[arch-commits] Commit in boinc/trunk (PKGBUILD boinc-openssl-1.1.patch)
Antonio Rojas
arojas at archlinux.org
Fri Mar 3 20:26:03 UTC 2017
Date: Friday, March 3, 2017 @ 20:26:02
Author: arojas
Revision: 214690
openssl 1.1 rebuild
Added:
boinc/trunk/boinc-openssl-1.1.patch
Modified:
boinc/trunk/PKGBUILD
-------------------------+
PKGBUILD | 10
boinc-openssl-1.1.patch | 737 ++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 744 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-03-03 20:23:55 UTC (rev 214689)
+++ PKGBUILD 2017-03-03 20:26:02 UTC (rev 214690)
@@ -7,7 +7,7 @@
pkgname=(boinc boinc-nox)
pkgver=7.6.33
_tag="client_release/7.6/$pkgver"
-pkgrel=1
+pkgrel=2
arch=('i686' 'x86_64')
url="http://boinc.berkeley.edu/"
license=('LGPL')
@@ -20,17 +20,21 @@
boinc.desktop
boinc.service
boinc.sysusers
- boinc-AM_CONDITIONAL.patch)
+ boinc-AM_CONDITIONAL.patch
+ boinc-openssl-1.1.patch)
md5sums=('SKIP'
'4d00e1aa4090a3f51feb20f5a541b9ee'
'db62de2f08117e6379a3c613b58fa7ff'
'3d5cbab785cc8b004661b17c65883fd5'
'240f952d38c5814cc3d8cd1668fe2154'
- 'e27047518dec54d4db38816487a28661')
+ 'e27047518dec54d4db38816487a28661'
+ '2148b1eb9ea12fb8927198072e616417')
prepare() {
cd $pkgbase
patch -Np1 -i "$srcdir"/boinc-AM_CONDITIONAL.patch
+ # Fix build with openssl 1.1
+ patch -p1 -i ../boinc-openssl-1.1.patch
./_autosetup
Added: boinc-openssl-1.1.patch
===================================================================
--- boinc-openssl-1.1.patch (rev 0)
+++ boinc-openssl-1.1.patch 2017-03-03 20:26:02 UTC (rev 214690)
@@ -0,0 +1,737 @@
+From e965ea2e32d467e6937f206c96270cabd381df6e Mon Sep 17 00:00:00 2001
+From: Christian Beer <christian.beer at aei.mpg.de>
+Date: Mon, 27 Jun 2016 18:26:27 +0200
+Subject: [PATCH 1/5] Lib: build against openSSL 1.1.0
+
+The upcoming OpenSSL version introduces some API changes (https://wiki.openssl.org/index.php/1.1_API_Changes). In BOINC mainly code related to RSA keys is affected for now.
+
+Contributed by: Gianfranco Costamagna
+---
+ lib/crypt.cpp | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ lib/crypt.h | 5 +++
+ lib/crypt_prog.cpp | 12 ++++++
+ 3 files changed, 131 insertions(+), 1 deletion(-)
+
+diff --git a/lib/crypt.cpp b/lib/crypt.cpp
+index 192bbc2..cd6f04a 100644
+--- a/lib/crypt.cpp
++++ b/lib/crypt.cpp
+@@ -453,7 +453,7 @@ int read_key_file(const char* keyfile, R_RSA_PRIVATE_KEY& key) {
+ return 0;
+ }
+
+-static void bn_to_bin(BIGNUM* bn, unsigned char* bin, int n) {
++static void bn_to_bin(const BIGNUM* bn, unsigned char* bin, int n) {
+ memset(bin, 0, n);
+ int m = BN_num_bytes(bn);
+ BN_bn2bin(bn, bin+n-m);
+@@ -463,11 +463,38 @@ void openssl_to_keys(
+ RSA* rp, int nbits, R_RSA_PRIVATE_KEY& priv, R_RSA_PUBLIC_KEY& pub
+ ) {
+ pub.bits = nbits;
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *n;
++ BIGNUM *e;
++ BIGNUM *d;
++ BIGNUM *p;
++ BIGNUM *q;
++ BIGNUM *dmp1;
++ BIGNUM *dmq1;
++ BIGNUM *iqmp;
++ RSA_get0_key(rp, &n, &e, &d);
++ RSA_get0_factors(rp, &p, &q);
++ RSA_get0_crt_params(rp, &dmp1, &dmq1, &iqmp);
++
++ bn_to_bin(n, pub.modulus, sizeof(pub.modulus));
++ bn_to_bin(e, pub.exponent, sizeof(pub.exponent));
