1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
--- net.cpp.old 2017-04-25 12:21:37.489622598 +0200
+++ net.cpp 2017-04-25 12:24:13.356284078 +0200
@@ -2213,6 +2258,46 @@
return CURLE_OK;
}
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ #define X509_STORE_CTX_get0_cert(ctx) (ctx->cert)
+ #define X509_STORE_CTX_get0_untrusted(ctx) (ctx->untrusted)
+ #define EVP_PKEY_get0_DSA(_pkey_) ((_pkey_)->pkey.dsa)
+ #define EVP_PKEY_get0_RSA(_pkey_) ((_pkey_)->pkey.rsa)
+#endif
+
+const BIGNUM *RSA_get0_n(const RSA *rsa)
+{
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ return rsa->n;
+#else
+ const BIGNUM *result;
+ RSA_get0_key(rsa, &result, NULL, NULL);
+ return result;
+#endif
+}
+
+const BIGNUM *RSA_get0_e(const RSA *rsa)
+{
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ return rsa->e;
+#else
+ const BIGNUM *result;
+ RSA_get0_key(rsa, NULL, &result, NULL);
+ return result;
+#endif
+}
+
+const BIGNUM *RSA_get0_d(const RSA *rsa)
+{
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ return rsa->d;
+#else
+ const BIGNUM *result;
+ RSA_get0_key(rsa, NULL, NULL, &result);
+ return result;
+#endif
+}
+
// SSL public key pinning
int CurlHttpIO::cert_verify_callback(X509_STORE_CTX* ctx, void* req)
{
@@ -2228,17 +2313,17 @@
return 1;
}
- if ((evp = X509_PUBKEY_get(X509_get_X509_PUBKEY(ctx->cert))))
+ if ((evp = X509_PUBKEY_get(X509_get_X509_PUBKEY(X509_STORE_CTX_get0_cert(ctx)))))
{
- if (BN_num_bytes(evp->pkey.rsa->n) == sizeof APISSLMODULUS1 - 1
- && BN_num_bytes(evp->pkey.rsa->e) == sizeof APISSLEXPONENT - 1)
+ if (BN_num_bytes(RSA_get0_n(EVP_PKEY_get0_RSA(evp))) == sizeof APISSLMODULUS1 - 1
+ && BN_num_bytes(RSA_get0_e(EVP_PKEY_get0_RSA(evp))) == sizeof APISSLEXPONENT - 1)
{
- BN_bn2bin(evp->pkey.rsa->n, buf);
+ BN_bn2bin(RSA_get0_n(EVP_PKEY_get0_RSA(evp)), buf);
if (!memcmp(request->posturl.data(), MegaClient::APIURL.data(), MegaClient::APIURL.size()) &&
(!memcmp(buf, APISSLMODULUS1, sizeof APISSLMODULUS1 - 1) || !memcmp(buf, APISSLMODULUS2, sizeof APISSLMODULUS2 - 1)))
{
- BN_bn2bin(evp->pkey.rsa->e, buf);
+ BN_bn2bin(RSA_get0_e(EVP_PKEY_get0_RSA(evp)), buf);
if (!memcmp(buf, APISSLEXPONENT, sizeof APISSLEXPONENT - 1))
{
@@ -2253,7 +2338,7 @@
}
else
{
- LOG_warn << "Public key size mismatch " << BN_num_bytes(evp->pkey.rsa->n) << " " << BN_num_bytes(evp->pkey.rsa->e);
+ LOG_warn << "Public key size mismatch " << BN_num_bytes(RSA_get0_n(EVP_PKEY_get0_RSA(evp))) << " " << BN_num_bytes(RSA_get0_e(EVP_PKEY_get0_RSA(evp)));
}
EVP_PKEY_free(evp);
@@ -2275,7 +2360,7 @@
LOG_err << "Invalid public key. Possible MITM attack!!";
request->sslcheckfailed = true;
request->sslfakeissuer.resize(256);
- int len = X509_NAME_get_text_by_NID (X509_get_issuer_name (ctx->cert),
+ int len = X509_NAME_get_text_by_NID (X509_get_issuer_name (X509_STORE_CTX_get0_cert(ctx)),
NID_commonName,
(char *)request->sslfakeissuer.data(),
request->sslfakeissuer.size());
|