PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-30 11:29:01 +00:00
Code Issues Projects Releases Wiki Activity

Add compatibility with LibreSSL. Closes #543

Browse Source
This commit is contained in:
dmiller
2016-09-09 14:08:48 +00:00
parent f607178541
commit 182bcf8c1c
5 changed files with 193 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
# Nmap Changelog ($Id$); -*-text-*-
o [GH#543] Restored compatibility with LibreSSL, which was lost in adding
library version checks for OpenSSL 1.1. [Wonko7]
o [Zenmap] Fixed a bug in the Compare Scans window of Zenmap on OS X resulting
in this message instead of Ndiff output:
ImportError: dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so, 2): no suitable image found. Did find:

2
ncat/ncat_ssl.c
View File

@@ -315,7 +315,7 @@ static int cert_match_dnsname(X509 *cert, const char *hostname,
/* We must copy this address into a temporary variable because ASN1_item_d2i
increments it. We don't want it to corrupt ext->value->data. */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if HAVE_OPAQUE_STRUCTS
data = ext->value->data;
#else
ASN1_OCTET_STRING* asn1_str = X509_EXTENSION_get_data(ext);

125
nping/Crypto.cc
View File

@@ -130,8 +130,13 @@
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER
#define HAVE_OPAQUE_EVP_PKEY 1
#endif
#endif /* HAVE_OPENSSL */
extern NpingOps o;
Crypto::Crypto(){
@@ -178,23 +183,7 @@ int Crypto::aes128_cbc_encrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key,
#ifdef HAVE_OPENSSL
if( o.doCrypto() ){
int flen=0, flen2=0;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_CIPHER_CTX_set_padding(&ctx, 0);
int result=OP_SUCCESS;
if( EVP_EncryptInit(&ctx, EVP_aes_128_cbc(), key, iv)==0 ){
nping_print(DBG_4, "EVP_EncryptInit() failed");
result=OP_FAILURE;
}else if( EVP_EncryptUpdate(&ctx, dst_buff, &flen, inbuff, (int)inlen)==0 ){
nping_print(DBG_4, "EVP_EncryptUpdate() failed");
result=OP_FAILURE;
}else if( EVP_EncryptFinal(&ctx, dst_buff+flen, &flen2)==0 ){
nping_print(DBG_4, "EVP_EncryptFinal() failed");
result=OP_FAILURE;
}
EVP_CIPHER_CTX_cleanup(&ctx);
#else
#if HAVE_OPAQUE_EVP_PKEY
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_reset(ctx);
EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -210,6 +199,22 @@ int Crypto::aes128_cbc_encrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key,
result=OP_FAILURE;
}
EVP_CIPHER_CTX_cleanup(ctx);
#else
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_CIPHER_CTX_set_padding(&ctx, 0);
int result=OP_SUCCESS;
if( EVP_EncryptInit(&ctx, EVP_aes_128_cbc(), key, iv)==0 ){
nping_print(DBG_4, "EVP_EncryptInit() failed");
result=OP_FAILURE;
}else if( EVP_EncryptUpdate(&ctx, dst_buff, &flen, inbuff, (int)inlen)==0 ){
nping_print(DBG_4, "EVP_EncryptUpdate() failed");
result=OP_FAILURE;
}else if( EVP_EncryptFinal(&ctx, dst_buff+flen, &flen2)==0 ){
nping_print(DBG_4, "EVP_EncryptFinal() failed");
result=OP_FAILURE;
}
EVP_CIPHER_CTX_cleanup(&ctx);
#endif
return result;
}
@@ -231,21 +236,7 @@ int Crypto::aes128_cbc_decrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key,
#ifdef HAVE_OPENSSL
if( o.doCrypto() ){
