 | Author: Ivan Romanov <drizt@land.ru> | |
1330 | Date: Sat Jul 8 09:53:45 2017 +0500 | |
1331 | ||
1332 | Remove deprecated keyword | |
1333 | ||
1334 | diff --git a/include/QtCrypto/qca_core.h b/include/QtCrypto/qca_core.h | |
1335 | index 7e7cf87..8c25a70 100644 | |
1336 | --- a/include/QtCrypto/qca_core.h | |
1337 | +++ b/include/QtCrypto/qca_core.h | |
1338 | @@ -492,8 +492,8 @@ QCA_EXPORT Logger *logger(); | |
1339 | */ | |
1340 | #define QCA_logTextMessage(message, severity) \ | |
1341 | do { \ | |
1342 | - register QCA::Logger::Severity s = severity; \ | |
1343 | - register QCA::Logger *l = QCA::logger (); \ | |
1344 | + QCA::Logger::Severity s = severity; \ | |
1345 | + QCA::Logger *l = QCA::logger (); \ | |
1346 | if (s <= l->level ()) { \ | |
1347 | l->logTextMessage (message, s); \ | |
1348 | } \ | |
1349 | @@ -511,8 +511,8 @@ QCA_EXPORT Logger *logger(); | |
1350 | */ | |
1351 | #define QCA_logBinaryMessage(blob, severity) \ | |
1352 | do { \ | |
1353 | - register QCA::Logger::Severity s = severity; \ | |
1354 | - register QCA::Logger *l = QCA::logger (); \ | |
1355 | + QCA::Logger::Severity s = severity; \ | |
1356 | + QCA::Logger *l = QCA::logger (); \ | |
1357 | if (s <= l->level ()) { \ | |
1358 | l->logBinaryMessage (blob, s); \ | |
1359 | } \ | |
1360 | ||
1361 | commit 8871dcd2e14207de4319c5da584d7712d13ce7ae | |
1362 | Author: Ivan Romanov <drizt@land.ru> | |
1363 | Date: Mon Sep 18 22:28:00 2017 +0500 | |
1364 | ||
1365 | Fix CMake warning | |
1366 | ||
1367 | CMP 0020 is deprecated. Avoid using of old behaviour. | |
1368 | ||
1369 | diff --git a/CMakeLists.txt b/CMakeLists.txt | |
1370 | index 34bffb9..7ef32ee 100644 | |
1371 | --- a/CMakeLists.txt | |
1372 | +++ b/CMakeLists.txt | |
1373 | @@ -18,11 +18,6 @@ set(QCA_LIB_MAJOR_VERSION "2") | |
1374 | set(QCA_LIB_MINOR_VERSION "2") | |
1375 | set(QCA_LIB_PATCH_VERSION "0") | |
1376 | ||
1377 | -# Do not automatically link Qt executables to qtmain target on Windows. | |
1378 | -# QCA exucatables use console mode only. Not need to link against | |
1379 | -# qtmain.lib. | |
1380 | -cmake_policy(SET CMP0020 OLD) | |
1381 | - | |
1382 | if(POLICY CMP0042) | |
1383 | cmake_policy(SET CMP0042 OLD) | |
1384 | endif() | |
1385 | @@ -51,6 +46,9 @@ set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules" ) | |
1386 | ||
1387 | option(QT4_BUILD "Force building with Qt4 even if Qt5 is found") | |
1388 | if (NOT QT4_BUILD) | |
1389 | + # Do not automatically link Qt executables to qtmain target on Windows. | |
1390 | + # QCA exucatables use console mode only. Not need to link against qtmain.lib. | |
1391 | + set(Qt5_NO_LINK_QTMAIN ON) | |
1392 | find_package(Qt5Core QUIET) | |
1393 | mark_as_advanced(Qt5Core_DIR) | |
1394 | endif() | |
1395 | @@ -71,6 +69,9 @@ if (Qt5Core_FOUND) | |
1396 | else() | |
1397 | set(QT_MIN_VERSION "4.7.0") | |
1398 | set(QT_USE_IMPORTED_TARGETS ON) | |
1399 | + # Do not automatically link Qt executables to qtmain target on Windows. | |
1400 | + # QCA exucatables use console mode only. Not need to link against qtmain.lib. | |
1401 | + set(QT4_NO_LINK_QTMAIN ON) | |
1402 | if(BUILD_TESTS) | |
1403 | find_package(Qt4 REQUIRED QtCore QtNetwork QtTest) | |
1404 | else(BUILD_TESTS) | |
1405 | ||
1406 | commit 159e144abf98964ad8653efdeeebefe1a284a044 | |
1407 | Author: Ivan Romanov <drizt@land.ru> | |
1408 | Date: Sat Sep 30 15:45:59 2017 +0500 | |
1409 | ||
1410 | Disable missed openssl cipher suites | |
1411 | ||
1412 | Fedora 26 has no them. | |
1413 | ||
1414 | commit d58e20ee652038dc4ec4fe4765dc3639ed735526 | |
1415 | Author: Fabian Vogt <fabian@ritter-vogt.de> | |
1416 | Date: Sat Dec 16 22:29:40 2017 +0100 | |
1417 | ||
1418 | Add support for OpenSSL 1.1.0 | |
1419 | ||
1420 | Test Plan: | |
1421 | Ran the testsuite with OpenSSL 1.1.0g and 1.0.2j, all passed. | |
1422 | Using this code with kdeconnect and okteta successfully on my system now. | |
1423 | ||
1424 | Reviewers: iromanov | |
1425 | ||
1426 | Subscribers: anthonyfieroni, alonbl, heikobecker, cfeck, asturmlechner, bero, rdieter | |
1427 | ||
1428 | Differential Revision: https://phabricator.kde.org/D9416 | |
1429 | ||
1430 | diff --git a/plugins/qca-ossl/ossl110-compat.h b/plugins/qca-ossl/ossl110-compat.h | |
1431 | new file mode 100644 | |
1432 | index 0000000..ec15475 | |
1433 | --- /dev/null | |
1434 | +++ b/plugins/qca-ossl/ossl110-compat.h | |
1435 | @@ -0,0 +1,283 @@ | |
1436 | +/* | |
1437 | + * Copyright (C) 2017 Gabriel Souza Franco <gabrielfrancosouza@gmail.com> | |
1438 | + * | |
1439 | + * This library is free software; you can redistribute it and/or | |
1440 | + * modify it under the terms of the GNU Lesser General Public | |
1441 | + * License as published by the Free Software Foundation; either | |
1442 | + * version 2.1 of the License, or (at your option) any later version. | |
1443 | + * | |
1444 | + * This library is distributed in the hope that it will be useful, | |
1445 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
1446 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
1447 | + * Lesser General Public License for more details. | |
1448 | + * | |
1449 | + * You should have received a copy of the GNU Lesser General Public | |
1450 | + * License along with this library; if not, write to the Free Software | |
1451 | + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA | |
1452 | + * | |
1453 | + */ | |
1454 | + | |
1455 | +#ifndef OSSL110COMPAT_H | |
1456 | +#define OSSL110COMPAT_H | |
1457 | + | |
1458 | +#include <openssl/evp.h> | |
1459 | +#include <openssl/hmac.h> | |
1460 | +#include <openssl/rsa.h> | |
1461 | +#include <openssl/dsa.h> | |
1462 | + | |
1463 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | |
1464 | +#define RSA_F_RSA_METH_DUP 161 | |
1465 | + | |
1466 | +static void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) | |
1467 | +{ | |
1468 | + if (pr) | |
1469 | + *pr = sig->r; | |
1470 | + if (ps) | |
1471 | + *ps = sig->s; | |
1472 | +} | |
1473 | + | |
1474 | +static int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) | |
1475 | +{ | |
1476 | + if (!sig) return 0; | |
1477 | + sig->r = r; | |
1478 | + sig->s = s; | |
1479 | + return 1; | |
1480 | +} | |
1481 | + | |
1482 | +static void DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) | |
1483 | +{ | |
1484 | + if (p) | |
1485 | + *p = dsa->p; | |
1486 | + if (q) | |
1487 | + *q = dsa->q; | |
1488 | + if (g) | |
1489 | + *g = dsa->g; | |
1490 | +} | |
1491 | + | |
1492 | +static int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) | |
1493 | +{ | |
1494 | + if (!dsa) return 0; | |
1495 | + dsa->p = p; | |
1496 | + dsa->q = q; | |
1497 | + dsa->g = g; | |
1498 | + return 1; | |
1499 | +} | |
1500 | + | |
1501 | +static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) | |
1502 | +{ | |
1503 | + if (n) | |
1504 | + *n = rsa->n; | |
1505 | + if (e) | |
1506 | + *e = rsa->e; | |
1507 | + if (d) | |
1508 | + *d = rsa->d; | |
1509 | +} | |
1510 | + | |
1511 | +static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) | |
1512 | +{ | |
1513 | + if (!rsa) return 0; | |
1514 | + rsa->n = n; | |
1515 | + rsa->e = e; | |
1516 | + rsa->d = d; | |
1517 | + return 1; | |
1518 | +} | |
1519 | + | |
1520 | +static void RSA_get0_factors(const RSA *rsa, const BIGNUM **p, const BIGNUM **q) | |
1521 | +{ | |
1522 | + if (p) | |
1523 | + *p = rsa->p; | |
1524 | + if (q) | |
1525 | + *q = rsa->q; | |
1526 | +} | |
1527 | + | |
1528 | +static int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q) | |
1529 | +{ | |
1530 | + if (!rsa) return 0; | |
1531 | + rsa->p = p; | |
1532 | + rsa->q = q; | |
1533 | + return 1; | |
1534 | +} | |
1535 | + | |
1536 | +static void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) | |
1537 | +{ | |
1538 | + if (p) | |
1539 | + *p = dh->p; | |
1540 | + if (q) | |
1541 | + *q = dh->q; | |
1542 | + if (g) | |
1543 | + *g = dh->g; | |
1544 | +} | |
1545 | + | |
1546 | +static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) | |
1547 | +{ | |
1548 | + if (!dh) return 0; | |
1549 | + dh->p = p; | |
1550 | + dh->q = q; | |
1551 | + dh->g = g; | |
1552 | + return 1; | |
1553 | +} | |
1554 | + | |
1555 | +static void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) | |
1556 | +{ | |
1557 | + if (pub_key) | |
1558 | + *pub_key = dh->pub_key; | |
1559 | + if (priv_key) | |
1560 | + *priv_key = dh->priv_key; | |
1561 | +} | |
1562 | + | |
1563 | +static int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) | |
1564 | +{ | |
1565 | + if (!dh) return 0; | |
1566 | + dh->pub_key = pub_key; | |