++#else
+ bn_to_bin(rp->n, pub.modulus, sizeof(pub.modulus));
+ bn_to_bin(rp->e, pub.exponent, sizeof(pub.exponent));
++#endif
+
+ memset(&priv, 0, sizeof(priv));
+ priv.bits = nbits;
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ bn_to_bin(n, priv.modulus, sizeof(priv.modulus));
++ bn_to_bin(e, priv.publicExponent, sizeof(priv.publicExponent));
++ bn_to_bin(d, priv.exponent, sizeof(priv.exponent));
++ bn_to_bin(p, priv.prime[0], sizeof(priv.prime[0]));
++ bn_to_bin(q, priv.prime[1], sizeof(priv.prime[1]));
++ bn_to_bin(dmp1, priv.primeExponent[0], sizeof(priv.primeExponent[0]));
++ bn_to_bin(dmq1, priv.primeExponent[1], sizeof(priv.primeExponent[1]));
++ bn_to_bin(iqmp, priv.coefficient, sizeof(priv.coefficient));
++#else
+ bn_to_bin(rp->n, priv.modulus, sizeof(priv.modulus));
+ bn_to_bin(rp->e, priv.publicExponent, sizeof(priv.publicExponent));
+ bn_to_bin(rp->d, priv.exponent, sizeof(priv.exponent));
+@@ -476,9 +503,32 @@ void openssl_to_keys(
+ bn_to_bin(rp->dmp1, priv.primeExponent[0], sizeof(priv.primeExponent[0]));
+ bn_to_bin(rp->dmq1, priv.primeExponent[1], sizeof(priv.primeExponent[1]));
+ bn_to_bin(rp->iqmp, priv.coefficient, sizeof(priv.coefficient));
++#endif
+ }
+
+ void private_to_openssl(R_RSA_PRIVATE_KEY& priv, RSA* rp) {
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *n;
++ BIGNUM *e;
++ BIGNUM *d;
++ BIGNUM *p;
++ BIGNUM *q;
++ BIGNUM *dmp1;
++ BIGNUM *dmq1;
++ BIGNUM *iqmp;
++
++ n = BN_bin2bn(priv.modulus, sizeof(priv.modulus), 0);
++ e = BN_bin2bn(priv.publicExponent, sizeof(priv.publicExponent), 0);
++ d = BN_bin2bn(priv.exponent, sizeof(priv.exponent), 0);
++ p = BN_bin2bn(priv.prime[0], sizeof(priv.prime[0]), 0);
++ q = BN_bin2bn(priv.prime[1], sizeof(priv.prime[1]), 0);
++ dmp1 = BN_bin2bn(priv.primeExponent[0], sizeof(priv.primeExponent[0]), 0);
++ dmq1 = BN_bin2bn(priv.primeExponent[1], sizeof(priv.primeExponent[1]), 0);
++ iqmp = BN_bin2bn(priv.coefficient, sizeof(priv.coefficient), 0);
++ RSA_set0_key(rp, n, e, d);
++ RSA_set0_factors(rp, p, q);
++ RSA_set0_crt_params(rp, dmp1, dmq1, iqmp);
++#else
+ rp->n = BN_bin2bn(priv.modulus, sizeof(priv.modulus), 0);
+ rp->e = BN_bin2bn(priv.publicExponent, sizeof(priv.publicExponent), 0);
+ rp->d = BN_bin2bn(priv.exponent, sizeof(priv.exponent), 0);
+@@ -487,11 +537,22 @@ void private_to_openssl(R_RSA_PRIVATE_KEY& priv, RSA* rp) {
+ rp->dmp1 = BN_bin2bn(priv.primeExponent[0], sizeof(priv.primeExponent[0]), 0);
+ rp->dmq1 = BN_bin2bn(priv.primeExponent[1], sizeof(priv.primeExponent[1]), 0);
+ rp->iqmp = BN_bin2bn(priv.coefficient, sizeof(priv.coefficient), 0);
++#endif
+ }
+
+ void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp) {
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *n;
++ BIGNUM *e;
++ BIGNUM *d;
++ n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0);
++ e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0);
++ // d??? FIXME
++ RSA_set0_key(rp, n, e, d);
++#else
+ rp->n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0);
+ rp->e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0);
++#endif
+ }
+