int flen1=0, flen2=0;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_CIPHER_CTX_set_padding(&ctx, 0);
int result=OP_SUCCESS;
if( EVP_DecryptInit(&ctx, EVP_aes_128_cbc(), key, iv)==0 ){
nping_print(DBG_4, "EVP_DecryptInit() failed");
result=OP_FAILURE;
}else if( EVP_DecryptUpdate(&ctx, dst_buff, &flen1, inbuff, (int)inlen)==0 ){
nping_print(DBG_4, "EVP_DecryptUpdate() failed");
result=OP_FAILURE;
}else if( EVP_DecryptFinal(&ctx, dst_buff+flen1, &flen2)==0 ){
nping_print(DBG_4, "OpenSSL bug: it says EVP_DecryptFinal() failed when it didn't (%s).",
ERR_error_string(ERR_peek_last_error(), NULL));
#else
#if HAVE_OPAQUE_EVP_PKEY
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_reset(ctx);
EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -259,6 +250,20 @@ int Crypto::aes128_cbc_decrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key,
}else if( EVP_DecryptFinal(ctx, dst_buff+flen1, &flen2)==0 ){
nping_print(DBG_4, "OpenSSL bug: it says EVP_DecryptFinal() failed when it didn't (%s).",
ERR_error_string(ERR_peek_last_error(), NULL));
#else
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_CIPHER_CTX_set_padding(&ctx, 0);
int result=OP_SUCCESS;
if( EVP_DecryptInit(&ctx, EVP_aes_128_cbc(), key, iv)==0 ){
nping_print(DBG_4, "EVP_DecryptInit() failed");
result=OP_FAILURE;
}else if( EVP_DecryptUpdate(&ctx, dst_buff, &flen1, inbuff, (int)inlen)==0 ){
nping_print(DBG_4, "EVP_DecryptUpdate() failed");
result=OP_FAILURE;
}else if( EVP_DecryptFinal(&ctx, dst_buff+flen1, &flen2)==0 ){
nping_print(DBG_4, "OpenSSL bug: it says EVP_DecryptFinal() failed when it didn't (%s).",
ERR_error_string(ERR_peek_last_error(), NULL));
#endif
/* We do not return OP_FAILURE in this case because the
* EVP_DecryptFinal() function seems to be buggy and fails when it shouldn't.
@@ -286,10 +291,10 @@ int Crypto::aes128_cbc_decrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key,
//ERR_free_strings();
//ERR_pop_to_mark();
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX_cleanup(&ctx);
#else
#if HAVE_OPAQUE_EVP_PKEY
EVP_CIPHER_CTX_reset(ctx);
#else
EVP_CIPHER_CTX_cleanup(&ctx);
#endif
return result;
}
@@ -327,31 +332,7 @@ u8 *Crypto::deriveKey(const u8 *from, size_t fromlen, size_t *final_len){
static u8 hash[MAX(SHA256_HASH_LEN, EVP_MAX_MD_SIZE)];
static u8 next[MAX(SHA256_HASH_LEN, EVP_MAX_MD_SIZE)];
unsigned int lastlen;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
if( EVP_MD_size(EVP_sha256()) != SHA256_HASH_LEN )
nping_fatal(QT_2, "OpenSSL is broken. SHA256 len is %d\n", EVP_MD_size(EVP_sha256()) );
/* Compute the SHA256 hash of the supplied buffer */
EVP_DigestInit(&ctx, EVP_sha256());
EVP_DigestUpdate(&ctx, from, fromlen);
EVP_DigestFinal(&ctx, hash, &lastlen);
/* Now compute the 1000th hash of that hash */
for(int i=0; i<TIMES_KEY_DERIVATION; i++){
EVP_MD_CTX_init(&ctx);
EVP_DigestInit(&ctx, EVP_sha256());
EVP_DigestUpdate(&ctx, hash, SHA256_HASH_LEN);
EVP_DigestFinal(&ctx, next, &lastlen);
memcpy(hash, next, SHA256_HASH_LEN);
}
if(final_len!=NULL)
*final_len=SHA256_HASH_LEN;
EVP_MD_CTX_cleanup(&ctx);
#else
#if HAVE_OPAQUE_EVP_PKEY
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