1567 | + dh->priv_key = priv_key; | |
1568 | + return 1; | |
1569 | +} | |
1570 | + | |
1571 | +static void DSA_get0_key(const DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key) | |
1572 | +{ | |
1573 | + if (pub_key) | |
1574 | + *pub_key = dsa->pub_key; | |
1575 | + if (priv_key) | |
1576 | + *priv_key = dsa->priv_key; | |
1577 | +} | |
1578 | + | |
1579 | +static int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key) | |
1580 | +{ | |
1581 | + if (!dsa) return 0; | |
1582 | + dsa->pub_key = pub_key; | |
1583 | + dsa->priv_key = priv_key; | |
1584 | + return 1; | |
1585 | +} | |
1586 | + | |
1587 | +static void X509_SIG_getm(const X509_SIG *sig, X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest) | |
1588 | +{ | |
1589 | + if (palg) | |
1590 | + *palg = sig->algor; | |
1591 | + if (pdigest) | |
1592 | + *pdigest = sig->digest; | |
1593 | +} | |
1594 | + | |
1595 | +static void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg) | |
1596 | +{ | |
1597 | + if (psig) | |
1598 | + *psig = req->signature; | |
1599 | + if (palg) | |
1600 | + *palg = req->sig_alg; | |
1601 | +} | |
1602 | + | |
1603 | +static void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg) | |
1604 | +{ | |
1605 | + if (psig) | |
1606 | + *psig = crl->signature; | |
1607 | + if (palg) | |
1608 | + *palg = crl->sig_alg; | |
1609 | +} | |
1610 | + | |
1611 | +static RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) | |
1612 | +{ | |
1613 | + if (!meth) | |
1614 | + return NULL; | |
1615 | + | |
1616 | + RSA_METHOD *_meth = (RSA_METHOD *) OPENSSL_malloc(sizeof(*_meth)); | |
1617 | + | |
1618 | + if (!_meth) | |
1619 | + { | |
1620 | + RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE); | |
1621 | + return NULL; | |
1622 | + } | |
1623 | + | |
1624 | + memcpy(_meth, meth, sizeof(*_meth)); | |
1625 | + _meth->name = strdup(meth->name); | |
1626 | + if (!_meth->name) { | |
1627 | + OPENSSL_free(_meth); | |
1628 | + RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE); | |
1629 | + return NULL; | |
1630 | + } | |
1631 | + | |
1632 | + return _meth; | |
1633 | +} | |
1634 | + | |
1635 | +static int RSA_meth_set_priv_enc(RSA_METHOD *rsa, int (*priv_enc) (int flen, const unsigned char *from, | |
1636 | + unsigned char *to, RSA *rsa, int padding)) | |
1637 | +{ | |
1638 | + if (!rsa) return 0; | |
1639 | + rsa->rsa_priv_enc = priv_enc; | |
1640 | + return 1; | |
1641 | +} | |
1642 | + | |
1643 | +static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int (*priv_dec) (int flen, const unsigned char *from, | |
1644 | + unsigned char *to, RSA *rsa, int padding)) | |
1645 | +{ | |
1646 | + if (!rsa) return 0; | |
1647 | + rsa->rsa_priv_dec = priv_dec; | |
1648 | + return 1; | |
1649 | +} | |
1650 | + | |
1651 | +static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const unsigned char *m, | |
1652 | + unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa)) | |
1653 | +{ | |
1654 | + if (!meth) return 0; | |
1655 | + meth->rsa_sign = sign; | |
1656 | + return 1; | |
1657 | +} | |
1658 | + | |
1659 | +static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype, const unsigned char *m, | |
1660 | + unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)) | |
1661 | +{ | |
1662 | + if (!meth) return 0; | |
1663 | + meth->rsa_verify = verify; | |
1664 | + return 1; | |
1665 | +} | |
1666 | + | |
1667 | +static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) | |
1668 | +{ | |
1669 | + if (!meth) return 0; | |
1670 | + meth->finish = finish; | |
1671 | + return 1; | |
1672 | +} | |
1673 | + | |
1674 | +static HMAC_CTX *HMAC_CTX_new() | |
1675 | +{ | |
1676 | + HMAC_CTX *ctx = (HMAC_CTX *) OPENSSL_malloc(sizeof(HMAC_CTX)); | |
1677 | + if (ctx) | |
1678 | + HMAC_CTX_init(ctx); | |
1679 | + return ctx; | |
1680 | +} | |
1681 | + | |
1682 | +static void HMAC_CTX_free(HMAC_CTX *ctx) | |
1683 | +{ | |
1684 | + if (!ctx) | |
1685 | + return; | |
1686 | + HMAC_CTX_cleanup(ctx); | |
1687 | + EVP_MD_CTX_cleanup(&ctx->i_ctx); | |
1688 | + EVP_MD_CTX_cleanup(&ctx->o_ctx); | |
1689 | + EVP_MD_CTX_cleanup(&ctx->md_ctx); | |
1690 | + OPENSSL_free(ctx); | |
1691 | +} | |
1692 | + | |
1693 | +#define ASN1_STRING_get0_data(...) (const unsigned char*)ASN1_STRING_data(__VA_ARGS__) | |
1694 | + | |
1695 | +#define EVP_MD_CTX_new(...) EVP_MD_CTX_create(__VA_ARGS__) | |
1696 | +#define EVP_MD_CTX_free(...) EVP_MD_CTX_destroy(__VA_ARGS__) | |
1697 | + | |
1698 | +#define EVP_PKEY_up_ref(pkey) CRYPTO_add(&(pkey)->references, 1, CRYPTO_LOCK_EVP_PKEY) | |
1699 | +#define X509_up_ref(cert) CRYPTO_add(&(cert)->references, 1, CRYPTO_LOCK_X509) | |
1700 | +#define X509_CRL_up_ref(crl) CRYPTO_add(&(crl)->references, 1, CRYPTO_LOCK_X509_CRL) | |
1701 | + | |
1702 | +#define EVP_PKEY_id(pky) (pky)->type | |
1703 | +#define EVP_PKEY_get0_DSA(pky) (pky)->pkey.dsa | |
1704 | +#define EVP_PKEY_get0_RSA(pky) (pky)->pkey.rsa | |
1705 | +#define EVP_PKEY_get0_DH(pky) (pky)->pkey.dh | |
1706 | + | |
1707 | +#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate | |
1708 | +#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate | |
1709 | + | |
1710 | +#define X509_REQ_get_signature_nid(req) OBJ_obj2nid((req)->sig_alg->algorithm) | |
1711 | +#define X509_CRL_get_signature_nid(crl) OBJ_obj2nid((crl)->sig_alg->algorithm) | |
1712 | + | |
1713 | +#define X509_REVOKED_get0_serialNumber(rev) (rev)->serialNumber | |
1714 | +#define X509_REVOKED_get0_revocationDate(rev) (rev)->revocationDate | |
1715 | + | |
1716 | +#endif // OPENSSL_VERSION_NUMBER < 0x10100000L | |
1717 | + | |
1718 | +#endif // OSSL110COMPAT_H | |
1719 | diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp | |
1720 | index a507604..39dbc2b 100644 | |
1721 | --- a/plugins/qca-ossl/qca-ossl.cpp | |
1722 | +++ b/plugins/qca-ossl/qca-ossl.cpp | |
1723 | @@ -2,6 +2,7 @@ | |
1724 | * Copyright (C) 2004-2007 Justin Karneges <justin@affinix.com> | |
1725 | * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net> | |
1726 | * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru> | |
1727 | + * Copyright (C) 2017 Fabian Vogt <fabian@ritter-vogt.de> | |
1728 | * | |
1729 | * This library is free software; you can redistribute it and/or | |
1730 | * modify it under the terms of the GNU Lesser General Public | |
1731 | @@ -39,6 +40,8 @@ | |
1732 | #include <openssl/pkcs12.h> | |
1733 | #include <openssl/ssl.h> | |
1734 | ||
1735 | +#include "ossl110-compat.h" | |
1736 | + | |
1737 | #ifndef OSSL_097 | |
1738 | // comment this out if you'd rather use openssl 0.9.6 | |
1739 | #define OSSL_097 | |
1740 | @@ -53,6 +56,16 @@ | |
1741 | ((_STACK*) (1 ? p : (type*)0)) | |
1742 | #endif | |
1743 | ||
1744 | +#if OPENSSL_VERSION_NUMBER >= 0x10100000L | |
1745 | + #define OSSL_110 | |
1746 | +#endif | |
1747 | + | |
1748 | +// OpenSSL 1.1.0 compatibility macros | |
1749 | +#ifdef OSSL_110 | |
1750 | +#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new() | |
1751 | +#define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT | |
1752 | +#endif | |
1753 | + | |
1754 | using namespace QCA; | |
1755 | ||
1756 | namespace opensslQCAPlugin { | |
1757 | @@ -94,7 +107,7 @@ static QByteArray bio2ba(BIO *b) | |
1758 | return buf; | |
1759 | } | |
1760 | ||
1761 | -static BigInteger bn2bi(BIGNUM *n) | |
1762 | +static BigInteger bn2bi(const BIGNUM *n) | |
1763 | { | |
1764 | SecureArray buf(BN_num_bytes(n) + 1); | |
1765 | buf[0] = 0; // positive | |
1766 | @@ -110,7 +123,7 @@ static BIGNUM *bi2bn(const BigInteger &n) | |
1767 | ||
1768 | // take lowest bytes of BIGNUM to fit | |
1769 | // pad with high byte zeroes to fit | |
1770 | -static SecureArray bn2fixedbuf(BIGNUM *n, int size) | |
1771 | +static SecureArray bn2fixedbuf(const BIGNUM *n, int size) | |
1772 | { | |
1773 | SecureArray buf(BN_num_bytes(n)); | |
1774 | BN_bn2bin(n, (unsigned char *)buf.data()); | |
1775 | @@ -128,8 +141,11 @@ static SecureArray dsasig_der_to_raw(const SecureArray &in) | |
1776 | const unsigned char *inp = (const unsigned char *)in.data(); | |
1777 | d2i_DSA_SIG(&sig, &inp, in.size()); | |
1778 | ||
1779 | - SecureArray part_r = bn2fixedbuf(sig->r, 20); | |
1780 | - SecureArray part_s = bn2fixedbuf(sig->s, 20); | |
1781 | + const BIGNUM *bnr, *bns; | |
1782 | + DSA_SIG_get0(sig, &bnr, &bns); | |
1783 | + | |
1784 | + SecureArray part_r = bn2fixedbuf(bnr, 20); | |
1785 | + SecureArray part_s = bn2fixedbuf(bns, 20); | |
1786 | SecureArray result; | |
1787 | result.append(part_r); | |
1788 | result.append(part_s); | |
1789 | @@ -144,12 +160,16 @@ static SecureArray dsasig_raw_to_der(const SecureArray &in) | |
1790 | return SecureArray(); | |
