diff -ur ccnet-server-v6.0.10/lib/rsa.c ccnet-server/lib/rsa.c --- ccnet-server-v6.0.10/lib/rsa.c 2017-05-14 09:14:22.274184846 +0200 +++ ccnet-server/lib/rsa.c 2017-05-14 13:33:46.600971500 +0200 @@ -11,13 +11,55 @@ #include "rsa.h" #include "utils.h" +/* Forward compatibility functions if libssl < 1.1.0. */ + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) +{ + /* If the fields n and e in r are NULL, the corresponding input + * parameters MUST be non-NULL for n and e. d may be + * left NULL (in case only the public key is used). + */ + if ((r->n == NULL && n == NULL) + || (r->e == NULL && e == NULL)) + return 0; + if (n != NULL) { + BN_free(r->n); + r->n = n; + } + if (e != NULL) { + BN_free(r->e); + r->e = e; + } + if (d != NULL) { + BN_free(r->d); + r->d = d; + } + return 1; +} + +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +{ + if (n != NULL) + *n = r->n; + if (e != NULL) + *e = r->e; + if (d != NULL) + *d = r->d; +} + +#endif + RSA* private_key_to_pub(RSA *priv) { RSA *pub = RSA_new(); + const BIGNUM *n, *e; - pub->n = BN_dup(priv->n); - pub->e = BN_dup(priv->e); + RSA_get0_key (priv, &n, &e, NULL); + RSA_set0_key (pub, BN_dup(n), BN_dup(e), NULL); return pub; } @@ -28,18 +70,21 @@ GString *buf = g_string_new(NULL); unsigned char *temp; char *coded; + const BIGNUM *n, *e; - gsize len = BN_num_bytes(rsa->n); + RSA_get0_key (rsa, &n, &e, NULL); + + gsize len = BN_num_bytes(n); temp = malloc(len); - BN_bn2bin(rsa->n, temp); + BN_bn2bin(n, temp); coded = g_base64_encode(temp, len); g_string_append (buf, coded); g_string_append_c (buf, ' '); g_free(coded); - len = BN_num_bytes(rsa->e); + len = BN_num_bytes(e); temp = realloc(temp, len); - BN_bn2bin(rsa->e, temp); + BN_bn2bin(e, temp); coded = g_base64_encode(temp, len); g_string_append (buf, coded); g_free(coded); @@ -54,18 +99,21 @@ { unsigned char *temp; char *coded; + const BIGNUM *n, *e; + + RSA_get0_key (rsa, &n, &e, NULL); - gsize len = BN_num_bytes(rsa->n); + gsize len = BN_num_bytes(n); temp = malloc(len); - BN_bn2bin(rsa->n, temp); + BN_bn2bin(n, temp); coded = g_base64_encode(temp, len); g_string_append (buf, coded); g_string_append_c (buf, ' '); g_free(coded); - len = BN_num_bytes(rsa->e); + len = BN_num_bytes(e); temp = realloc(temp, len); - BN_bn2bin(rsa->e, temp); + BN_bn2bin(e, temp); coded = g_base64_encode(temp, len); g_string_append (buf, coded); g_free(coded); @@ -86,24 +134,31 @@ *p = '\0'; RSA *key = RSA_new(); + BIGNUM *n = NULL, *e = NULL; num = g_base64_decode(str, &len); - key->n = BN_bin2bn(num, len, NULL); - if (!key->n) + n = BN_bin2bn(num, len, NULL); + if (!n) goto err; g_free(num); num = g_base64_decode(p+1, &len); - key->e = BN_bin2bn(num, len, NULL); - if (!key->e) + e = BN_bin2bn(num, len, NULL); + if (!e) goto err; g_free(num); + RSA_set0_key (key, n, e, NULL); + *p = ' '; return key; err: *p = ' '; RSA_free (key); + if (n) + BN_free (n); + if (e) + BN_free (e); g_free(num); return NULL; } @@ -153,9 +208,22 @@ generate_private_key(u_int bits) { RSA *private = NULL; - - private = RSA_generate_key(bits, 35, NULL, NULL); - if (private == NULL) - g_error ("rsa_generate_private_key: key generation failed."); + BIGNUM* bne = NULL; + + bne = BN_new(); + if (!BN_set_word(bne, RSA_3)) + goto free_all; + + private = RSA_new(); + + if (!RSA_generate_key_ex(private, bits, bne, NULL)) + goto