1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
|
Description: Fix the DH parameters generation with OpenSSL 1.1.
The DH structure is now opaque, so the parameters must be stored there
through an accessor function.
Origin: upstream; https://github.com/rakshasa/libtorrent/commit/4607bbf78040789dee29266878ce109136b984ef
Bug-Debian: https://bugs.debian.org/828414
Author: rakshasa <sundell.software@gmail.com>
Last-Update: 2016-12-22
--- a/src/utils/diffie_hellman.cc
+++ b/src/utils/diffie_hellman.cc
@@ -53,11 +53,23 @@
m_secret(NULL), m_size(0) {
#ifdef USE_OPENSSL
+
m_dh = DH_new();
+
+#ifdef USE_OPENSSL_1_1
+ BIGNUM * const dh_p = BN_bin2bn(prime, primeLength, NULL);
+ BIGNUM * const dh_g = BN_bin2bn(generator, generatorLength, NULL);
+
+ if (dh_p == NULL || dh_g == NULL ||
+ !DH_set0_pqg(m_dh, dh_p, NULL, dh_g))
+ throw internal_error("Could not generate Diffie-Hellman parameters");
+#else
m_dh->p = BN_bin2bn(prime, primeLength, NULL);
m_dh->g = BN_bin2bn(generator, generatorLength, NULL);
+#endif
DH_generate_key(m_dh);
+
#else
throw internal_error("Compiled without encryption support.");
#endif
@@ -73,7 +85,19 @@
bool
DiffieHellman::is_valid() const {
#ifdef USE_OPENSSL
+ if (m_dh == NULL)
+ return false;
+
+#ifdef USE_OPENSSL_1_1
+ const BIGNUM *pub_key;
+
+ DH_get0_key(m_dh, &pub_key, NULL);
+
+ return pub_key != NULL;
+#else
return m_dh != NULL && m_dh->pub_key != NULL;
+#endif
+
#else
return false;
#endif
@@ -102,8 +126,16 @@
#ifdef USE_OPENSSL
std::memset(dest, 0, length);
- if ((int)length >= BN_num_bytes(m_dh->pub_key))
- BN_bn2bin(m_dh->pub_key, dest + length - BN_num_bytes(m_dh->pub_key));
+ const BIGNUM *pub_key;
+
+#ifdef USE_OPENSSL_1_1
+ DH_get0_key(m_dh, &pub_key, NULL);
+#else
+ pub_key = m_dh->pub_key;
+#endif
+
+ if ((int)length >= BN_num_bytes(pub_key))
+ BN_bn2bin(pub_key, dest + length - BN_num_bytes(pub_key));
#endif
}
--- a/configure.ac
+++ b/configure.ac
@@ -66,12 +66,15 @@
[ --disable-openssl Don't use OpenSSL's SHA1 implementation.],
[
if test "$enableval" = "yes"; then
+dnl move to scripts.
PKG_CHECK_MODULES(OPENSSL, libcrypto,
CXXFLAGS="$CXXFLAGS $OPENSSL_CFLAGS";
LIBS="$LIBS $OPENSSL_LIBS")
AC_DEFINE(USE_OPENSSL, 1, Using OpenSSL.)
AC_DEFINE(USE_OPENSSL_SHA, 1, Using OpenSSL's SHA1 implementation.)
+ AC_CHECK_LIB([crypto], [DH_set0_pqg], [AC_DEFINE(USE_OPENSSL_1_1, 1, Using OpenSSL 1.1.)])
+
else
AC_DEFINE(USE_NSS_SHA, 1, Using Mozilla's SHA1 implementation.)
fi
@@ -82,6 +85,7 @@
AC_DEFINE(USE_OPENSSL, 1, Using OpenSSL.)
AC_DEFINE(USE_OPENSSL_SHA, 1, Using OpenSSL's SHA1 implementation.)
+ AC_CHECK_LIB([crypto], [DH_set0_pqg], [AC_DEFINE(USE_OPENSSL_1_1, 1, Using OpenSSL 1.1.)])
]
)
|