1791 | ||
1792 | DSA_SIG *sig = DSA_SIG_new(); | |
1793 | - SecureArray part_r(20); | |
1794 | - SecureArray part_s(20); | |
1795 | + SecureArray part_r(20); BIGNUM *bnr; | |
1796 | + SecureArray part_s(20); BIGNUM *bns; | |
1797 | memcpy(part_r.data(), in.data(), 20); | |
1798 | memcpy(part_s.data(), in.data() + 20, 20); | |
1799 | - sig->r = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL); | |
1800 | - sig->s = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL); | |
1801 | + bnr = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL); | |
1802 | + bns = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL); | |
1803 | + | |
1804 | + if(DSA_SIG_set0(sig, bnr, bns) == 0) | |
1805 | + return SecureArray(); | |
1806 | + // Not documented what happens in the failure case, free bnr and bns? | |
1807 | ||
1808 | int len = i2d_DSA_SIG(sig, NULL); | |
1809 | SecureArray result(len); | |
1810 | @@ -1005,29 +1025,39 @@ public: | |
1811 | opensslHashContext(const EVP_MD *algorithm, Provider *p, const QString &type) : HashContext(p, type) | |
1812 | { | |
1813 | m_algorithm = algorithm; | |
1814 | - EVP_DigestInit( &m_context, m_algorithm ); | |
1815 | + m_context = EVP_MD_CTX_new(); | |
1816 | + EVP_DigestInit( m_context, m_algorithm ); | |
1817 | + } | |
1818 | + | |
1819 | + opensslHashContext(const opensslHashContext &other) | |
1820 | + : HashContext(other) | |
1821 | + { | |
1822 | + m_algorithm = other.m_algorithm; | |
1823 | + m_context = EVP_MD_CTX_new(); | |
1824 | + EVP_MD_CTX_copy_ex(m_context, other.m_context); | |
1825 | } | |
1826 | ||
1827 | ~opensslHashContext() | |
1828 | { | |
1829 | - EVP_MD_CTX_cleanup(&m_context); | |
1830 | + EVP_MD_CTX_free(m_context); | |
1831 | } | |
1832 | ||
1833 | void clear() | |
1834 | { | |
1835 | - EVP_MD_CTX_cleanup(&m_context); | |
1836 | - EVP_DigestInit( &m_context, m_algorithm ); | |
1837 | + EVP_MD_CTX_free(m_context); | |
1838 | + m_context = EVP_MD_CTX_new(); | |
1839 | + EVP_DigestInit( m_context, m_algorithm ); | |
1840 | } | |
1841 | ||
1842 | void update(const MemoryRegion &a) | |
1843 | { | |
1844 | - EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() ); | |
1845 | + EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() ); | |
1846 | } | |
1847 | ||
1848 | MemoryRegion final() | |
1849 | { | |
1850 | SecureArray a( EVP_MD_size( m_algorithm ) ); | |
1851 | - EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 ); | |
1852 | + EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 ); | |
1853 | return a; | |
1854 | } | |
1855 | ||
1856 | @@ -1038,7 +1068,7 @@ public: | |
1857 | ||
1858 | protected: | |
1859 | const EVP_MD *m_algorithm; | |
1860 | - EVP_MD_CTX m_context; | |
1861 | + EVP_MD_CTX *m_context; | |
1862 | }; | |
1863 | ||
1864 | ||
1865 | @@ -1048,7 +1078,21 @@ public: | |
1866 | opensslPbkdf1Context(const EVP_MD *algorithm, Provider *p, const QString &type) : KDFContext(p, type) | |
1867 | { | |
1868 | m_algorithm = algorithm; | |
1869 | - EVP_DigestInit( &m_context, m_algorithm ); | |
1870 | + m_context = EVP_MD_CTX_new(); | |
1871 | + EVP_DigestInit( m_context, m_algorithm ); | |
1872 | + } | |
1873 | + | |
1874 | + opensslPbkdf1Context(const opensslPbkdf1Context &other) | |
1875 | + : KDFContext(other) | |
1876 | + { | |
1877 | + m_algorithm = other.m_algorithm; | |
1878 | + m_context = EVP_MD_CTX_new(); | |
1879 | + EVP_MD_CTX_copy(m_context, other.m_context); | |
1880 | + } | |
1881 | + | |
1882 | + ~opensslPbkdf1Context() | |
1883 | + { | |
1884 | + EVP_MD_CTX_free(m_context); | |
1885 | } | |
1886 | ||
1887 | Provider::Context *clone() const | |
1888 | @@ -1082,16 +1126,16 @@ public: | |
1889 | DK = Tc<0..dkLen-1> | |
1890 | */ | |
1891 | // calculate T_1 | |
1892 | - EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() ); | |
1893 | - EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() ); | |
1894 | + EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() ); | |
1895 | + EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() ); | |
1896 | SecureArray a( EVP_MD_size( m_algorithm ) ); | |
1897 | - EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 ); | |
1898 | + EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 ); | |
1899 | ||
1900 | // calculate T_2 up to T_c | |
1901 | for ( unsigned int i = 2; i <= iterationCount; ++i ) { | |
1902 | - EVP_DigestInit( &m_context, m_algorithm ); | |
1903 | - EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() ); | |
1904 | - EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 ); | |
1905 | + EVP_DigestInit( m_context, m_algorithm ); | |
1906 | + EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() ); | |
1907 | + EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 ); | |
1908 | } | |
1909 | ||
1910 | // shrink a to become DK, of the required length | |
1911 | @@ -1137,19 +1181,19 @@ public: | |
1912 | DK = Tc<0..dkLen-1> | |
1913 | */ | |
1914 | // calculate T_1 | |
1915 | - EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() ); | |
1916 | - EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() ); | |
1917 | + EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() ); | |
1918 | + EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() ); | |
1919 | SecureArray a( EVP_MD_size( m_algorithm ) ); | |
1920 | - EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 ); | |
1921 | + EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 ); | |
1922 | ||
1923 | // calculate T_2 up to T_c | |
1924 | *iterationCount = 2 - 1; // <- Have to remove 1, unless it computes one | |
1925 | timer.start(); // ^ time more than the base function | |
1926 | // ^ with the same iterationCount | |
1927 | while (timer.elapsed() < msecInterval) { | |
1928 | - EVP_DigestInit( &m_context, m_algorithm ); | |
1929 | - EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() ); | |
1930 | - EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 ); | |
1931 | + EVP_DigestInit( m_context, m_algorithm ); | |
1932 | + EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() ); | |
1933 | + EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 ); | |
1934 | ++(*iterationCount); | |
1935 | } | |
1936 | ||
1937 | @@ -1164,7 +1208,7 @@ public: | |
1938 | ||
1939 | protected: | |
1940 | const EVP_MD *m_algorithm; | |
1941 | - EVP_MD_CTX m_context; | |
1942 | + EVP_MD_CTX *m_context; | |
1943 | }; | |
1944 | ||
1945 | class opensslPbkdf2Context : public KDFContext | |
1946 | @@ -1232,12 +1276,28 @@ public: | |
1947 | opensslHMACContext(const EVP_MD *algorithm, Provider *p, const QString &type) : MACContext(p, type) | |
1948 | { | |
1949 | m_algorithm = algorithm; | |
1950 | - HMAC_CTX_init( &m_context ); | |
1951 | + m_context = HMAC_CTX_new(); | |
1952 | +#ifndef OSSL_110 | |
1953 | + HMAC_CTX_init( m_context ); | |
1954 | +#endif | |
1955 | + } | |
1956 | + | |
1957 | + opensslHMACContext(const opensslHMACContext &other) | |
1958 | + : MACContext(other) | |
1959 | + { | |
1960 | + m_algorithm = other.m_algorithm; | |
1961 | + m_context = HMAC_CTX_new(); | |
1962 | + HMAC_CTX_copy(m_context, other.m_context); | |
1963 | + } | |
1964 | + | |
1965 | + ~opensslHMACContext() | |
1966 | + { | |
1967 | + HMAC_CTX_free(m_context); | |
1968 | } | |
1969 | ||
1970 | void setup(const SymmetricKey &key) | |
1971 | { | |
1972 | - HMAC_Init_ex( &m_context, key.data(), key.size(), m_algorithm, 0 ); | |
1973 | + HMAC_Init_ex( m_context, key.data(), key.size(), m_algorithm, 0 ); | |
1974 | } | |
1975 | ||
1976 | KeyLength keyLength() const | |
1977 | @@ -1247,14 +1307,18 @@ public: | |
1978 | ||
1979 | void update(const MemoryRegion &a) | |
1980 | { | |
1981 | - HMAC_Update( &m_context, (unsigned char *)a.data(), a.size() ); | |
1982 | + HMAC_Update( m_context, (unsigned char *)a.data(), a.size() ); | |
1983 | } | |
1984 | ||
1985 | void final(MemoryRegion *out) | |
1986 | { | |
1987 | SecureArray sa( EVP_MD_size( m_algorithm ), 0 ); | |
1988 | - HMAC_Final(&m_context, (unsigned char *)sa.data(), 0 ); | |
1989 | - HMAC_CTX_cleanup(&m_context); | |
1990 | + HMAC_Final(m_context, (unsigned char *)sa.data(), 0 ); | |
1991 | +#ifdef OSSL_110 | |
1992 | + HMAC_CTX_reset(m_context); | |
1993 | +#else | |
1994 | + HMAC_CTX_cleanup(m_context); | |
1995 | +#endif | |
1996 | *out = sa; | |
1997 | } | |
1998 | ||
1999 | @@ -1264,7 +1328,7 @@ public: | |
2000 | } | |
2001 | ||
2002 | protected: | |
2003 | - HMAC_CTX m_context; | |
2004 | + HMAC_CTX *m_context; | |
2005 | const EVP_MD *m_algorithm; | |
2006 | }; | |
2007 | ||
2008 | @@ -1278,7 +1342,7 @@ class EVPKey | |
2009 | public: | |