+ static int _bn2bin(BIGNUM *from, unsigned char *to, int max) {
+@@ -507,6 +568,38 @@ static int _bn2bin(BIGNUM *from, unsigned char *to, int max) {
+ }
+
+ int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *n;
++ BIGNUM *e;
++ BIGNUM *d;
++ BIGNUM *p;
++ BIGNUM *q;
++ BIGNUM *dmp1;
++ BIGNUM *dmq1;
++ BIGNUM *iqmp;
++
++ RSA_get0_key(from, &n, &e, &d);
++ RSA_get0_factors(from, &p, &q);
++ RSA_get0_crt_params(from, &dmp1, &dmq1, &iqmp);
++
++ to->bits = BN_num_bits(n);
++ if (!_bn2bin(n,to->modulus,MAX_RSA_MODULUS_LEN))
++ return(0);
++ if (!_bn2bin(e,to->publicExponent,MAX_RSA_MODULUS_LEN))
++ return(0);
++ if (!_bn2bin(d,to->exponent,MAX_RSA_MODULUS_LEN))
++ return(0);
++ if (!_bn2bin(p,to->prime[0],MAX_RSA_PRIME_LEN))
++ return(0);
++ if (!_bn2bin(q,to->prime[1],MAX_RSA_PRIME_LEN))
++ return(0);
++ if (!_bn2bin(dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN))
++ return(0);
++ if (!_bn2bin(dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN))
++ return(0);
++ if (!_bn2bin(iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
++ return(0);
++#else
+ to->bits = BN_num_bits(from->n);
+ if (!_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN))
+ return(0);
+@@ -524,6 +617,7 @@ int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
+ return(0);
+ if (!_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
+ return(0);
++#endif
+ return 1;
+ }
+
+@@ -569,7 +663,11 @@ int check_validity_of_cert(
+ BIO_vfree(bio);
+ return 0;
+ }
++#ifdef HAVE_OPAQUE_EVP_PKEY
++ if (EVP_PKEY_id(pubKey) == EVP_PKEY_RSA) {
++#else
+ if (pubKey->type == EVP_PKEY_RSA) {
++#endif
+ BN_CTX *c = BN_CTX_new();
+ if (!c) {
+ X509_free(cert);
+@@ -577,18 +675,33 @@ int check_validity_of_cert(
+ BIO_vfree(bio);
+ return 0;
+ }
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA *rsa;
++ rsa = EVP_PKEY_get0_RSA(pubKey);
++ if (!RSA_blinding_on(rsa, c)) {
++#else
+ if (!RSA_blinding_on(pubKey->pkey.rsa, c)) {
++#endif
+ X509_free(cert);
+ EVP_PKEY_free(pubKey);
+ BIO_vfree(bio);
+ BN_CTX_free(c);
+ return 0;
+ }
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, rsa);
++ RSA_blinding_off(rsa);
++#else
+ retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, pubKey->pkey.rsa);
+ RSA_blinding_off(pubKey->pkey.rsa);
++#endif
+ BN_CTX_free(c);
+ }
++#ifdef HAVE_OPAQUE_EVP_PKEY
++ if (EVP_PKEY_id(pubKey) == EVP_PKEY_DSA) {
++#else
+ if (pubKey->type == EVP_PKEY_DSA) {
++#endif
+ fprintf(stderr,
+ "%s: ERROR: DSA keys are not supported.\n",
+ time_to_string(dtime())
+diff --git a/lib/crypt.h b/lib/crypt.h
+index 022bd2a..33c62a8 100644
+--- a/lib/crypt.h
++++ b/lib/crypt.h
+@@ -26,6 +26,11 @@
+
+ #include <openssl/rsa.h>
+
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* OpenSSL 1.1.0+ */
++#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
++#endif
++
+ #define MAX_RSA_MODULUS_BITS 1024
+ #define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8)
+ #define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2)
+diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
+index 2a1eb5d..3bc2d53 100644
+--- a/lib/crypt_prog.cpp
++++ b/lib/crypt_prog.cpp
