From eb01b80247de3fa3848d58d7f2816aff8f396630 Mon Sep 17 00:00:00 2001 From: Vitaly Chikunov Date: Wed, 25 Jul 2018 09:13:22 +0300 Subject: [PATCH] Move openssl-1.0.2 shim layer here Previously, we had shim layer in our openssl branch Could be squashed with 01d26132d156ba9fff7a8142d5a6899d7b2e6286 --- CMakeLists.txt | 1 + compat.h | 342 ++++++++++++++++++++++++++++++++++++++ gost_ameth.c | 19 ++- gost_grasshopper_cipher.c | 8 +- gost_lcl.h | 1 + gost_md.c | 2 + gost_md2012.c | 5 + 7 files changed, 368 insertions(+), 10 deletions(-) create mode 100644 compat.h diff --git a/CMakeLists.txt b/CMakeLists.txt index 8c9c895..0add5fd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -80,6 +80,7 @@ set(GOST_CORE_SOURCE_FILES gost_keywrap.c gost_keywrap.h gost_lcl.h + compat.h gost_params.c ) diff --git a/compat.h b/compat.h new file mode 100644 index 0000000..91afcf5 --- /dev/null +++ b/compat.h @@ -0,0 +1,342 @@ +/* + * Shim to provide small subset of openssl-1.1.0 API by openssl-1.0.2 + * + * Copyright (C) 2018 vt@altlinux.org. All Rights Reserved. + * + * Contents licensed under the terms of the OpenSSL license + * See https://www.openssl.org/source/license.html for details + */ + +#ifndef _GOST_COMPAT_H +#define _GOST_COMPAT_H + +# include +# if (OPENSSL_VERSION_NUMBER <= 0x10002100L) + +# include + +# include +# include +# include + +/* + * for crypto.h + */ + +# define OPENSSL_zalloc(num) CRYPTO_zalloc(num, __FILE__, __LINE__) +# define OPENSSL_clear_free(addr, num) \ + CRYPTO_clear_free(addr, num, __FILE__, __LINE__) + +static inline void *CRYPTO_zalloc(size_t num, const char *file, int line) +{ + void *ret = CRYPTO_malloc(num, file, line); + + if (ret != NULL) + memset(ret, 0, num); + return ret; +} + +static inline void CRYPTO_clear_free(void *str, size_t num, const char *file, int line) +{ + if (str == NULL) + return; + if (num) + OPENSSL_cleanse(str, num); + CRYPTO_free(str); +} + +/* + * for dsa.h + */ + +static inline void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +{ + if (pr != NULL) + *pr = sig->r; + if (ps != NULL) + *ps = sig->s; +} + +static inline int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r == NULL || s == NULL) + return 0; + BN_clear_free(sig->r); + BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + return 1; +} + +/* + * for evp.h + */ + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +#endif + +static inline void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher_data; +} + +static inline const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) +{ + return ctx->oiv; +} + +static inline unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) +{ + return ctx->iv; +} + +static inline int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) +{ + return ctx->encrypt; +} + +static inline unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) +{ + return ctx->buf; +} + +static inline int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx) +{ + return ctx->num; +} + +static inline void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) +{ + ctx->num = num; +} + +static inline EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) +{ + EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER)); + + if (cipher != NULL) { + cipher->nid = cipher_type; + cipher->block_size = block_size; + cipher->key_len = key_len; + } + return cipher; +} + +static inline int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) +{ + cipher->iv_len = iv_len; + return 1; +} + +static inline int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags) +{ + cipher->flags = flags; + return 1; +} + +static inline int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup) (EVP_CIPHER_CTX *)) +{ + cipher->cleanup = cleanup; + return 1; +} + +static inline int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)) +{ + cipher->set_asn1_parameters = set_asn1_parameters; + return 1; +} + +static inline int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl) (EVP_CIPHER_CTX *, int type, + int arg, void *ptr)) +{ + cipher->ctrl = ctrl; + return 1; +} + +static inline int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher) (EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)) +{ + cipher->do_cipher = do_cipher; + return 1; +} + +static inline int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)) +{ + cipher->get_asn1_parameters = get_asn1_parameters; + return 1; +} + +static inline int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init) (EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)) +{ + cipher->init = init; + return 1; +} + +static inline int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size) +{ + cipher->ctx_size = ctx_size; + return 1; +} + +static inline void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) +{ + OPENSSL_free(cipher); +} + +static inline EVP_MD_CTX *EVP_MD_CTX_new(void) +{ + return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); +} + +int ENGINE_finish(ENGINE *e); +static inline int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) +{ + if (ctx == NULL) + return 1; + if (ctx->digest && ctx->digest->cleanup + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) + ctx->digest->cleanup(ctx); + if (ctx->digest && ctx->digest->ctx_size && ctx->md_data + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { + OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); + } + EVP_PKEY_CTX_free(ctx->pctx); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ctx->engine); +#endif + OPENSSL_cleanse(ctx, sizeof(*ctx)); + + return 1; +} + +static inline void EVP_MD_CTX_free(EVP_MD_CTX *ctx) +{ + EVP_MD_CTX_reset(ctx); + OPENSSL_free(ctx); +} + +static inline EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) +{ + EVP_MD *md = OPENSSL_zalloc(sizeof(*md)); + + if (md != NULL) { + md->type = md_type; + md->pkey_type = pkey_type; + } + return md; +} + +static inline int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize) +{ + md->md_size = resultsize; + return 1; +} + +static inline int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) +{ + md->block_size = blocksize; + return 1; +} + +static inline int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize) +{ + md->ctx_size = datasize; + return 1; +} + +static inline int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags) +{ + md->flags = flags; + return 1; +} + +static inline int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)) +{ + md->init = init; + return 1; +} + +static inline int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)) +{ + md->update = update; + return 1; +} + +static inline int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)) +{ + md->final = final; + return 1; +} + +static inline int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)) +{ + md->copy = copy; + return 1; +} + +static inline int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)) +{ + md->cleanup = cleanup; + return 1; +} + +static inline int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)) +{ + md->md_ctrl = ctrl; + return 1; +} + +static inline void EVP_MD_meth_free(EVP_MD *md) +{ + OPENSSL_free(md); +} + +static inline const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) +{ + return ctx->iv; +} + +static inline void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) +{ + return ctx->md_data; +} + +static inline int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx) +{ + return md->init; +} + +static inline int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2) +{ + return md->md_ctrl; +} + +# endif /* (OPENSSL_VERSION_NUMBER <= 0x10002100L) */ + +#endif /* !_GOST_COMPAT_H */ diff --git a/gost_ameth.c b/gost_ameth.c index 5b93ea6..5e20f1e 100644 --- a/gost_ameth.c +++ b/gost_ameth.c @@ -21,6 +21,13 @@ #define PK_WRAP_PARAM "LEGACY_PK_WRAP" +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) +/* some functions have const'ed arguments since openssl-1.1.0 */ +# define OPENSSL110_const const +#else +# define OPENSSL110_const +#endif + /* * Pack bignum into byte buffer of given size, filling all leading bytes by * zeros @@ -131,9 +138,9 @@ static int gost_decode_nid_params(EVP_PKEY *pkey, int pkey_nid, int param_nid) * Parses GOST algorithm parameters from X509_ALGOR and modifies pkey setting * NID and parameters */ -static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg) +static int decode_gost_algor_params(EVP_PKEY *pkey, OPENSSL110_const X509_ALGOR *palg) { - ASN1_OBJECT *palg_obj = NULL; + OPENSSL110_const ASN1_OBJECT *palg_obj = NULL; int ptype = V_ASN1_UNDEF; int pkey_nid = NID_undef, param_nid = NID_undef; ASN1_STRING *pval = NULL; @@ -142,7 +149,7 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg) if (!pkey || !palg) return 0; - X509_ALGOR_get0(&palg_obj, &ptype, (void **)&pval, palg); + X509_ALGOR_get0(&palg_obj, &ptype, (OPENSSL110_const void **)&pval, palg); if (ptype != V_ASN1_SEQUENCE) { GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS, GOST_R_BAD_KEY_PARAMETERS_FORMAT); @@ -331,14 +338,14 @@ static BIGNUM *unmask_priv_key(EVP_PKEY *pk, return pknum_masked; } -static int priv_decode_gost(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf) +static int priv_decode_gost(EVP_PKEY *pk, OPENSSL110_const PKCS8_PRIV_KEY_INFO *p8inf) { const unsigned char *pkey_buf = NULL, *p = NULL; int priv_len = 0; BIGNUM *pk_num = NULL; int ret = 0; - X509_ALGOR *palg = NULL; - ASN1_OBJECT *palg_obj = NULL; + OPENSSL110_const X509_ALGOR *palg = NULL; + OPENSSL110_const ASN1_OBJECT *palg_obj = NULL; ASN1_INTEGER *priv_key = NULL; int expected_key_len = 32; diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c index a1e2ce8..baf25fe 100644 --- a/gost_grasshopper_cipher.c +++ b/gost_grasshopper_cipher.c @@ -211,7 +211,7 @@ GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctr(EVP_CIPHER_CTX* ctx, con gost_grasshopper_cipher_ctx_ctr* c = EVP_CIPHER_CTX_get_cipher_data(ctx); c->c.type = GRASSHOPPER_CIPHER_CTR; - ctx->num = 0; + EVP_CIPHER_CTX_set_num(ctx, 0); grasshopper_zero128(&c->partial_buffer); @@ -310,7 +310,7 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out, unsigned char* current_out = out; grasshopper_w128_t* currentInputBlock; grasshopper_w128_t* currentOutputBlock; - unsigned int n = ctx->num; + unsigned int n = EVP_CIPHER_CTX_num(ctx); size_t lasted; size_t i; @@ -319,7 +319,7 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out, --inl; n = (n + 1) % GRASSHOPPER_BLOCK_SIZE; } - ctx->num = n; + EVP_CIPHER_CTX_set_num(ctx, n); size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE; grasshopper_w128_t* iv_buffer = (grasshopper_w128_t*) iv; @@ -344,7 +344,7 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out, for (i = 0; i < lasted; i++) { currentOutputBlock->b[i] = c->partial_buffer.b[i] ^ currentInputBlock->b[i]; } - ctx->num = i; + EVP_CIPHER_CTX_set_num(ctx, i); ctr128_inc(iv_buffer->b); } diff --git a/gost_lcl.h b/gost_lcl.h index bc378f0..75d59b7 100644 --- a/gost_lcl.h +++ b/gost_lcl.h @@ -9,6 +9,7 @@ * OpenSSL 0.9.9 libraries required to compile and use * * this code * **********************************************************************/ +# include "compat.h" # include # include # include diff --git a/gost_md.c b/gost_md.c index c088f86..4b8e7e5 100644 --- a/gost_md.c +++ b/gost_md.c @@ -27,7 +27,9 @@ EVP_MD *digest_gost(void) EVP_MD *md; if ((md = EVP_MD_meth_new(NID_id_GostR3411_94, NID_undef)) == NULL +#if (OPENSSL_VERSION_NUMBER <= 0x10002100L) || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) +#endif || !EVP_MD_meth_set_result_size(md, 32) || !EVP_MD_meth_set_input_blocksize(md, 32) || !EVP_MD_meth_set_app_datasize(md, diff --git a/gost_md2012.c b/gost_md2012.c index 9385b08..5462dea 100644 --- a/gost_md2012.c +++ b/gost_md2012.c @@ -9,6 +9,7 @@ * * **********************************************************************/ +#include "compat.h" #include #include "gosthash2012.h" @@ -37,7 +38,9 @@ EVP_MD *digest_gost2012_256(void) if ((md = EVP_MD_meth_new(NID_id_GostR3411_2012_256, NID_undef)) == NULL +#if (OPENSSL_VERSION_NUMBER <= 0x10002100L) || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) +#endif || !EVP_MD_meth_set_result_size(md, 32) || !EVP_MD_meth_set_input_blocksize(md, 64) || !EVP_MD_meth_set_app_datasize(md, sizeof(gost2012_hash_ctx)) @@ -68,7 +71,9 @@ EVP_MD *digest_gost2012_512(void) if ((md = EVP_MD_meth_new(NID_id_GostR3411_2012_512, NID_undef)) == NULL +#if (OPENSSL_VERSION_NUMBER <= 0x10002100L) || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) +#endif || !EVP_MD_meth_set_result_size(md, 64) || !EVP_MD_meth_set_input_blocksize(md, 64) || !EVP_MD_meth_set_app_datasize(md, sizeof(gost2012_hash_ctx)) -- 2.39.2