2010 | enum State { Idle, SignActive, SignError, VerifyActive, VerifyError }; | |
2011 | EVP_PKEY *pkey; | |
2012 | - EVP_MD_CTX mdctx; | |
2013 | + EVP_MD_CTX *mdctx; | |
2014 | State state; | |
2015 | bool raw_type; | |
2016 | SecureArray raw; | |
2017 | @@ -1288,19 +1352,23 @@ public: | |
2018 | pkey = 0; | |
2019 | raw_type = false; | |
2020 | state = Idle; | |
2021 | + mdctx = EVP_MD_CTX_new(); | |
2022 | } | |
2023 | ||
2024 | EVPKey(const EVPKey &from) | |
2025 | { | |
2026 | pkey = from.pkey; | |
2027 | - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); | |
2028 | + EVP_PKEY_up_ref(pkey); | |
2029 | raw_type = false; | |
2030 | state = Idle; | |
2031 | + mdctx = EVP_MD_CTX_new(); | |
2032 | + EVP_MD_CTX_copy(mdctx, from.mdctx); | |
2033 | } | |
2034 | ||
2035 | ~EVPKey() | |
2036 | { | |
2037 | reset(); | |
2038 | + EVP_MD_CTX_free(mdctx); | |
2039 | } | |
2040 | ||
2041 | void reset() | |
2042 | @@ -1323,8 +1391,8 @@ public: | |
2043 | else | |
2044 | { | |
2045 | raw_type = false; | |
2046 | - EVP_MD_CTX_init(&mdctx); | |
2047 | - if(!EVP_SignInit_ex(&mdctx, type, NULL)) | |
2048 | + EVP_MD_CTX_init(mdctx); | |
2049 | + if(!EVP_SignInit_ex(mdctx, type, NULL)) | |
2050 | state = SignError; | |
2051 | } | |
2052 | } | |
2053 | @@ -1340,8 +1408,8 @@ public: | |
2054 | else | |
2055 | { | |
2056 | raw_type = false; | |
2057 | - EVP_MD_CTX_init(&mdctx); | |
2058 | - if(!EVP_VerifyInit_ex(&mdctx, type, NULL)) | |
2059 | + EVP_MD_CTX_init(mdctx); | |
2060 | + if(!EVP_VerifyInit_ex(mdctx, type, NULL)) | |
2061 | state = VerifyError; | |
2062 | } | |
2063 | } | |
2064 | @@ -1353,7 +1421,7 @@ public: | |
2065 | if (raw_type) | |
2066 | raw += in; | |
2067 | else | |
2068 | - if(!EVP_SignUpdate(&mdctx, in.data(), (unsigned int)in.size())) | |
2069 | + if(!EVP_SignUpdate(mdctx, in.data(), (unsigned int)in.size())) | |
2070 | state = SignError; | |
2071 | } | |
2072 | else if(state == VerifyActive) | |
2073 | @@ -1361,7 +1429,7 @@ public: | |
2074 | if (raw_type) | |
2075 | raw += in; | |
2076 | else | |
2077 | - if(!EVP_VerifyUpdate(&mdctx, in.data(), (unsigned int)in.size())) | |
2078 | + if(!EVP_VerifyUpdate(mdctx, in.data(), (unsigned int)in.size())) | |
2079 | state = VerifyError; | |
2080 | } | |
2081 | } | |
2082 | @@ -1374,17 +1442,20 @@ public: | |
2083 | unsigned int len = out.size(); | |
2084 | if (raw_type) | |
2085 | { | |
2086 | - if (pkey->type == EVP_PKEY_RSA) | |
2087 | + int type = EVP_PKEY_id(pkey); | |
2088 | + | |
2089 | + if (type == EVP_PKEY_RSA) | |
2090 | { | |
2091 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
2092 | if(RSA_private_encrypt (raw.size(), (unsigned char *)raw.data(), | |
2093 | - (unsigned char *)out.data(), pkey->pkey.rsa, | |
2094 | + (unsigned char *)out.data(), rsa, | |
2095 | RSA_PKCS1_PADDING) == -1) { | |
2096 | ||
2097 | state = SignError; | |
2098 | return SecureArray (); | |
2099 | } | |
2100 | } | |
2101 | - else if (pkey->type == EVP_PKEY_DSA) | |
2102 | + else if (type == EVP_PKEY_DSA) | |
2103 | { | |
2104 | state = SignError; | |
2105 | return SecureArray (); | |
2106 | @@ -1396,7 +1467,7 @@ public: | |
2107 | } | |
2108 | } | |
2109 | else { | |
2110 | - if(!EVP_SignFinal(&mdctx, (unsigned char *)out.data(), &len, pkey)) | |
2111 | + if(!EVP_SignFinal(mdctx, (unsigned char *)out.data(), &len, pkey)) | |
2112 | { | |
2113 | state = SignError; | |
2114 | return SecureArray(); | |
2115 | @@ -1419,16 +1490,19 @@ public: | |
2116 | SecureArray out(EVP_PKEY_size(pkey)); | |
2117 | int len = 0; | |
2118 | ||
2119 | - if (pkey->type == EVP_PKEY_RSA) { | |
2120 | + int type = EVP_PKEY_id(pkey); | |
2121 | + | |
2122 | + if (type == EVP_PKEY_RSA) { | |
2123 | + RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
2124 | if((len = RSA_public_decrypt (sig.size(), (unsigned char *)sig.data(), | |
2125 | - (unsigned char *)out.data (), pkey->pkey.rsa, | |
2126 | + (unsigned char *)out.data (), rsa, | |
2127 | RSA_PKCS1_PADDING)) == -1) { | |
2128 | ||
2129 | state = VerifyError; | |
2130 | return false; | |
2131 | } | |
2132 | } | |
2133 | - else if (pkey->type == EVP_PKEY_DSA) | |
2134 | + else if (type == EVP_PKEY_DSA) | |
2135 | { | |
2136 | state = VerifyError; | |
2137 | return false; | |
2138 | @@ -1448,7 +1522,7 @@ public: | |
2139 | } | |
2140 | else | |
2141 | { | |
2142 | - if(EVP_VerifyFinal(&mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1) | |
2143 | + if(EVP_VerifyFinal(mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1) | |
2144 | { | |
2145 | state = VerifyError; | |
2146 | return false; | |
2147 | @@ -1562,9 +1636,11 @@ static bool make_dlgroup(const QByteArray &seed, int bits, int counter, DLParams | |
2148 | return false; | |
2149 | if(ret_counter != counter) | |
2150 | return false; | |
2151 | - params->p = bn2bi(dsa->p); | |
2152 | - params->q = bn2bi(dsa->q); | |
2153 | - params->g = bn2bi(dsa->g); | |
2154 | + const BIGNUM *bnp, *bnq, *bng; | |
2155 | + DSA_get0_pqg(dsa, &bnp, &bnq, &bng); | |
2156 | + params->p = bn2bi(bnp); | |
2157 | + params->q = bn2bi(bnq); | |
2158 | + params->g = bn2bi(bng); | |
2159 | DSA_free(dsa); | |
2160 | return true; | |
2161 | } | |
2162 | @@ -1827,10 +1903,11 @@ public: | |
2163 | return; | |
2164 | ||
2165 | // extract the public key into DER format | |
2166 | - int len = i2d_RSAPublicKey(evp.pkey->pkey.rsa, NULL); | |
2167 | + RSA *rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey); | |
2168 | + int len = i2d_RSAPublicKey(rsa_pkey, NULL); | |
2169 | SecureArray result(len); | |
2170 | unsigned char *p = (unsigned char *)result.data(); | |
2171 | - i2d_RSAPublicKey(evp.pkey->pkey.rsa, &p); | |
2172 | + i2d_RSAPublicKey(rsa_pkey, &p); | |
2173 | p = (unsigned char *)result.data(); | |
2174 | ||
2175 | // put the DER public key back into openssl | |
2176 | @@ -1853,7 +1930,7 @@ public: | |
2177 | ||
2178 | virtual int maximumEncryptSize(EncryptionAlgorithm alg) const | |
2179 | { | |
2180 | - RSA *rsa = evp.pkey->pkey.rsa; | |
2181 | + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); | |
2182 | int size = 0; | |
2183 | switch(alg) | |
2184 | { | |
2185 | @@ -1868,7 +1945,7 @@ public: | |
2186 | ||
2187 | virtual SecureArray encrypt(const SecureArray &in, EncryptionAlgorithm alg) | |
2188 | { | |
2189 | - RSA *rsa = evp.pkey->pkey.rsa; | |
2190 | + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); | |
2191 | SecureArray buf = in; | |
2192 | int max = maximumEncryptSize(alg); | |
2193 | ||
2194 | @@ -1901,7 +1978,7 @@ public: | |
2195 | ||
2196 | virtual bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm alg) | |
2197 | { | |
2198 | - RSA *rsa = evp.pkey->pkey.rsa; | |
2199 | + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); | |
2200 | SecureArray result(RSA_size(rsa)); | |
2201 | int pad; | |
2202 | ||
2203 | @@ -2022,14 +2099,10 @@ public: | |
2204 | evp.reset(); | |
2205 | ||
2206 | RSA *rsa = RSA_new(); | |
2207 | - rsa->n = bi2bn(n); | |
2208 | - rsa->e = bi2bn(e); | |
2209 | - rsa->p = bi2bn(p); | |
2210 | - rsa->q = bi2bn(q); | |
2211 | - rsa->d = bi2bn(d); | |
2212 | - | |
2213 | - if(!rsa->n || !rsa->e || !rsa->p || !rsa->q || !rsa->d) | |
2214 | + if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), bi2bn(d)) == 0 | |
2215 | + || RSA_set0_factors(rsa, bi2bn(p), bi2bn(q)) == 0) | |
2216 | { | |
2217 | + // Free BIGNUMS? | |
2218 | RSA_free(rsa); | |
2219 | return; | |
2220 | } | |
2221 | @@ -2037,7 +2110,7 @@ public: | |
2222 | // When private key has no Public Exponent (e) or Private Exponent (d) | |
2223 | // need to disable blinding. Otherwise decryption will be broken. | |
2224 | // http://www.mail-archive.com/openssl-users@openssl.org/msg63530.html | |
2225 | - if(BN_is_zero(rsa->e) || BN_is_zero(rsa->d)) | |
2226 | + if(e == BigInteger(0) || d == BigInteger(0)) | |
2227 | RSA_blinding_off(rsa); | |
2228 | ||
2229 | evp.pkey = EVP_PKEY_new(); | |
2230 | @@ -2050,10 +2123,7 @@ public: | |
2231 | evp.reset(); | |
2232 | ||
2233 | RSA *rsa = RSA_new(); | |
2234 | - rsa->n = bi2bn(n); | |
2235 | - rsa->e = bi2bn(e); | |
2236 | - | |
2237 | - if(!rsa->n || !rsa->e) | |
2238 | + if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), NULL) == 0) | |
2239 | { | |
2240 | RSA_free(rsa); | |
2241 | return; | |
2242 | @@ -2066,27 +2136,42 @@ public: | |
2243 | ||
2244 | virtual BigInteger n() const | |
2245 | { | |
2246 | - return bn2bi(evp.pkey->pkey.rsa->n); | |
2247 | + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); | |
2248 | + const BIGNUM *bnn; | |
2249 | + RSA_get0_key(rsa, &bnn, NULL, NULL); | |
2250 | + return bn2bi(bnn); | |
2251 | } | |
2252 | ||