+@@ -125,7 +125,11 @@ int main(int argc, char** argv) {
+ unsigned char signature_buf[256], buf[256], buf2[256];
+ FILE *f, *fpriv, *fpub;
+ char cbuf[256];
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA *rsa_key;
++#else
+ RSA rsa_key;
++#endif
+ RSA *rsa_key_;
+ BIO *bio_out=NULL;
+ BIO *bio_err=NULL;
+@@ -330,7 +334,11 @@ int main(int argc, char** argv) {
+ retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
+ fclose(fpriv);
+ if (retval) die("scan_key_hex\n");
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ private_to_openssl(private_key, rsa_key);
++#else
+ private_to_openssl(private_key, &rsa_key);
++#endif
+
+ //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
+ // enc, NULL, 0, pass_cb, NULL);
+@@ -340,7 +348,11 @@ int main(int argc, char** argv) {
+ // NULL, NULL, 0, pass_cb, NULL);
+ fpriv = fopen(argv[5], "w+");
+ if (!fpriv) die("fopen");
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ PEM_write_RSAPrivateKey(fpriv, rsa_key, NULL, NULL, 0, 0, NULL);
++#else
+ PEM_write_RSAPrivateKey(fpriv, &rsa_key, NULL, NULL, 0, 0, NULL);
++#endif
+ fclose(fpriv);
+ //if (i == 0) {
+ // ERR_print_errors(bio_err);
+diff --git a/lib/crypt.cpp b/lib/crypt.cpp
+index cd6f04a..30db6d8 100644
+--- a/lib/crypt.cpp
++++ b/lib/crypt.cpp
+@@ -464,14 +464,14 @@ void openssl_to_keys(
+ ) {
+ pub.bits = nbits;
+ #ifdef HAVE_OPAQUE_RSA_DSA_DH
+- BIGNUM *n;
+- BIGNUM *e;
+- BIGNUM *d;
+- BIGNUM *p;
+- BIGNUM *q;
+- BIGNUM *dmp1;
+- BIGNUM *dmq1;
+- BIGNUM *iqmp;
++ const BIGNUM *n;
++ const BIGNUM *e;
++ const BIGNUM *d;
++ const BIGNUM *p;
++ const BIGNUM *q;
++ const BIGNUM *dmp1;
++ const BIGNUM *dmq1;
++ const BIGNUM *iqmp;
+ RSA_get0_key(rp, &n, &e, &d);
+ RSA_get0_factors(rp, &p, &q);
+ RSA_get0_crt_params(rp, &dmp1, &dmq1, &iqmp);
+@@ -544,18 +544,16 @@ void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp) {
+ #ifdef HAVE_OPAQUE_RSA_DSA_DH
+ BIGNUM *n;
+ BIGNUM *e;
+- BIGNUM *d;
+ n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0);
+ e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0);
+- // d??? FIXME
+- RSA_set0_key(rp, n, e, d);
++ RSA_set0_key(rp, n, e, NULL);
+ #else
+ rp->n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0);
+ rp->e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0);
+ #endif
+ }
+
+-static int _bn2bin(BIGNUM *from, unsigned char *to, int max) {
++static int _bn2bin(const BIGNUM *from, unsigned char *to, int max) {
+ int i;
+ i=BN_num_bytes(from);
+ if (i > max) {
+@@ -569,14 +567,14 @@ static int _bn2bin(BIGNUM *from, unsigned char *to, int max) {
+
+ int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
+ #ifdef HAVE_OPAQUE_RSA_DSA_DH
+- BIGNUM *n;
+- BIGNUM *e;
+- BIGNUM *d;
+- BIGNUM *p;
+- BIGNUM *q;
+- BIGNUM *dmp1;
+- BIGNUM *dmq1;
+- BIGNUM *iqmp;
++ const BIGNUM *n;
++ const BIGNUM *e;
++ const BIGNUM *d;
++ const BIGNUM *p;
++ const BIGNUM *q;
++ const BIGNUM *dmp1;
++ const BIGNUM *dmq1;
++ const BIGNUM *iqmp;
+
+ RSA_get0_key(from, &n, &e, &d);
+ RSA_get0_factors(from, &p, &q);
+diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
+index 3bc2d53..88d9f2d 100644