EVP_MD_CTX_init(ctx);
@@ -375,6 +356,30 @@ u8 *Crypto::deriveKey(const u8 *from, size_t fromlen, size_t *final_len){
*final_len=SHA256_HASH_LEN;
EVP_MD_CTX_free(ctx);
#else
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
if( EVP_MD_size(EVP_sha256()) != SHA256_HASH_LEN )
nping_fatal(QT_2, "OpenSSL is broken. SHA256 len is %d\n", EVP_MD_size(EVP_sha256()) );
/* Compute the SHA256 hash of the supplied buffer */
EVP_DigestInit(&ctx, EVP_sha256());
EVP_DigestUpdate(&ctx, from, fromlen);
EVP_DigestFinal(&ctx, hash, &lastlen);
/* Now compute the 1000th hash of that hash */
for(int i=0; i<TIMES_KEY_DERIVATION; i++){
EVP_MD_CTX_init(&ctx);
EVP_DigestInit(&ctx, EVP_sha256());
EVP_DigestUpdate(&ctx, hash, SHA256_HASH_LEN);
EVP_DigestFinal(&ctx, next, &lastlen);
memcpy(hash, next, SHA256_HASH_LEN);
}
if(final_len!=NULL)
*final_len=SHA256_HASH_LEN;
EVP_MD_CTX_cleanup(&ctx);
#endif
return hash;
}

212
nse_openssl.cc
View File

@@ -19,6 +19,10 @@
#include <openssl/ripemd.h>
#include <openssl/sha.h>
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER
#define HAVE_OPAQUE_STRUCTS 1
#endif
extern "C" {
#include "lua.h"
#include "lauxlib.h"
@@ -281,17 +285,32 @@ static int l_digest(lua_State *L) /** digest(string algorithm, string messag
const unsigned char *msg = (unsigned char *) luaL_checklstring( L, 2, &msg_len );
unsigned char digest[EVP_MAX_MD_SIZE];
const EVP_MD * evp_md;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_MD_CTX mdctx;
#else
#if HAVE_OPAQUE_STRUCTS
EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
#else
EVP_MD_CTX mdctx;
#endif
evp_md = EVP_get_digestbyname( algorithm );
if (!evp_md) return luaL_error( L, "Unknown digest algorithm: %s", algorithm );
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if HAVE_OPAQUE_STRUCTS
EVP_MD_CTX_reset(mdctx);
if (!(
EVP_DigestInit_ex( mdctx, evp_md, NULL ) &&
EVP_DigestUpdate( mdctx, msg, msg_len ) &&
EVP_DigestFinal_ex( mdctx, digest, &digest_len ))) {
/* EVP_MD_CTX_cleanup deprecated in OpenSSL 1.1 _ EVP_MD_CTX_reset()
should be called instead to reinitialise an already created structure. */
EVP_MD_CTX_reset( mdctx );
unsigned long e = ERR_get_error();
return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
ERR_func_error_string(e), ERR_reason_error_string(e));
}
/* EVP_MD_CTX_cleanup deprecated in OpenSSL 1.1 */
EVP_MD_CTX_reset( mdctx );
#else
EVP_MD_CTX_init(&mdctx);
if (!(
EVP_DigestInit_ex( &mdctx, evp_md, NULL ) &&
@@ -303,21 +322,6 @@ static int l_digest(lua_State *L) /** digest(string algorithm, string messag
ERR_func_error_string(e), ERR_reason_error_string(e));
}
EVP_MD_CTX_cleanup( &mdctx );
#else
EVP_MD_CTX_reset(mdctx);
if (!(
EVP_DigestInit_ex( mdctx, evp_md, NULL ) &&
EVP_DigestUpdate( mdctx, msg, msg_len ) &&
EVP_DigestFinal_ex( mdctx, digest, &digest_len ))) {
/* EVP_MD_CTX_cleanup deprecated in OpenSSL 1.1 _ EVP_MD_CTX_reset()
should be called instead to reinitialise an already created structure. */
EVP_MD_CTX_reset( mdctx );
unsigned long e = ERR_get_error();
return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
ERR_func_error_string(e), ERR_reason_error_string(e));
}
