--- a/src/Mayaqua/Encrypt.c +++ b/src/Mayaqua/Encrypt.c @@ -120,6 +120,7 @@ #include #include #include +#include #include #include #include @@ -128,6 +129,7 @@ #include #include #include +#include #include #include #include @@ -627,7 +629,7 @@ UINT CipherProcess(CIPHER *c, void *iv, void *dest, void *src, UINT size) return 0; } - if (EVP_CipherFinal(c->Ctx, ((UCHAR *)dest) + (UINT)r, &r2) == 0) + if (EVP_CipherFinal_ex(c->Ctx, ((UCHAR *)dest) + (UINT)r, &r2) == 0) { return 0; } @@ -926,6 +928,7 @@ BUF *BigNumToBuf(const BIGNUM *bn) // Initialization of the lock of OpenSSL void OpenSSL_InitLock() { +#if OPENSSL_VERSION_NUMBER < 0x10100000L UINT i; // Initialization of the lock object @@ -939,11 +942,13 @@ void OpenSSL_InitLock() // Setting the lock function CRYPTO_set_locking_callback(OpenSSL_Lock); CRYPTO_set_id_callback(OpenSSL_Id); +#endif } // Release of the lock of OpenSSL void OpenSSL_FreeLock() { +#if OPENSSL_VERSION_NUMBER < 0x10100000L UINT i; for (i = 0;i < ssl_lock_num;i++) @@ -955,11 +960,13 @@ void OpenSSL_FreeLock() CRYPTO_set_locking_callback(NULL); CRYPTO_set_id_callback(NULL); +#endif } // Lock function for OpenSSL void OpenSSL_Lock(int mode, int n, const char *file, int line) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L LOCK *lock = ssl_lock_obj[n]; if (mode & CRYPTO_LOCK) @@ -972,12 +979,15 @@ void OpenSSL_Lock(int mode, int n, const char *file, int line) // Unlock Unlock(lock); } +#endif } // Return the thread ID unsigned long OpenSSL_Id(void) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L return (unsigned long)ThreadId(); +#endif } // Get the display name of the certificate @@ -1901,8 +1911,8 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial) X509_set_version(x509, 2L); // Set the Expiration - t1 = X509_get_notBefore(x509); - t2 = X509_get_notAfter(x509); + t1 = X509_getm_notBefore(x509); + t2 = X509_getm_notAfter(x509); if (!UINT64ToAsn1Time(t1, notBefore)) { FreeX509(x509); @@ -2043,8 +2053,8 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial) X509_set_version(x509, 2L); // Set the Expiration - t1 = X509_get_notBefore(x509); - t2 = X509_get_notAfter(x509); + t1 = X509_getm_notBefore(x509); + t2 = X509_getm_notAfter(x509); if (!UINT64ToAsn1Time(t1, notBefore)) { FreeX509(x509); @@ -2697,6 +2707,43 @@ bool RsaCheckEx() return false; } + +// RSA key generation +static RSA *RsaGenKey(UINT bit, BN_ULONG e) +{ + RSA *rsa = NULL; + char errbuf[MAX_SIZE]; + BIGNUM *bne = NULL; + + if ((bne = BN_new()) == NULL) + { + Debug("BN_new: err=%s\n", ERR_error_string(ERR_get_error(), errbuf)); + return NULL; + } + if (BN_set_word(bne, e) == 0) + { + Debug("BN_set_word: err=%s\n", ERR_error_string(ERR_get_error(), errbuf)); + goto fail; + } + if ((rsa = RSA_new()) == NULL) + { + Debug("RSA_new: err=%s\n", ERR_error_string(ERR_get_error(), errbuf)); + goto fail; + } + if (RSA_generate_key_ex(rsa, bit, bne, NULL) == 0) + { + Debug("RSA_generate_key_ex: err=%s\n", ERR_error_string(ERR_get_error(), errbuf)); + goto fail; + } + BN_free(bne); + return rsa; + +fail: + RSA_free(rsa); + BN_free(bne); + return NULL; +} + bool RsaCheck() { RSA *rsa; @@ -2710,12 +2757,11 @@ bool RsaCheck() // Key generation Lock(openssl_lock); { - rsa = RSA_generate_key(bit, RSA_F4, NULL, NULL); + rsa = RsaGenKey(bit, RSA_F4); } Unlock(openssl_lock); if (rsa == NULL) { - Debug("RSA_generate_key: err=%s\n", ERR_error_string(ERR_get_error(), errbuf)); return false; } @@ -2780,12 +2826,11 @@ bool RsaGen(K **priv, K **pub, UINT bit) // Key generation Lock(openssl_lock); { - rsa = RSA_generate_key(bit, RSA_F4, NULL, NULL); + rsa = RsaGenKey(bit, RSA_F4); } Unlock(openssl_lock); if (rsa == NULL) { - Debug("RSA_generate_key: err=%s\n", ERR_error_string(ERR_get_error(), errbuf)); return false; } @@ -3895,7 +3940,7 @@ X *X509ToX(X509 *x509) { if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location->type == GEN_URI) { - char *uri = (char *)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier); + char *uri = (char *)ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier); if (IsEmptyStr(uri) == false) { @@ -4108,7 +4153,9 @@ void Rand(void *buf, UINT size) // Delete a thread-specific information that OpenSSL has holded void FreeOpenSSLThreadState() { +#if OPENSSL_VERSION_NUMBER < 0x10100000L ERR_remove_state(0); +#endif } // Release the Crypt library @@ -4130,12 +4177,14 @@ void InitCryptLibrary() CheckIfIntelAesNiSupportedInit(); // RAND_Init_For_SoftEther() openssl_lock = NewLock(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_library_init(); //OpenSSL_add_all_algorithms(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); SSL_load_error_strings(); +#endif ssl_clientcert_index = SSL_get_ex_new_index(0, "struct SslClientCertInfo *", NULL, NULL, NULL); --- a/src/Mayaqua/Encrypt.h +++ b/src/Mayaqua/Encrypt.h @@ -105,7 +105,7 @@ #ifndef ENCRYPT_H #define ENCRYPT_H -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(OPENSSL_NO_CHACHA) && !defined(LIBRESSL_VERSION_NUMBER) #define USE_OPENSSL_AEAD_CHACHA20POLY1305 #endif --- a/src/Mayaqua/Network.c +++ b/src/Mayaqua/Network.c @@ -18172,7 +18172,7 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode) SSL_CTX_set_ecdh_auto(ctx, 1); #endif // SSL_CTX_set_ecdh_auto -#if OPENSSL_VERSION_NUMBER >= 0x1010100fL +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) // For compatibility with VPN 3.0 or older SSL_CTX_set_security_level(ctx, 0); #endif --- a/src/Mayaqua/Secure.c +++ b/src/Mayaqua/Secure.c @@ -127,6 +127,7 @@ #include #include #include +#include #include #include #include