+--- a/lib/crypt_prog.cpp
++++ b/lib/crypt_prog.cpp
+@@ -126,7 +126,7 @@ int main(int argc, char** argv) {
+ FILE *f, *fpriv, *fpub;
+ char cbuf[256];
+ #ifdef HAVE_OPAQUE_RSA_DSA_DH
+- RSA *rsa_key;
++ RSA *rsa_key = RSA_new();
+ #else
+ RSA rsa_key;
+ #endif
+@@ -136,6 +136,7 @@ int main(int argc, char** argv) {
+ char *certpath;
+ bool b2o=false; // boinc key to openssl key ?
+ bool kpriv=false; // private key ?
++ BIGNUM *e;
+
+ if (argc == 1) {
+ usage();
+@@ -150,7 +151,16 @@ int main(int argc, char** argv) {
+ n = atoi(argv[2]);
+
+ srand(random_int());
+- RSA* rp = RSA_generate_key(n, 65537, 0, 0);
++ e = BN_new();
++ retval = BN_set_word(e, (unsigned long)65537);
++ if (retval != 1) {
++ die("BN_set_word");
++ }
++ RSA *rp = RSA_new();
++ retval = RSA_generate_key_ex(rp, n, e, NULL);
++ if (retval != 1) {
++ die("RSA_generate_key_ex");
++ }
+ openssl_to_keys(rp, n, private_key, public_key);
+ fpriv = fopen(argv[3], "w");
+ if (!fpriv) die("fopen");
+diff --git a/lib/crypt.cpp b/lib/crypt.cpp
+index 30db6d8..cb1f49c 100644
+--- a/lib/crypt.cpp
++++ b/lib/crypt.cpp
+@@ -554,15 +554,15 @@ void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp) {
+ }
+
+ static int _bn2bin(const BIGNUM *from, unsigned char *to, int max) {
+- int i;
+- i=BN_num_bytes(from);
+- if (i > max) {
+- return(0);
+- }
+- memset(to,0,(unsigned int)max);
+- if (!BN_bn2bin(from,&(to[max-i])))
+- return(0);
+- return(1);
++ int i;
++ i=BN_num_bytes(from);
++ if (i > max) {
++ return(0);
++ }
++ memset(to,0,(unsigned int)max);
++ if (!BN_bn2bin(from,&(to[max-i])))
++ return(0);
++ return(1);
+ }
+
+ int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
+@@ -598,23 +598,23 @@ int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
+ if (!_bn2bin(iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
+ return(0);
+ #else
+- to->bits = BN_num_bits(from->n);
+- if (!_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN))
+- return(0);
+- if (!_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN))
+- return(0);
+- if (!_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN))
+- return(0);
+- if (!_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN))
+- return(0);
+- if (!_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN))
+- return(0);
+- if (!_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN))
+- return(0);
+- if (!_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN))
+- return(0);
+- if (!_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
+- return(0);
++ to->bits = BN_num_bits(from->n);
++ if (!_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN))
++ return(0);
++ if (!_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN))
++ return(0);
++ if (!_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN))
++ return(0);
++ if (!_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN))
++ return(0);
++ if (!_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN))
++ return(0);
++ if (!_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN))
++ return(0);
++ if (!_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN))
++ return(0);