2253 | virtual BigInteger e() const | |
2254 | { | |
2255 | - return bn2bi(evp.pkey->pkey.rsa->e); | |
2256 | + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); | |
2257 | + const BIGNUM *bne; | |
2258 | + RSA_get0_key(rsa, NULL, &bne, NULL); | |
2259 | + return bn2bi(bne); | |
2260 | } | |
2261 | ||
2262 | virtual BigInteger p() const | |
2263 | { | |
2264 | - return bn2bi(evp.pkey->pkey.rsa->p); | |
2265 | + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); | |
2266 | + const BIGNUM *bnp; | |
2267 | + RSA_get0_factors(rsa, &bnp, NULL); | |
2268 | + return bn2bi(bnp); | |
2269 | } | |
2270 | ||
2271 | virtual BigInteger q() const | |
2272 | { | |
2273 | - return bn2bi(evp.pkey->pkey.rsa->q); | |
2274 | + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); | |
2275 | + const BIGNUM *bnq; | |
2276 | + RSA_get0_factors(rsa, NULL, &bnq); | |
2277 | + return bn2bi(bnq); | |
2278 | } | |
2279 | ||
2280 | virtual BigInteger d() const | |
2281 | { | |
2282 | - return bn2bi(evp.pkey->pkey.rsa->d); | |
2283 | + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); | |
2284 | + const BIGNUM *bnd; | |
2285 | + RSA_get0_key(rsa, NULL, NULL, &bnd); | |
2286 | + return bn2bi(bnd); | |
2287 | } | |
2288 | ||
2289 | private slots: | |
2290 | @@ -2135,10 +2220,12 @@ public: | |
2291 | virtual void run() | |
2292 | { | |
2293 | DSA *dsa = DSA_new(); | |
2294 | - dsa->p = bi2bn(domain.p()); | |
2295 | - dsa->q = bi2bn(domain.q()); | |
2296 | - dsa->g = bi2bn(domain.g()); | |
2297 | - if(!DSA_generate_key(dsa)) | |
2298 | + BIGNUM *pne = bi2bn(domain.p()), | |
2299 | + *qne = bi2bn(domain.q()), | |
2300 | + *gne = bi2bn(domain.g()); | |
2301 | + | |
2302 | + if(!DSA_set0_pqg(dsa, pne, qne, gne) | |
2303 | + || !DSA_generate_key(dsa)) | |
2304 | { | |
2305 | DSA_free(dsa); | |
2306 | return; | |
2307 | @@ -2213,10 +2300,11 @@ public: | |
2308 | return; | |
2309 | ||
2310 | // extract the public key into DER format | |
2311 | - int len = i2d_DSAPublicKey(evp.pkey->pkey.dsa, NULL); | |
2312 | + DSA *dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey); | |
2313 | + int len = i2d_DSAPublicKey(dsa_pkey, NULL); | |
2314 | SecureArray result(len); | |
2315 | unsigned char *p = (unsigned char *)result.data(); | |
2316 | - i2d_DSAPublicKey(evp.pkey->pkey.dsa, &p); | |
2317 | + i2d_DSAPublicKey(dsa_pkey, &p); | |
2318 | p = (unsigned char *)result.data(); | |
2319 | ||
2320 | // put the DER public key back into openssl | |
2321 | @@ -2245,7 +2333,7 @@ public: | |
2322 | else | |
2323 | transformsig = false; | |
2324 | ||
2325 | - evp.startSign(EVP_dss1()); | |
2326 | + evp.startSign(EVP_sha1()); | |
2327 | } | |
2328 | ||
2329 | virtual void startVerify(SignatureAlgorithm, SignatureFormat format) | |
2330 | @@ -2256,7 +2344,7 @@ public: | |
2331 | else | |
2332 | transformsig = false; | |
2333 | ||
2334 | - evp.startVerify(EVP_dss1()); | |
2335 | + evp.startVerify(EVP_sha1()); | |
2336 | } | |
2337 | ||
2338 | virtual void update(const MemoryRegion &in) | |
2339 | @@ -2306,13 +2394,14 @@ public: | |
2340 | evp.reset(); | |
2341 | ||
2342 | DSA *dsa = DSA_new(); | |
2343 | - dsa->p = bi2bn(domain.p()); | |
2344 | - dsa->q = bi2bn(domain.q()); | |
2345 | - dsa->g = bi2bn(domain.g()); | |
2346 | - dsa->pub_key = bi2bn(y); | |
2347 | - dsa->priv_key = bi2bn(x); | |
2348 | + BIGNUM *bnp = bi2bn(domain.p()); | |
2349 | + BIGNUM *bnq = bi2bn(domain.q()); | |
2350 | + BIGNUM *bng = bi2bn(domain.g()); | |
2351 | + BIGNUM *bnpub_key = bi2bn(y); | |
2352 | + BIGNUM *bnpriv_key = bi2bn(x); | |
2353 | ||
2354 | - if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key || !dsa->priv_key) | |
2355 | + if(!DSA_set0_pqg(dsa, bnp, bnq, bng) | |
2356 | + || !DSA_set0_key(dsa, bnpub_key, bnpriv_key)) | |
2357 | { | |
2358 | DSA_free(dsa); | |
2359 | return; | |
2360 | @@ -2328,12 +2417,13 @@ public: | |
2361 | evp.reset(); | |
2362 | ||
2363 | DSA *dsa = DSA_new(); | |
2364 | - dsa->p = bi2bn(domain.p()); | |
2365 | - dsa->q = bi2bn(domain.q()); | |
2366 | - dsa->g = bi2bn(domain.g()); | |
2367 | - dsa->pub_key = bi2bn(y); | |
2368 | + BIGNUM *bnp = bi2bn(domain.p()); | |
2369 | + BIGNUM *bnq = bi2bn(domain.q()); | |
2370 | + BIGNUM *bng = bi2bn(domain.g()); | |
2371 | + BIGNUM *bnpub_key = bi2bn(y); | |
2372 | ||
2373 | - if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key) | |
2374 | + if(!DSA_set0_pqg(dsa, bnp, bnq, bng) | |
2375 | + || !DSA_set0_key(dsa, bnpub_key, NULL)) | |
2376 | { | |
2377 | DSA_free(dsa); | |
2378 | return; | |
2379 | @@ -2346,17 +2436,26 @@ public: | |
2380 | ||
2381 | virtual DLGroup domain() const | |
2382 | { | |
2383 | - return DLGroup(bn2bi(evp.pkey->pkey.dsa->p), bn2bi(evp.pkey->pkey.dsa->q), bn2bi(evp.pkey->pkey.dsa->g)); | |
2384 | + DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey); | |
2385 | + const BIGNUM *bnp, *bnq, *bng; | |
2386 | + DSA_get0_pqg(dsa, &bnp, &bnq, &bng); | |
2387 | + return DLGroup(bn2bi(bnp), bn2bi(bnq), bn2bi(bng)); | |
2388 | } | |
2389 | ||
2390 | virtual BigInteger y() const | |
2391 | { | |
2392 | - return bn2bi(evp.pkey->pkey.dsa->pub_key); | |
2393 | + DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey); | |
2394 | + const BIGNUM *bnpub_key; | |
2395 | + DSA_get0_key(dsa, &bnpub_key, NULL); | |
2396 | + return bn2bi(bnpub_key); | |
2397 | } | |
2398 | ||
2399 | virtual BigInteger x() const | |
2400 | { | |
2401 | - return bn2bi(evp.pkey->pkey.dsa->priv_key); | |
2402 | + DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey); | |
2403 | + const BIGNUM *bnpriv_key; | |
2404 | + DSA_get0_key(dsa, NULL, &bnpriv_key); | |
2405 | + return bn2bi(bnpriv_key); | |
2406 | } | |
2407 | ||
2408 | private slots: | |
2409 | @@ -2405,9 +2504,10 @@ public: | |
2410 | virtual void run() | |
2411 | { | |
2412 | DH *dh = DH_new(); | |
2413 | - dh->p = bi2bn(domain.p()); | |
2414 | - dh->g = bi2bn(domain.g()); | |
2415 | - if(!DH_generate_key(dh)) | |
2416 | + BIGNUM *bnp = bi2bn(domain.p()); | |
2417 | + BIGNUM *bng = bi2bn(domain.g()); | |
2418 | + if(!DH_set0_pqg(dh, bnp, NULL, bng) | |
2419 | + || !DH_generate_key(dh)) | |
2420 | { | |
2421 | DH_free(dh); | |
2422 | return; | |
2423 | @@ -2479,11 +2579,14 @@ public: | |
2424 | if(!sec) | |
2425 | return; | |
2426 | ||
2427 | - DH *orig = evp.pkey->pkey.dh; | |
2428 | + DH *orig = EVP_PKEY_get0_DH(evp.pkey); | |
2429 | DH *dh = DH_new(); | |
2430 | - dh->p = BN_dup(orig->p); | |
2431 | - dh->g = BN_dup(orig->g); | |
2432 | - dh->pub_key = BN_dup(orig->pub_key); | |
2433 | + const BIGNUM *bnp, *bng, *bnpub_key; | |
2434 | + DH_get0_pqg(orig, &bnp, NULL, &bng); | |
2435 | + DH_get0_key(orig, &bnpub_key, NULL); | |
2436 | + | |
2437 | + DH_set0_key(dh, BN_dup(bnpub_key), NULL); | |
2438 | + DH_set0_pqg(dh, BN_dup(bnp), NULL, BN_dup(bng)); | |
2439 | ||
2440 | evp.reset(); | |
2441 | ||
2442 | @@ -2499,10 +2602,13 @@ public: | |
2443 | ||
2444 | virtual SymmetricKey deriveKey(const PKeyBase &theirs) | |
2445 | { | |
2446 | - DH *dh = evp.pkey->pkey.dh; | |
2447 | - DH *them = static_cast<const DHKey *>(&theirs)->evp.pkey->pkey.dh; | |
2448 | + DH *dh = EVP_PKEY_get0_DH(evp.pkey); | |
2449 | + DH *them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey); | |
2450 | + const BIGNUM *bnpub_key; | |
2451 | + DH_get0_key(them, &bnpub_key, NULL); | |
2452 | + | |
2453 | SecureArray result(DH_size(dh)); | |
2454 | - int ret = DH_compute_key((unsigned char *)result.data(), them->pub_key, dh); | |
2455 | + int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, dh); | |
2456 | if(ret <= 0) | |
2457 | return SymmetricKey(); | |
2458 | result.resize(ret); | |
2459 | @@ -2532,12 +2638,13 @@ public: | |
2460 | evp.reset(); | |
2461 | ||
2462 | DH *dh = DH_new(); | |
2463 | - dh->p = bi2bn(domain.p()); | |
2464 | - dh->g = bi2bn(domain.g()); | |
2465 | - dh->pub_key = bi2bn(y); | |
2466 | - dh->priv_key = bi2bn(x); | |
2467 | + BIGNUM *bnp = bi2bn(domain.p()); | |
2468 | + BIGNUM *bng = bi2bn(domain.g()); | |
2469 | + BIGNUM *bnpub_key = bi2bn(y); | |
2470 | + BIGNUM *bnpriv_key = bi2bn(x); | |
2471 | ||
2472 | - if(!dh->p || !dh->g || !dh->pub_key || !dh->priv_key) | |
2473 | + if(!DH_set0_key(dh, bnpub_key, bnpriv_key) | |
2474 | + || !DH_set0_pqg(dh, bnp, NULL, bng)) | |
2475 | { | |
2476 | DH_free(dh); | |
2477 | return; | |
2478 | @@ -2553,11 +2660,12 @@ public: | |
2479 | evp.reset(); | |
2480 | ||
2481 | DH *dh = DH_new(); | |
2482 | - dh->p = bi2bn(domain.p()); | |
2483 | - dh->g = bi2bn(domain.g()); | |
2484 | - dh->pub_key = bi2bn(y); | |
2485 | + BIGNUM *bnp = bi2bn(domain.p()); | |
2486 | + BIGNUM *bng = bi2bn(domain.g()); | |