free_all; + return private; + +free_all: + RSA_free(private); + BN_free(bne); + g_error ("rsa_generate_private_key: key generation failed."); + return NULL; } diff -ur ccnet-server-v6.0.10/lib/utils.c ccnet-server/lib/utils.c --- ccnet-server-v6.0.10/lib/utils.c 2017-05-14 09:14:22.274184846 +0200 +++ ccnet-server/lib/utils.c 2017-05-14 09:51:57.671395998 +0200 @@ -1053,14 +1053,14 @@ return -1; } - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; int ret; int blks; /* Prepare CTX for encryption. */ - EVP_CIPHER_CTX_init (&ctx); + ctx = EVP_CIPHER_CTX_new (); - ret = EVP_EncryptInit_ex (&ctx, + ret = EVP_EncryptInit_ex (ctx, EVP_aes_256_cbc(), /* cipher mode */ NULL, /* engine, NULL for default */ key, /* derived key */ @@ -1068,6 +1068,7 @@ if (ret == ENC_FAILURE) { g_warning ("error init\n"); + EVP_CIPHER_CTX_free (ctx); return -1; } @@ -1089,7 +1090,7 @@ int update_len, final_len; /* Do the encryption. */ - ret = EVP_EncryptUpdate (&ctx, + ret = EVP_EncryptUpdate (ctx, (unsigned char*)*data_out, &update_len, (unsigned char*)data_in, @@ -1100,7 +1101,7 @@ } /* Finish the possible partial block. */ - ret = EVP_EncryptFinal_ex (&ctx, + ret = EVP_EncryptFinal_ex (ctx, (unsigned char*)*data_out + update_len, &final_len); *out_len = update_len + final_len; @@ -1109,11 +1110,11 @@ goto enc_error; } - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); return 0; enc_error: - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); *out_len = -1; if (*data_out != NULL) g_free (*data_out); @@ -1138,22 +1139,24 @@ return -1; } - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; int ret; *data_out = NULL; *out_len = -1; /* Prepare CTX for decryption. */ - EVP_CIPHER_CTX_init (&ctx); - ret = EVP_DecryptInit_ex (&ctx, + ctx = EVP_CIPHER_CTX_new (); + ret = EVP_DecryptInit_ex (ctx, EVP_aes_256_cbc(), /* cipher mode */ NULL, /* engine, NULL for default */ key, /* derived key */ iv); /* initial vector */ - if (ret == DEC_FAILURE) + if (ret == DEC_FAILURE) { + EVP_CIPHER_CTX_free (ctx); return -1; + } /* Allocating output buffer. */ *data_out = (char *)g_malloc (in_len); @@ -1165,7 +1168,7 @@ int update_len, final_len; /* Do the decryption. */ - ret = EVP_DecryptUpdate (&ctx, + ret = EVP_DecryptUpdate (ctx, (unsigned char*)*data_out, &update_len, (unsigned char*)data_in, @@ -1174,7 +1177,7 @@ goto dec_error; /* Finish the possible partial block. */ - ret = EVP_DecryptFinal_ex (&ctx, + ret = EVP_DecryptFinal_ex (ctx, (unsigned char*)*data_out + update_len, &final_len); *out_len = update_len + final_len; @@ -1182,11 +1185,11 @@ if (ret == DEC_FAILURE || *out_len > in_len) goto dec_error; - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); return 0; dec_error: - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); *out_len = -1; if (*data_out != NULL) g_free (*data_out); diff -ur ccnet-server-v6.0.10/tools/ccnet-init.c ccnet-server/tools/ccnet-init.c --- ccnet-server-v6.0.10/tools/ccnet-init.c 2017-05-14 09:14:22.282184865 +0200 +++ ccnet-server/tools/ccnet-init.c 2017-05-14 09:57:45.256750068 +0200 @@ -162,7 +162,7 @@ config_dir = ccnet_expand_path (config_dir); /* printf("[conf_dir=%s\n]", config_dir); */ - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); if (RAND_status() != 1) { /* it should be seeded automatically */ fprintf(stderr, "PRNG is not seeded\n");