++ if (!_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
++ return(0);
+ #endif
+ return 1;
+ }
+@@ -634,8 +634,8 @@ int check_validity_of_cert(
+ bio = BIO_new(BIO_s_file());
+ BIO_read_filename(bio, cFile);
+ if (NULL == (cert = PEM_read_bio_X509(bio, NULL, 0, NULL))) {
+- BIO_vfree(bio);
+- return 0;
++ BIO_vfree(bio);
++ return 0;
+ }
+ // verify certificate
+ store = X509_STORE_new();
+@@ -668,32 +668,32 @@ int check_validity_of_cert(
+ #endif
+ BN_CTX *c = BN_CTX_new();
+ if (!c) {
+- X509_free(cert);
+- EVP_PKEY_free(pubKey);
+- BIO_vfree(bio);
+- return 0;
+- }
++ X509_free(cert);
++ EVP_PKEY_free(pubKey);
++ BIO_vfree(bio);
++ return 0;
++ }
+ #ifdef HAVE_OPAQUE_RSA_DSA_DH
+ RSA *rsa;
+ rsa = EVP_PKEY_get0_RSA(pubKey);
+ if (!RSA_blinding_on(rsa, c)) {
+ #else
+- if (!RSA_blinding_on(pubKey->pkey.rsa, c)) {
++ if (!RSA_blinding_on(pubKey->pkey.rsa, c)) {
+ #endif
+- X509_free(cert);
+- EVP_PKEY_free(pubKey);
+- BIO_vfree(bio);
+- BN_CTX_free(c);
+- return 0;
+- }
++ X509_free(cert);
++ EVP_PKEY_free(pubKey);
++ BIO_vfree(bio);
++ BN_CTX_free(c);
++ return 0;
++ }
+ #ifdef HAVE_OPAQUE_RSA_DSA_DH
+ retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, rsa);
+ RSA_blinding_off(rsa);
+ #else
+- retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, pubKey->pkey.rsa);
+- RSA_blinding_off(pubKey->pkey.rsa);
++ retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, pubKey->pkey.rsa);
++ RSA_blinding_off(pubKey->pkey.rsa);
+ #endif
+- BN_CTX_free(c);
++ BN_CTX_free(c);
+ }
+ #ifdef HAVE_OPAQUE_EVP_PKEY
+ if (EVP_PKEY_id(pubKey) == EVP_PKEY_DSA) {
+@@ -730,7 +730,7 @@ char *check_validity(
+ if (!of) return NULL;
+ MD5_Init(&md5CTX);
+ while (0 != (rbytes = (int)fread(rbuf, 1, sizeof(rbuf), of))) {
+- MD5_Update(&md5CTX, rbuf, rbytes);
++ MD5_Update(&md5CTX, rbuf, rbytes);
+ }
+ MD5_Final(md5_md, &md5CTX);
+ fclose(of);
+@@ -740,12 +740,12 @@ char *check_validity(
+ char file[MAXPATHLEN];
+ while (!dir_scan(file, dir, sizeof(file))) {
+ char fpath[MAXPATHLEN];
+- snprintf(fpath, sizeof(fpath), "%s/%s", certPath, file);
++ snprintf(fpath, sizeof(fpath), "%s/%s", certPath, file);
+ // TODO : replace '128'
+- if (check_validity_of_cert(fpath, md5_md, signature, 128, caPath)) {
+- dir_close(dir);
+- return strdup(fpath);
+- }
++ if (check_validity_of_cert(fpath, md5_md, signature, 128, caPath)) {
++ dir_close(dir);
++ return strdup(fpath);
++ }
+ }
+
+ dir_close(dir);
+@@ -778,7 +778,7 @@ int cert_verify_file(
+ if (!of) return false;
+ MD5_Init(&md5CTX);
+ while (0 != (rbytes = (int)fread(rbuf, 1, sizeof(rbuf), of))) {
+- MD5_Update(&md5CTX, rbuf, rbytes);
++ MD5_Update(&md5CTX, rbuf, rbytes);
+ }
+ MD5_Final(md5_md, &md5CTX);
+ fclose(of);
+@@ -805,10 +805,10 @@ int cert_verify_file(
+ bio = BIO_new(BIO_s_file());
+ BIO_read_filename(bio, fbuf);
+ if (NULL == (cert = PEM_read_bio_X509(bio, NULL, 0, NULL))) {
+- BIO_vfree(bio);
++ BIO_vfree(bio);
+ printf("Cannot read certificate ('%s')\n", fbuf);
+ file_counter++;
+- continue;
++ continue;
+ }
+ fflush(stdout);
+ subj = X509_get_subject_name(cert);
+@@ -816,7 +816,7 @@ int cert_verify_file(
+ // ???