2487 | + BIGNUM *bnpub_key = bi2bn(y); | |
2488 | ||
2489 | - if(!dh->p || !dh->g || !dh->pub_key) | |
2490 | + if(!DH_set0_key(dh, bnpub_key, NULL) | |
2491 | + || !DH_set0_pqg(dh, bnp, NULL, bng)) | |
2492 | { | |
2493 | DH_free(dh); | |
2494 | return; | |
2495 | @@ -2570,17 +2678,26 @@ public: | |
2496 | ||
2497 | virtual DLGroup domain() const | |
2498 | { | |
2499 | - return DLGroup(bn2bi(evp.pkey->pkey.dh->p), bn2bi(evp.pkey->pkey.dh->g)); | |
2500 | + DH *dh = EVP_PKEY_get0_DH(evp.pkey); | |
2501 | + const BIGNUM *bnp, *bng; | |
2502 | + DH_get0_pqg(dh, &bnp, NULL, &bng); | |
2503 | + return DLGroup(bn2bi(bnp), bn2bi(bng)); | |
2504 | } | |
2505 | ||
2506 | virtual BigInteger y() const | |
2507 | { | |
2508 | - return bn2bi(evp.pkey->pkey.dh->pub_key); | |
2509 | + DH *dh = EVP_PKEY_get0_DH(evp.pkey); | |
2510 | + const BIGNUM *bnpub_key; | |
2511 | + DH_get0_key(dh, &bnpub_key, NULL); | |
2512 | + return bn2bi(bnpub_key); | |
2513 | } | |
2514 | ||
2515 | virtual BigInteger x() const | |
2516 | { | |
2517 | - return bn2bi(evp.pkey->pkey.dh->priv_key); | |
2518 | + DH *dh = EVP_PKEY_get0_DH(evp.pkey); | |
2519 | + const BIGNUM *bnpriv_key; | |
2520 | + DH_get0_key(dh, NULL, &bnpriv_key); | |
2521 | + return bn2bi(bnpriv_key); | |
2522 | } | |
2523 | ||
2524 | private slots: | |
2525 | @@ -2619,10 +2736,14 @@ public: | |
2526 | { | |
2527 | key = _key; | |
2528 | RSA_set_method(rsa, rsa_method()); | |
2529 | +#ifndef OSSL_110 | |
2530 | rsa->flags |= RSA_FLAG_SIGN_VER; | |
2531 | +#endif | |
2532 | RSA_set_app_data(rsa, this); | |
2533 | - rsa->n = bi2bn(_key.n()); | |
2534 | - rsa->e = bi2bn(_key.e()); | |
2535 | + BIGNUM *bnn = bi2bn(_key.n()); | |
2536 | + BIGNUM *bne = bi2bn(_key.e()); | |
2537 | + | |
2538 | + RSA_set0_key(rsa, bnn, bne, NULL); | |
2539 | } | |
2540 | ||
2541 | RSA_METHOD *rsa_method() | |
2542 | @@ -2631,12 +2752,16 @@ public: | |
2543 | ||
2544 | if(!ops) | |
2545 | { | |
2546 | - ops = new RSA_METHOD(*RSA_get_default_method()); | |
2547 | - ops->rsa_priv_enc = 0;//pkcs11_rsa_encrypt; | |
2548 | - ops->rsa_priv_dec = rsa_priv_dec; | |
2549 | - ops->rsa_sign = rsa_sign; | |
2550 | - ops->rsa_verify = 0;//pkcs11_rsa_verify; | |
2551 | - ops->finish = rsa_finish; | |
2552 | + ops = RSA_meth_dup(RSA_get_default_method()); | |
2553 | + RSA_meth_set_priv_enc(ops, NULL); //pkcs11_rsa_encrypt | |
2554 | + RSA_meth_set_priv_dec(ops, rsa_priv_dec); //pkcs11_rsa_encrypt | |
2555 | +#ifdef OSSL_110 | |
2556 | + RSA_meth_set_sign(ops, NULL); | |
2557 | +#else | |
2558 | + RSA_meth_set_sign(ops, rsa_sign); | |
2559 | +#endif | |
2560 | + RSA_meth_set_verify(ops, NULL); //pkcs11_rsa_verify | |
2561 | + RSA_meth_set_finish(ops, rsa_finish); | |
2562 | } | |
2563 | return ops; | |
2564 | } | |
2565 | @@ -2676,6 +2801,7 @@ public: | |
2566 | return -1; | |
2567 | } | |
2568 | ||
2569 | +#ifndef OSSL_110 | |
2570 | static int rsa_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa) | |
2571 | { | |
2572 | QCA_RSA_METHOD *self = (QCA_RSA_METHOD *)RSA_get_app_data(rsa); | |
2573 | @@ -2692,7 +2818,6 @@ public: | |
2574 | } | |
2575 | else | |
2576 | { | |
2577 | - | |
2578 | // make X509 packet | |
2579 | X509_SIG sig; | |
2580 | ASN1_TYPE parameter; | |
2581 | @@ -2766,6 +2891,7 @@ public: | |
2582 | ||
2583 | return 1; | |
2584 | } | |
2585 | +#endif | |
2586 | ||
2587 | static int rsa_finish(RSA *rsa) | |
2588 | { | |
2589 | @@ -2867,21 +2993,22 @@ public: | |
2590 | PKeyBase *pkeyToBase(EVP_PKEY *pkey, bool sec) const | |
2591 | { | |
2592 | PKeyBase *nk = 0; | |
2593 | - if(pkey->type == EVP_PKEY_RSA) | |
2594 | + int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey)); | |
2595 | + if(pkey_type == EVP_PKEY_RSA) | |
2596 | { | |
2597 | RSAKey *c = new RSAKey(provider()); | |
2598 | c->evp.pkey = pkey; | |
2599 | c->sec = sec; | |
2600 | nk = c; | |
2601 | } | |
2602 | - else if(pkey->type == EVP_PKEY_DSA) | |
2603 | + else if(pkey_type == EVP_PKEY_DSA) | |
2604 | { | |
2605 | DSAKey *c = new DSAKey(provider()); | |
2606 | c->evp.pkey = pkey; | |
2607 | c->sec = sec; | |
2608 | nk = c; | |
2609 | } | |
2610 | - else if(pkey->type == EVP_PKEY_DH) | |
2611 | + else if(pkey_type == EVP_PKEY_DH) | |
2612 | { | |
2613 | DHKey *c = new DHKey(provider()); | |
2614 | c->evp.pkey = pkey; | |
2615 | @@ -2899,8 +3026,10 @@ public: | |
2616 | { | |
2617 | EVP_PKEY *pkey = get_pkey(); | |
2618 | ||
2619 | + int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey)); | |
2620 | + | |
2621 | // OpenSSL does not have DH import/export support | |
2622 | - if(pkey->type == EVP_PKEY_DH) | |
2623 | + if(pkey_type == EVP_PKEY_DH) | |
2624 | return QByteArray(); | |
2625 | ||
2626 | BIO *bo = BIO_new(BIO_s_mem()); | |
2627 | @@ -2913,8 +3042,10 @@ public: | |
2628 | { | |
2629 | EVP_PKEY *pkey = get_pkey(); | |
2630 | ||
2631 | + int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey)); | |
2632 | + | |
2633 | // OpenSSL does not have DH import/export support | |
2634 | - if(pkey->type == EVP_PKEY_DH) | |
2635 | + if(pkey_type == EVP_PKEY_DH) | |
2636 | return QString(); | |
2637 | ||
2638 | BIO *bo = BIO_new(BIO_s_mem()); | |
2639 | @@ -2979,9 +3110,10 @@ public: | |
2640 | return SecureArray(); | |
2641 | ||
2642 | EVP_PKEY *pkey = get_pkey(); | |
2643 | + int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey)); | |
2644 | ||
2645 | // OpenSSL does not have DH import/export support | |
2646 | - if(pkey->type == EVP_PKEY_DH) | |
2647 | + if(pkey_type == EVP_PKEY_DH) | |
2648 | return SecureArray(); | |
2649 | ||
2650 | BIO *bo = BIO_new(BIO_s_mem()); | |
2651 | @@ -3008,9 +3140,10 @@ public: | |
2652 | return QString(); | |
2653 | ||
2654 | EVP_PKEY *pkey = get_pkey(); | |
2655 | + int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey)); | |
2656 | ||
2657 | // OpenSSL does not have DH import/export support | |
2658 | - if(pkey->type == EVP_PKEY_DH) | |
2659 | + if(pkey_type == EVP_PKEY_DH) | |
2660 | return QString(); | |
2661 | ||
2662 | BIO *bo = BIO_new(BIO_s_mem()); | |
2663 | @@ -3111,11 +3244,18 @@ public: | |
2664 | crl = from.crl; | |
2665 | ||
2666 | if(cert) | |
2667 | - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); | |
2668 | + X509_up_ref(cert); | |
2669 | if(req) | |
2670 | + { | |
2671 | +#ifdef OSSL_110 | |
2672 | + // Not exposed, so copy | |
2673 | + req = X509_REQ_dup(req); | |
2674 | +#else | |
2675 | CRYPTO_add(&req->references, 1, CRYPTO_LOCK_X509_REQ); | |
2676 | +#endif | |
2677 | + } | |
2678 | if(crl) | |
2679 | - CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); | |
2680 | + X509_CRL_up_ref(crl); | |
2681 | } | |
2682 | ||
2683 | return *this; | |
2684 | @@ -3221,7 +3361,7 @@ public: | |
2685 | // | |
2686 | // This code is mostly taken from OpenSSL v0.9.5a | |
2687 | // by Eric Young | |
2688 | -QDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt) | |
2689 | +QDateTime ASN1_UTCTIME_QDateTime(const ASN1_UTCTIME *tm, int *isGmt) | |
2690 | { | |
2691 | QDateTime qdt; | |
2692 | char *v; | |
2693 | @@ -3319,7 +3459,7 @@ public: | |
2694 | ||
2695 | void fromX509(X509 *x) | |
2696 | { | |
2697 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | |
2698 | + X509_up_ref(x); | |
2699 | item.cert = x; | |
2700 | make_props(); | |
2701 | } | |
2702 | @@ -3350,7 +3490,7 @@ public: | |
2703 | if(priv.key()->type() == PKey::RSA) | |
2704 | md = EVP_sha1(); | |
2705 | else if(priv.key()->type() == PKey::DSA) | |
2706 | - md = EVP_dss1(); | |
2707 | + md = EVP_sha1(); | |
2708 | else | |
2709 | return false; | |
2710 | ||
2711 | @@ -3481,7 +3621,7 @@ public: | |
2712 | ||
2713 | const MyCertContext *our_cc = this; | |
2714 | X509 *x = our_cc->item.cert; | |
2715 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | |
2716 | + X509_up_ref(x); | |
2717 | sk_X509_push(untrusted_list, x); | |
2718 | ||
2719 | const MyCertContext *other_cc = static_cast<const MyCertContext *>(other); | |
2720 | @@ -3596,14 +3736,21 @@ public: | |
2721 | p.policies = get_cert_policies(ex); | |
2722 | } | |
2723 | ||
2724 | - if (x->signature) | |
2725 | +#ifdef OSSL_110 | |
2726 | + const | |
2727 | +#endif | |
2728 | + ASN1_BIT_STRING *signature; | |
2729 | + | |
2730 | + X509_get0_signature(&signature, NULL, x); | |
2731 | + if(signature) | |
2732 | { | |
2733 | - p.sig = QByteArray(x->signature->length, 0); | |
2734 | - for (int i=0; i< x->signature->length; i++) | |
2735 | - p.sig[i] = x->signature->data[i]; | |
2736 | + p.sig = QByteArray(signature->length, 0); | |
2737 | + for (int i=0; i< signature->length; i++) | |
2738 | + p.sig[i] = signature->data[i]; | |
2739 | } | |