/* EVP_MD_CTX_cleanup deprecated in OpenSSL 1.1 */
EVP_MD_CTX_reset( mdctx );
#endif
lua_pushlstring( L, (char *) digest, digest_len );
@@ -394,7 +398,51 @@ static int l_encrypt(lua_State *L) /** encrypt( string algorithm, string key, st
if (iv[0] == '\0')
iv = NULL;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if HAVE_OPAQUE_STRUCTS
EVP_CIPHER_CTX *cipher_ctx = EVP_CIPHER_CTX_new();
/* EVP_CIPHER_CTX_init remains as an alias for EVP_CIPHER_CTX_reset()
in OpenSSL 1.1.0. As this symbol was missing in the static library,
I replaced it with EVP_CIPHER_CTX_reset */
EVP_CIPHER_CTX_reset( cipher_ctx );
/* First create the cipher context, then set the key length and padding, and
check the iv length. Below we set the key and iv. */
if (!(
EVP_EncryptInit_ex( cipher_ctx, evp_cipher, NULL, NULL, NULL ) &&
EVP_CIPHER_CTX_set_key_length( cipher_ctx, key_len ) &&
EVP_CIPHER_CTX_set_padding( cipher_ctx, padding ))) {
unsigned long e = ERR_get_error();
return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
ERR_func_error_string(e), ERR_reason_error_string(e));
}
if (iv != NULL && (int) iv_len != EVP_CIPHER_CTX_iv_length( cipher_ctx )) {
return luaL_error( L, "Length of iv is %d; should be %d",
(int) iv_len, EVP_CIPHER_CTX_iv_length( cipher_ctx ));
}
int out_len, final_len;
unsigned char * out = (unsigned char *) malloc( data_len + EVP_MAX_BLOCK_LENGTH );
if (!out) return luaL_error( L, "Couldn't allocate memory.");
if (!(
EVP_EncryptInit_ex( cipher_ctx, NULL, NULL, key, iv ) &&
EVP_EncryptUpdate( cipher_ctx, out, &out_len, data, data_len ) &&
EVP_EncryptFinal_ex( cipher_ctx, out + out_len, &final_len ) )) {
/* EVP_CIPHER_CTX_cleanup is now deprecated in OpenSSL 1.1 _ replaced by
EVP_CIPHER_CTX_reset (same args & return value) */
EVP_CIPHER_CTX_reset( cipher_ctx );
free( out );
unsigned long e = ERR_get_error();
return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
ERR_func_error_string(e), ERR_reason_error_string(e));
}
lua_pushlstring( L, (char *) out, out_len + final_len );
/* EVP_CIPHER_CTX_cleanup deprecated in OpenSSL 1.1 */
EVP_CIPHER_CTX_reset( cipher_ctx );
#else
EVP_CIPHER_CTX cipher_ctx;
EVP_CIPHER_CTX_init( &cipher_ctx );
@@ -432,50 +480,6 @@ static int l_encrypt(lua_State *L) /** encrypt( string algorithm, string key, st
lua_pushlstring( L, (char *) out, out_len + final_len );
EVP_CIPHER_CTX_cleanup( &cipher_ctx );
#else
EVP_CIPHER_CTX *cipher_ctx = EVP_CIPHER_CTX_new();
/* EVP_CIPHER_CTX_init remains as an alias for EVP_CIPHER_CTX_reset()
in OpenSSL 1.1.0. As this symbol was missing in the static library,
I replaced it with EVP_CIPHER_CTX_reset */
EVP_CIPHER_CTX_reset( cipher_ctx );
/* First create the cipher context, then set the key length and padding, and
check the iv length. Below we set the key and iv. */
if (!(
EVP_EncryptInit_ex( cipher_ctx, evp_cipher, NULL, NULL, NULL ) &&
EVP_CIPHER_CTX_set_key_length( cipher_ctx, key_len ) &&
EVP_CIPHER_CTX_set_padding( cipher_ctx, padding ))) {
unsigned long e = ERR_get_error();
return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
ERR_func_error_string(e), ERR_reason_error_string(e));
}