+ //X509_NAME_free(subj);
+ X509_free(cert);
+- BIO_vfree(bio);
++ BIO_vfree(bio);
+ if (strcmp(buf, signatures->signatures.at(i).subject)) {
+ printf("Subject does not match ('%s' <-> '%s')\n", buf, signatures->signatures.at(i).subject);
+ file_counter++;
+diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
+index 88d9f2d..7174afc 100644
+--- a/lib/crypt_prog.cpp
++++ b/lib/crypt_prog.cpp
+@@ -62,23 +62,23 @@ void die(const char* p) {
+
+ void usage() {
+ fprintf(stderr,
+- "Usage: crypt_prog options\n\n"
+- "Options:\n\n"
+- "-genkey n private_keyfile public_keyfile\n"
+- " create an n-bit key pair\n"
+- "-sign file private_keyfile\n"
+- " create a signature for a given file, write to stdout\n"
+- "-sign_string string private_keyfile\n"
+- " create a signature for a given string\n"
+- "-verify file signature_file public_keyfile\n"
+- " verify a signature\n"
+- "-test_crypt private_keyfile public_keyfile\n"
+- " test encrypt/decrypt functions\n"
+- "-conkey o2b/b20 priv/pub input_file output_file\n"
+- " convert keys between BOINC and OpenSSL format\n"
+- "-cert_verify file signature certificate_dir\n"
+- " verify a signature using a directory of certificates\n"
+- );
++ "Usage: crypt_prog options\n\n"
++ "Options:\n\n"
++ "-genkey n private_keyfile public_keyfile\n"
++ " create an n-bit key pair\n"
++ "-sign file private_keyfile\n"
++ " create a signature for a given file, write to stdout\n"
++ "-sign_string string private_keyfile\n"
++ " create a signature for a given string\n"
++ "-verify file signature_file public_keyfile\n"
++ " verify a signature\n"
++ "-test_crypt private_keyfile public_keyfile\n"
++ " test encrypt/decrypt functions\n"
++ "-conkey o2b/b20 priv/pub input_file output_file\n"
++ " convert keys between BOINC and OpenSSL format\n"
++ "-cert_verify file signature certificate_dir\n"
++ " verify a signature using a directory of certificates\n"
++ );
+ }
+
+ unsigned int random_int() {
+@@ -93,7 +93,7 @@ unsigned int random_int() {
+ die("Can't load ADVAPI32.DLL");
+ }
+ BOOLEAN (APIENTRY *pfn)(void*, ULONG) =
+- (BOOLEAN (APIENTRY *)(void*,ULONG))GetProcAddress(hLib,"SystemFunction036");
++ (BOOLEAN (APIENTRY *)(void*,ULONG))GetProcAddress(hLib,"SystemFunction036");
+ if (pfn) {
+ char buff[32];
+ ULONG ulCbBuff = sizeof(buff);
+@@ -131,7 +131,7 @@ int main(int argc, char** argv) {
+ RSA rsa_key;
+ #endif
+ RSA *rsa_key_;
+- BIO *bio_out=NULL;
++ BIO *bio_out=NULL;
+ BIO *bio_err=NULL;
+ char *certpath;
+ bool b2o=false; // boinc key to openssl key ?