2740 | ||
2741 | - switch( OBJ_obj2nid(x->cert_info->signature->algorithm) ) | |
2742 | + | |
2743 | + switch( X509_get_signature_nid(x) ) | |
2744 | { | |
2745 | case NID_sha1WithRSAEncryption: | |
2746 | p.sigalgo = QCA::EMSA3_SHA1; | |
2747 | @@ -3635,7 +3782,7 @@ public: | |
2748 | p.sigalgo = QCA::EMSA3_SHA512; | |
2749 | break; | |
2750 | default: | |
2751 | - qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->cert_info->signature->algorithm); | |
2752 | + qDebug() << "Unknown signature value: " << X509_get_signature_nid(x); | |
2753 | p.sigalgo = QCA::SignatureUnknown; | |
2754 | } | |
2755 | ||
2756 | @@ -3752,7 +3899,7 @@ public: | |
2757 | if(privateKey -> key()->type() == PKey::RSA) | |
2758 | md = EVP_sha1(); | |
2759 | else if(privateKey -> key()->type() == PKey::DSA) | |
2760 | - md = EVP_dss1(); | |
2761 | + md = EVP_sha1(); | |
2762 | else | |
2763 | return 0; | |
2764 | ||
2765 | @@ -3935,7 +4082,7 @@ public: | |
2766 | if(priv.key()->type() == PKey::RSA) | |
2767 | md = EVP_sha1(); | |
2768 | else if(priv.key()->type() == PKey::DSA) | |
2769 | - md = EVP_dss1(); | |
2770 | + md = EVP_sha1(); | |
2771 | else | |
2772 | return false; | |
2773 | ||
2774 | @@ -4096,14 +4243,17 @@ public: | |
2775 | ||
2776 | sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); | |
2777 | ||
2778 | - if (x->signature) | |
2779 | + const ASN1_BIT_STRING *signature; | |
2780 | + | |
2781 | + X509_REQ_get0_signature(x, &signature, NULL); | |
2782 | + if(signature) | |
2783 | { | |
2784 | - p.sig = QByteArray(x->signature->length, 0); | |
2785 | - for (int i=0; i< x->signature->length; i++) | |
2786 | - p.sig[i] = x->signature->data[i]; | |
2787 | + p.sig = QByteArray(signature->length, 0); | |
2788 | + for (int i=0; i< signature->length; i++) | |
2789 | + p.sig[i] = signature->data[i]; | |
2790 | } | |
2791 | ||
2792 | - switch( OBJ_obj2nid(x->sig_alg->algorithm) ) | |
2793 | + switch( X509_REQ_get_signature_nid(x) ) | |
2794 | { | |
2795 | case NID_sha1WithRSAEncryption: | |
2796 | p.sigalgo = QCA::EMSA3_SHA1; | |
2797 | @@ -4123,7 +4273,7 @@ public: | |
2798 | p.sigalgo = QCA::EMSA1_SHA1; | |
2799 | break; | |
2800 | default: | |
2801 | - qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm); | |
2802 | + qDebug() << "Unknown signature value: " << X509_REQ_get_signature_nid(x); | |
2803 | p.sigalgo = QCA::SignatureUnknown; | |
2804 | } | |
2805 | ||
2806 | @@ -4187,7 +4337,7 @@ public: | |
2807 | ||
2808 | void fromX509(X509_CRL *x) | |
2809 | { | |
2810 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); | |
2811 | + X509_CRL_up_ref(x); | |
2812 | item.crl = x; | |
2813 | make_props(); | |
2814 | } | |
2815 | @@ -4232,15 +4382,15 @@ public: | |
2816 | ||
2817 | issuer = get_cert_name(X509_CRL_get_issuer(x)); | |
2818 | ||
2819 | - p.thisUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get_lastUpdate(x), NULL); | |
2820 | - p.nextUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get_nextUpdate(x), NULL); | |
2821 | + p.thisUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get0_lastUpdate(x), NULL); | |
2822 | + p.nextUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get0_nextUpdate(x), NULL); | |
2823 | ||
2824 | STACK_OF(X509_REVOKED)* revokeStack = X509_CRL_get_REVOKED(x); | |
2825 | ||
2826 | for (int i = 0; i < sk_X509_REVOKED_num(revokeStack); ++i) { | |
2827 | X509_REVOKED *rev = sk_X509_REVOKED_value(revokeStack, i); | |
2828 | - BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(rev->serialNumber, NULL)); | |
2829 | - QDateTime time = ASN1_UTCTIME_QDateTime( rev->revocationDate, NULL); | |
2830 | + BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(X509_REVOKED_get0_serialNumber(rev), NULL)); | |
2831 | + QDateTime time = ASN1_UTCTIME_QDateTime( X509_REVOKED_get0_revocationDate(rev), NULL); | |
2832 | QCA::CRLEntry::Reason reason = QCA::CRLEntry::Unspecified; | |
2833 | int pos = X509_REVOKED_get_ext_by_NID(rev, NID_crl_reason, -1); | |
2834 | if (pos != -1) { | |
2835 | @@ -4289,13 +4439,18 @@ public: | |
2836 | p.revoked.append(thisEntry); | |
2837 | } | |
2838 | ||
2839 | - if (x->signature) | |
2840 | + const ASN1_BIT_STRING *signature; | |
2841 | + | |
2842 | + X509_CRL_get0_signature(x, &signature, NULL); | |
2843 | + if(signature) | |
2844 | { | |
2845 | - p.sig = QByteArray(x->signature->length, 0); | |
2846 | - for (int i=0; i< x->signature->length; i++) | |
2847 | - p.sig[i] = x->signature->data[i]; | |
2848 | + p.sig = QByteArray(signature->length, 0); | |
2849 | + for (int i=0; i< signature->length; i++) | |
2850 | + p.sig[i] = signature->data[i]; | |
2851 | } | |
2852 | - switch( OBJ_obj2nid(x->sig_alg->algorithm) ) | |
2853 | + | |
2854 | + | |
2855 | + switch( X509_CRL_get_signature_nid(x) ) | |
2856 | { | |
2857 | case NID_sha1WithRSAEncryption: | |
2858 | p.sigalgo = QCA::EMSA3_SHA1; | |
2859 | @@ -4327,7 +4482,7 @@ public: | |
2860 | p.sigalgo = QCA::EMSA3_SHA512; | |
2861 | break; | |
2862 | default: | |
2863 | - qWarning() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm); | |
2864 | + qWarning() << "Unknown signature value: " << X509_CRL_get_signature_nid(x); | |
2865 | p.sigalgo = QCA::SignatureUnknown; | |
2866 | } | |
2867 | ||
2868 | @@ -4488,21 +4643,21 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList | |
2869 | { | |
2870 | const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]); | |
2871 | X509 *x = cc->item.cert; | |
2872 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | |
2873 | + X509_up_ref(x); | |
2874 | sk_X509_push(trusted_list, x); | |
2875 | } | |
2876 | for(n = 0; n < untrusted.count(); ++n) | |
2877 | { | |
2878 | const MyCertContext *cc = static_cast<const MyCertContext *>(untrusted[n]); | |
2879 | X509 *x = cc->item.cert; | |
2880 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | |
2881 | + X509_up_ref(x); | |
2882 | sk_X509_push(untrusted_list, x); | |
2883 | } | |
2884 | for(n = 0; n < crls.count(); ++n) | |
2885 | { | |
2886 | const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]); | |
2887 | X509_CRL *x = cc->item.crl; | |
2888 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); | |
2889 | + X509_CRL_up_ref(x); | |
2890 | crl_list.append(x); | |
2891 | } | |
2892 | ||
2893 | @@ -4527,7 +4682,7 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList | |
2894 | int ret = X509_verify_cert(ctx); | |
2895 | int err = -1; | |
2896 | if(!ret) | |
2897 | - err = ctx->error; | |
2898 | + err = X509_STORE_CTX_get_error(ctx); | |
2899 | ||
2900 | // cleanup | |
2901 | X509_STORE_CTX_free(ctx); | |
2902 | @@ -4561,21 +4716,21 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q | |
2903 | { | |
2904 | const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]); | |
2905 | X509 *x = cc->item.cert; | |
2906 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | |
2907 | + X509_up_ref(x); | |
2908 | sk_X509_push(trusted_list, x); | |
2909 | } | |
2910 | for(n = 1; n < chain.count(); ++n) | |
2911 | { | |
2912 | const MyCertContext *cc = static_cast<const MyCertContext *>(chain[n]); | |
2913 | X509 *x = cc->item.cert; | |
2914 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | |
2915 | + X509_up_ref(x); | |
2916 | sk_X509_push(untrusted_list, x); | |
2917 | } | |
2918 | for(n = 0; n < crls.count(); ++n) | |
2919 | { | |
2920 | const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]); | |
2921 | X509_CRL *x = cc->item.crl; | |
2922 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); | |
2923 | + X509_CRL_up_ref(x); | |
2924 | crl_list.append(x); | |
2925 | } | |
2926 | ||
2927 | @@ -4600,7 +4755,7 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q | |
2928 | int ret = X509_verify_cert(ctx); | |
2929 | int err = -1; | |
2930 | if(!ret) | |
2931 | - err = ctx->error; | |
2932 | + err = X509_STORE_CTX_get_error(ctx); | |
2933 | ||
2934 | // grab the chain, which may not be fully populated | |
2935 | STACK_OF(X509) *xchain = X509_STORE_CTX_get_chain(ctx); | |
2936 | @@ -4664,7 +4819,7 @@ public: | |
2937 | for(int n = 1; n < chain.count(); ++n) | |
2938 | { | |
2939 | X509 *x = static_cast<const MyCertContext *>(chain[n])->item.cert; | |
2940 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | |
2941 | + X509_up_ref(x); | |
2942 | sk_X509_push(ca, x); | |
2943 | } | |
2944 | } | |
2945 | @@ -5399,7 +5554,7 @@ public: | |
2946 | OpenSSL_add_ssl_algorithms(); | |
2947 | SSL_CTX *ctx = 0; | |
2948 | switch (version) { | |
2949 | -#ifndef OPENSSL_NO_SSL2 | |
2950 | +#if !defined(OPENSSL_NO_SSL2) && !defined(OSSL_110) | |
2951 | case TLS::SSL_v2: | |
2952 | ctx = SSL_CTX_new(SSLv2_client_method()); | |