if (iv != NULL && (int) iv_len != EVP_CIPHER_CTX_iv_length( cipher_ctx )) {
return luaL_error( L, "Length of iv is %d; should be %d",
(int) iv_len, EVP_CIPHER_CTX_iv_length( cipher_ctx ));
}
int out_len, final_len;
unsigned char * out = (unsigned char *) malloc( data_len + EVP_MAX_BLOCK_LENGTH );
if (!out) return luaL_error( L, "Couldn't allocate memory.");
if (!(
EVP_EncryptInit_ex( cipher_ctx, NULL, NULL, key, iv ) &&
EVP_EncryptUpdate( cipher_ctx, out, &out_len, data, data_len ) &&
EVP_EncryptFinal_ex( cipher_ctx, out + out_len, &final_len ) )) {
/* EVP_CIPHER_CTX_cleanup is now deprecated in OpenSSL 1.1 _ replaced by
EVP_CIPHER_CTX_reset (same args & return value) */
EVP_CIPHER_CTX_reset( cipher_ctx );
free( out );
unsigned long e = ERR_get_error();
return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
ERR_func_error_string(e), ERR_reason_error_string(e));
}
lua_pushlstring( L, (char *) out, out_len + final_len );
/* EVP_CIPHER_CTX_cleanup deprecated in OpenSSL 1.1 */
EVP_CIPHER_CTX_reset( cipher_ctx );
#endif
free( out );
@@ -496,45 +500,9 @@ static int l_decrypt(lua_State *L) /** decrypt( string algorithm, string key, st
if (iv[0] == '\0')
iv = NULL;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX cipher_ctx;
EVP_CIPHER_CTX_init( &cipher_ctx );
if (!(
EVP_DecryptInit_ex( &cipher_ctx, evp_cipher, NULL, NULL, NULL ) &&
EVP_CIPHER_CTX_set_key_length( &cipher_ctx, key_len ) &&
EVP_CIPHER_CTX_set_padding( &cipher_ctx, padding ))) {
unsigned long e = ERR_get_error();
return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
ERR_func_error_string(e), ERR_reason_error_string(e));
}
if (iv != NULL && (int) iv_len != EVP_CIPHER_CTX_iv_length( &cipher_ctx )) {
return luaL_error( L, "Length of iv is %d; should be %d",
(int) iv_len, EVP_CIPHER_CTX_iv_length( &cipher_ctx ));
}
int out_len, final_len;
unsigned char * out = (unsigned char *) malloc( data_len );
if (!out) return luaL_error( L, "Couldn't allocate memory.");
if (!(
EVP_DecryptInit_ex( &cipher_ctx, NULL, NULL, key, iv ) &&
EVP_DecryptUpdate( &cipher_ctx, out, &out_len, data, data_len ) &&
EVP_DecryptFinal_ex( &cipher_ctx, out + out_len, &final_len ) )) {
EVP_CIPHER_CTX_cleanup( &cipher_ctx );
free( out );
unsigned long e = ERR_get_error();
return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
ERR_func_error_string(e), ERR_reason_error_string(e));
}
lua_pushlstring( L, (char *) out, out_len + final_len );
EVP_CIPHER_CTX_cleanup( &cipher_ctx );
#else
#if HAVE_OPAQUE_STRUCTS
EVP_CIPHER_CTX *cipher_ctx = EVP_CIPHER_CTX_new();
/* EVP_CIPHER_CTX_init remains as an alias for EVP_CIPHER_CTX_reset()
/* EVP_CIPHER_CTX_init remains as an alias for EVP_CIPHER_CTX_reset()
in OpenSSL 1.1.0. As this symbol was missing in the static library,
I replaced it with EVP_CIPHER_CTX_reset */
EVP_CIPHER_CTX_reset( cipher_ctx );
@@ -573,6 +541,42 @@ static int l_decrypt(lua_State *L) /** decrypt( string algorithm, string key, st
/* EVP_CIPHER_CTX_cleanup deprecated in OpenSSL 1.1 */
EVP_CIPHER_CTX_reset( cipher_ctx );
#else
EVP_CIPHER_CTX cipher_ctx;
EVP_CIPHER_CTX_init( &cipher_ctx );
if (!(
EVP_DecryptInit_ex( &cipher_ctx, evp_cipher, NULL, NULL, NULL ) &&