+@@ -214,8 +214,8 @@ int main(int argc, char** argv) {
+ retval = md5_file(argv[2], md5_buf, size);
+ if (retval) die("md5_file");
+ retval = check_file_signature(
+- md5_buf, public_key, signature, is_valid
+- );
++ md5_buf, public_key, signature, is_valid
++ );
+ if (retval) die("check_file_signature");
+ if (is_valid) {
+ printf("file is valid\n");
+@@ -262,9 +262,9 @@ int main(int argc, char** argv) {
+ printf("siganture verified using certificate '%s'.\n\n", certpath);
+ free(certpath);
+ }
+- // this converts, but an executable signed with sign_executable,
+- // and signature converted to OpenSSL format cannot be verified with
+- // OpenSSL
++ // this converts, but an executable signed with sign_executable,
++ // and signature converted to OpenSSL format cannot be verified with
++ // OpenSSL
+ } else if (!strcmp(argv[1], "-convsig")) {
+ if (argc < 5) {
+ usage();
+@@ -320,18 +320,18 @@ int main(int argc, char** argv) {
+ die("either 'pub' or 'priv' must be defined for -convkey\n");
+ }
+ OpenSSL_add_all_algorithms();
+- ERR_load_crypto_strings();
+- ENGINE_load_builtin_engines();
+- if (bio_err == NULL) {
+- bio_err = BIO_new_fp(stdout, BIO_NOCLOSE);
++ ERR_load_crypto_strings();
++ ENGINE_load_builtin_engines();
++ if (bio_err == NULL) {
++ bio_err = BIO_new_fp(stdout, BIO_NOCLOSE);
+ }
+ //enc=EVP_get_cipherbyname("des");
+ //if (enc == NULL)
+ // die("could not get cypher.\n");
+ // no encription yet.
+ bio_out=BIO_new(BIO_s_file());
+- if (BIO_write_filename(bio_out,argv[5]) <= 0) {
+- perror(argv[5]);
++ if (BIO_write_filename(bio_out,argv[5]) <= 0) {
++ perror(argv[5]);
+ die("could not create output file.\n");
+ }
+ if (b2o) {
+@@ -351,11 +351,11 @@ int main(int argc, char** argv) {
+ #endif
+
+ //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
+- // enc, NULL, 0, pass_cb, NULL);
+- // no encryption yet.
+-
++ // enc, NULL, 0, pass_cb, NULL);
++ // no encryption yet.
++
+ //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
+- // NULL, NULL, 0, pass_cb, NULL);
++ // NULL, NULL, 0, pass_cb, NULL);
+ fpriv = fopen(argv[5], "w+");
+ if (!fpriv) die("fopen");
+ #ifdef HAVE_OPAQUE_RSA_DSA_DH
+@@ -364,10 +364,10 @@ int main(int argc, char** argv) {
+ PEM_write_RSAPrivateKey(fpriv, &rsa_key, NULL, NULL, 0, 0, NULL);
+ #endif
+ fclose(fpriv);
+- //if (i == 0) {
++ //if (i == 0) {
+ // ERR_print_errors(bio_err);
+ // die("could not write key file.\n");
+- //}
++ //}
+ } else {
+ fpub = fopen(argv[4], "r");
+ if (!fpub) {
+@@ -381,11 +381,11 @@ int main(int argc, char** argv) {
+ die("fopen");
+ }
+ public_to_openssl(public_key, rsa_key_);
+- i = PEM_write_RSA_PUBKEY(fpub, rsa_key_);
+- if (i == 0) {
++ i = PEM_write_RSA_PUBKEY(fpub, rsa_key_);
++ if (i == 0) {
+ ERR_print_errors(bio_err);
+ die("could not write key file.\n");
+- }
++ }
+ fclose(fpub);
+ }
+ } else {
+diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
+index 7174afc..8cfffc2 100644
+--- a/lib/crypt_prog.cpp
++++ b/lib/crypt_prog.cpp
+@@ -74,7 +74,7 @@ void usage() {
+ " verify a signature\n"
+ "-test_crypt private_keyfile public_keyfile\n"
+ " test encrypt/decrypt functions\n"
+- "-conkey o2b/b20 priv/pub input_file output_file\n"
++ "-convkey o2b/b2o priv/pub input_file output_file\n"
+ " convert keys between BOINC and OpenSSL format\n"
+ "-cert_verify file signature certificate_dir\n"
+ " verify a signature using a directory of certificates\n"
More information about the arch-commits
mailing list