1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
Description: Fix the DH parameters generation with OpenSSL 1.1.
The DH structure is now opaque, so the parameters must be stored there
through an accessor function.
Origin: upstream; https://github.com/rakshasa/libtorrent/commit/4607bbf78040789dee29266878ce109136b984ef
Bug-Debian: https://bugs.debian.org/828414
Author: rakshasa <sundell.software@gmail.com>
Last-Update: 2016-12-22
--- a/src/utils/diffie_hellman.cc
+++ b/src/utils/diffie_hellman.cc
@@ -53,11 +53,23 @@
m_secret(NULL), m_size(0) {
#ifdef USE_OPENSSL
+
m_dh = DH_new();
+
+#ifdef USE_OPENSSL_1_1
+ BIGNUM * const dh_p = BN_bin2bn(prime, primeLength, NULL);
+ BIGNUM * const dh_g = BN_bin2bn(generator, generatorLength, NULL);
+
+ if (dh_p == NULL || dh_g == NULL ||
+ !DH_set0_pqg(m_dh, dh_p, NULL, dh_g))
+ throw internal_error("Could not generate Diffie-Hellman parameters");
+#else
m_dh->p = BN_bin2bn(prime, primeLength, NULL);
m_dh->g = BN_bin2bn(generator, generatorLength, NULL);
+#endif
DH_generate_key(m_dh);
+
#else
throw internal_error("Compiled without encryption support.");
#endif
@@ -73,7 +85,19 @@
bool
DiffieHellman::is_valid() const {
#ifdef USE_OPENSSL
+ if (m_dh == NULL)
+ return false;
+
+#ifdef USE_OPENSSL_1_1
+ const BIGNUM *pub_key;
+
+ DH_get0_key(m_dh, &pub_key, NULL);
+
+ return pub_key != NULL;
+#else
return m_dh != NULL && m_dh->pub_key != NULL;
+#endif
+
#else
return false;
#endif
@@ -102,8 +126,16 @@
#ifdef USE_OPENSSL
std::memset(dest, 0, length);
- if ((int)length >= BN_num_bytes(m_dh->pub_key))
- BN_bn2bin(m_dh->pub_key, dest + length - BN_num_bytes(m_dh->pub_key));
+ const BIGNUM *pub_key;
+
+#ifdef USE_OPENSSL_1_1
+ DH_get0_key(m_dh, &pub_key, NULL);
+#else
+ pub_key = m_dh->pub_key;
+#endif
+
+ if ((int)length >= BN_num_bytes(pub_key))
+ BN_bn2bin(pub_key, dest + length - BN_num_bytes(pub_key));
#endif
}
--- a/configure.ac
+++ b/configure.ac
@@ -66,12 +66,15 @@
[ --disable-openssl Don't use OpenSSL's SHA1 implementation.],
[
if test "$enableval" = "yes"; then
+dnl move to scripts.
PKG_CHECK_MODULES(OPENSSL, libcrypto,
CXXFLAGS="$CXXFLAGS $OPENSSL_CFLAGS";
LIBS="$LIBS $OPENSSL_LIBS")
AC_DEFINE(USE_OPENSSL, 1, Using OpenSSL.)
AC_DEFINE(USE_OPENSSL_SHA, 1, Using OpenSSL's SHA1 implementation.)
+ AC_CHECK_LIB([crypto], [DH_set0_pqg], [AC_DEFINE(USE_OPENSSL_1_1, 1, Using OpenSSL 1.1.)])
+
else
AC_DEFINE(USE_NSS_SHA, 1, Using Mozilla's SHA1 implementation.)
fi
@@ -82,6 +85,7 @@
AC_DEFINE(USE_OPENSSL, 1, Using OpenSSL.)
AC_DEFINE(USE_OPENSSL_SHA, 1, Using OpenSSL's SHA1 implementation.)
+ AC_CHECK_LIB([crypto], [DH_set0_pqg], [AC_DEFINE(USE_OPENSSL_1_1, 1, Using OpenSSL 1.1.)])
]
)
|