EVP_CIPHER_CTX_set_key_length( &cipher_ctx, key_len ) &&
EVP_CIPHER_CTX_set_padding( &cipher_ctx, padding ))) {
unsigned long e = ERR_get_error();
return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
ERR_func_error_string(e), ERR_reason_error_string(e));
}
if (iv != NULL && (int) iv_len != EVP_CIPHER_CTX_iv_length( &cipher_ctx )) {
return luaL_error( L, "Length of iv is %d; should be %d",
(int) iv_len, EVP_CIPHER_CTX_iv_length( &cipher_ctx ));
}
int out_len, final_len;
unsigned char * out = (unsigned char *) malloc( data_len );
if (!out) return luaL_error( L, "Couldn't allocate memory.");
if (!(
EVP_DecryptInit_ex( &cipher_ctx, NULL, NULL, key, iv ) &&
EVP_DecryptUpdate( &cipher_ctx, out, &out_len, data, data_len ) &&
EVP_DecryptFinal_ex( &cipher_ctx, out + out_len, &final_len ) )) {
EVP_CIPHER_CTX_cleanup( &cipher_ctx );
free( out );
unsigned long e = ERR_get_error();
return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
ERR_func_error_string(e), ERR_reason_error_string(e));
}
lua_pushlstring( L, (char *) out, out_len + final_len );
EVP_CIPHER_CTX_cleanup( &cipher_ctx );
#endif
free( out );
@@ -687,9 +691,9 @@ LUALIB_API int luaopen_openssl(lua_State *L) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_load_crypto_strings();
#else
/* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
/* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
or de-initialisation is necessary */
// ERR_load_crypto_strings();
// ERR_load_crypto_strings();
#endif
luaL_newlib(L, openssllib);

29
nse_ssl_cert.cc
View File

@@ -137,6 +137,13 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER
/* Technically some of these things were added in 0x10100006
* but that was pre-release. */
#define HAVE_OPAQUE_STRUCTS 1
#endif
extern "C"
{
#include "lua.h"
@@ -529,10 +536,10 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
lua_setfield(L, -2, "subject");
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
const char *sig_algo = OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm));
#else
#if HAVE_OPAQUE_STRUCTS
const char *sig_algo = OBJ_nid2ln(X509_get_signature_nid(cert));
#else
const char *sig_algo = OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm));
#endif
lua_pushstring(L, sig_algo);
lua_setfield(L, -2, "sig_algorithm");
@@ -556,10 +563,10 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
return 2;
}
lua_newtable(L);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
pkey_type = EVP_PKEY_type(pubkey->type);
#else
#if HAVE_OPAQUE_STRUCTS
pkey_type = EVP_PKEY_base_id(pubkey);
#else
pkey_type = EVP_PKEY_type(pubkey->type);
#endif
#ifdef HAVE_OPENSSL_EC
if (pkey_type == EVP_PKEY_EC) {
@@ -573,16 +580,12 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t));
luaL_getmetatable( L, "BIGNUM" );
lua_setmetatable( L, -2 );
#if OPENSSL_VERSION_NUMBER < 0x10100000L
data->bn = rsa->e;
#elif OPENSSL_VERSION_NUMBER < 0x10100006L
BIGNUM *n, *e, *d;
RSA_get0_key(rsa, &n, &e, &d);
data->bn = e;
#else
#if HAVE_OPAQUE_STRUCTS
const BIGNUM *n, *e, *d;
RSA_get0_key(rsa, &n, &e, &d);
data->bn = (BIGNUM*) e;
#else
data->bn = rsa->e;
#endif
lua_setfield(L, -2, "exponent");
}