2953 | break; | |
2954 | @@ -5430,8 +5585,8 @@ public: | |
2955 | STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); | |
2956 | QStringList cipherList; | |
2957 | for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { | |
2958 | - SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i); | |
2959 | - cipherList += cipherIDtoString(version, thisCipher->id); | |
2960 | + const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i); | |
2961 | + cipherList += cipherIDtoString(version, SSL_CIPHER_get_id(thisCipher)); | |
2962 | } | |
2963 | ||
2964 | SSL_free(ssl); | |
2965 | @@ -5808,13 +5963,15 @@ public: | |
2966 | { | |
2967 | SessionInfo sessInfo; | |
2968 | ||
2969 | - sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session)); | |
2970 | + SSL_SESSION *session = SSL_get0_session(ssl); | |
2971 | + sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(session)); | |
2972 | + int ssl_version = SSL_version(ssl); | |
2973 | ||
2974 | - if (ssl->version == TLS1_VERSION) | |
2975 | + if (ssl_version == TLS1_VERSION) | |
2976 | sessInfo.version = TLS::TLS_v1; | |
2977 | - else if (ssl->version == SSL3_VERSION) | |
2978 | + else if (ssl_version == SSL3_VERSION) | |
2979 | sessInfo.version = TLS::SSL_v3; | |
2980 | - else if (ssl->version == SSL2_VERSION) | |
2981 | + else if (ssl_version == SSL2_VERSION) | |
2982 | sessInfo.version = TLS::SSL_v2; | |
2983 | else { | |
2984 | qDebug("unexpected version response"); | |
2985 | @@ -5822,7 +5979,7 @@ public: | |
2986 | } | |
2987 | ||
2988 | sessInfo.cipherSuite = cipherIDtoString( sessInfo.version, | |
2989 | - SSL_get_current_cipher(ssl)->id); | |
2990 | + SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))); | |
2991 | ||
2992 | sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits)); | |
2993 | ||
2994 | @@ -6394,7 +6551,7 @@ public: | |
2995 | for(int n = 0; n < nonroots.count(); ++n) | |
2996 | { | |
2997 | X509 *x = static_cast<MyCertContext *>(nonroots[n].context())->item.cert; | |
2998 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | |
2999 | + X509_up_ref(x); | |
3000 | sk_X509_push(other_certs, x); | |
3001 | } | |
3002 | ||
3003 | @@ -6436,7 +6593,7 @@ public: | |
3004 | ||
3005 | other_certs = sk_X509_new_null(); | |
3006 | X509 *x = static_cast<MyCertContext *>(target.context())->item.cert; | |
3007 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | |
3008 | + X509_up_ref(x); | |
3009 | sk_X509_push(other_certs, x); | |
3010 | ||
3011 | bi = BIO_new(BIO_s_mem()); | |
3012 | @@ -6499,7 +6656,7 @@ public: | |
3013 | for(int n = 0; n < untrusted_list.count(); ++n) | |
3014 | { | |
3015 | X509 *x = static_cast<MyCertContext *>(untrusted_list[n].context())->item.cert; | |
3016 | - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | |
3017 | + X509_up_ref(x); | |
3018 | sk_X509_push(other_certs, x); | |
3019 | } | |
3020 | ||
3021 | @@ -6750,14 +6907,28 @@ public: | |
3022 | opensslCipherContext(const EVP_CIPHER *algorithm, const int pad, Provider *p, const QString &type) : CipherContext(p, type) | |
3023 | { | |
3024 | m_cryptoAlgorithm = algorithm; | |
3025 | - EVP_CIPHER_CTX_init(&m_context); | |
3026 | + m_context = EVP_CIPHER_CTX_new(); | |
3027 | + EVP_CIPHER_CTX_init(m_context); | |
3028 | m_pad = pad; | |
3029 | m_type = type; | |
3030 | } | |
3031 | ||
3032 | + opensslCipherContext(const opensslCipherContext &other) | |
3033 | + : CipherContext(other) | |
3034 | + { | |
3035 | + m_cryptoAlgorithm = other.m_cryptoAlgorithm; | |
3036 | + m_context = EVP_CIPHER_CTX_new(); | |
3037 | + EVP_CIPHER_CTX_copy(m_context, other.m_context); | |
3038 | + m_direction = other.m_direction; | |
3039 | + m_pad = other.m_pad; | |
3040 | + m_type = other.m_type; | |
3041 | + m_tag = other.m_tag; | |
3042 | + } | |
3043 | + | |
3044 | ~opensslCipherContext() | |
3045 | { | |
3046 | - EVP_CIPHER_CTX_cleanup(&m_context); | |
3047 | + EVP_CIPHER_CTX_cleanup(m_context); | |
3048 | + EVP_CIPHER_CTX_free(m_context); | |
3049 | } | |
3050 | ||
3051 | void setup(Direction dir, | |
3052 | @@ -6772,28 +6943,28 @@ public: | |
3053 | m_cryptoAlgorithm = EVP_des_ede(); | |
3054 | } | |
3055 | if (Encode == m_direction) { | |
3056 | - EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0); | |
3057 | - EVP_CIPHER_CTX_set_key_length(&m_context, key.size()); | |
3058 | + EVP_EncryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0); | |
3059 | + EVP_CIPHER_CTX_set_key_length(m_context, key.size()); | |
3060 | if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) { | |
3061 | int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN; | |
3062 | - EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL); | |
3063 | + EVP_CIPHER_CTX_ctrl(m_context, parameter, iv.size(), NULL); | |
3064 | } | |
3065 | - EVP_EncryptInit_ex(&m_context, 0, 0, | |
3066 | + EVP_EncryptInit_ex(m_context, 0, 0, | |
3067 | (const unsigned char*)(key.data()), | |
3068 | (const unsigned char*)(iv.data())); | |
3069 | } else { | |
3070 | - EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0); | |
3071 | - EVP_CIPHER_CTX_set_key_length(&m_context, key.size()); | |
3072 | + EVP_DecryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0); | |
3073 | + EVP_CIPHER_CTX_set_key_length(m_context, key.size()); | |
3074 | if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) { | |
3075 | int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN; | |
3076 | - EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL); | |
3077 | + EVP_CIPHER_CTX_ctrl(m_context, parameter, iv.size(), NULL); | |
3078 | } | |
3079 | - EVP_DecryptInit_ex(&m_context, 0, 0, | |
3080 | + EVP_DecryptInit_ex(m_context, 0, 0, | |
3081 | (const unsigned char*)(key.data()), | |
3082 | (const unsigned char*)(iv.data())); | |
3083 | } | |
3084 | ||
3085 | - EVP_CIPHER_CTX_set_padding(&m_context, m_pad); | |
3086 | + EVP_CIPHER_CTX_set_padding(m_context, m_pad); | |
3087 | } | |
3088 | ||
3089 | Provider::Context *clone() const | |
3090 | @@ -6803,7 +6974,7 @@ public: | |
3091 | ||
3092 | int blockSize() const | |
3093 | { | |
3094 | - return EVP_CIPHER_CTX_block_size(&m_context); | |
3095 | + return EVP_CIPHER_CTX_block_size(m_context); | |
3096 | } | |
3097 | ||
3098 | AuthTag tag() const | |
3099 | @@ -6821,7 +6992,7 @@ public: | |
3100 | out->resize(in.size()+blockSize()); | |
3101 | int resultLength; | |
3102 | if (Encode == m_direction) { | |
3103 | - if (0 == EVP_EncryptUpdate(&m_context, | |
3104 | + if (0 == EVP_EncryptUpdate(m_context, | |
3105 | (unsigned char*)out->data(), | |
3106 | &resultLength, | |
3107 | (unsigned char*)in.data(), | |
3108 | @@ -6829,7 +7000,7 @@ public: | |
3109 | return false; | |
3110 | } | |
3111 | } else { | |
3112 | - if (0 == EVP_DecryptUpdate(&m_context, | |
3113 | + if (0 == EVP_DecryptUpdate(m_context, | |
3114 | (unsigned char*)out->data(), | |
3115 | &resultLength, | |
3116 | (unsigned char*)in.data(), | |
3117 | @@ -6846,25 +7017,25 @@ public: | |
3118 | out->resize(blockSize()); | |
3119 | int resultLength; | |
3120 | if (Encode == m_direction) { | |
3121 | - if (0 == EVP_EncryptFinal_ex(&m_context, | |
3122 | + if (0 == EVP_EncryptFinal_ex(m_context, | |
3123 | (unsigned char*)out->data(), | |
3124 | &resultLength)) { | |
3125 | return false; | |
3126 | } | |
3127 | if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) { | |
3128 | int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_GET_TAG : EVP_CTRL_CCM_GET_TAG; | |
3129 | - if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), (unsigned char*)m_tag.data())) { | |
3130 | + if (0 == EVP_CIPHER_CTX_ctrl(m_context, parameter, m_tag.size(), (unsigned char*)m_tag.data())) { | |
3131 | return false; | |
3132 | } | |
3133 | } | |
3134 | } else { | |
3135 | if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) { | |
3136 | int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_TAG : EVP_CTRL_CCM_SET_TAG; | |
3137 | - if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), m_tag.data())) { | |
3138 | + if (0 == EVP_CIPHER_CTX_ctrl(m_context, parameter, m_tag.size(), m_tag.data())) { | |
3139 | return false; | |
3140 | } | |
3141 | } | |
3142 | - if (0 == EVP_DecryptFinal_ex(&m_context, | |
3143 | + if (0 == EVP_DecryptFinal_ex(m_context, | |
3144 | (unsigned char*)out->data(), | |
3145 | &resultLength)) { | |
3146 | return false; | |
3147 | @@ -6899,7 +7070,7 @@ public: | |
3148 | ||
3149 | ||
3150 | protected: | |
3151 | - EVP_CIPHER_CTX m_context; | |
3152 | + EVP_CIPHER_CTX *m_context; | |
3153 | const EVP_CIPHER *m_cryptoAlgorithm; | |
3154 | Direction m_direction; | |
3155 | int m_pad; | |
3156 |