moonlight-stream/moonlight-embedded
1
0
Fork 0
mirror of https://github.com/moonlight-stream/moonlight-embedded.git synced 2025-07-01 23:35:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Replace usage of functions deprecated in OpenSSL 3.0

Browse Source
This commit is contained in:
Cameron Gutman 2022-04-21 23:04:23 -05:00
parent 22f75b74f9
commit 039040e247
2 changed files with 58 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
libgamestream/client.c
View File

@ -350,6 +350,30 @@ static bool verifySignature(const char *data, int dataLength, char *signature, i
return result > 0; return result > 0;
} }
static void encrypt(const unsigned char *plaintext, int plaintextLen, const unsigned char *key, unsigned char *ciphertext) {
EVP_CIPHER_CTX* cipher = EVP_CIPHER_CTX_new();
EVP_EncryptInit(cipher, EVP_aes_128_ecb(), key, NULL);
EVP_CIPHER_CTX_set_padding(cipher, 0);
int ciphertextLen = 0;
EVP_EncryptUpdate(cipher, ciphertext, &ciphertextLen, plaintext, plaintextLen);
EVP_CIPHER_CTX_free(cipher);
}
static void decrypt(const unsigned char *ciphertext, int ciphertextLen, const unsigned char *key, unsigned char *plaintext) {
EVP_CIPHER_CTX* cipher = EVP_CIPHER_CTX_new();
EVP_DecryptInit(cipher, EVP_aes_128_ecb(), key, NULL);
EVP_CIPHER_CTX_set_padding(cipher, 0);
int plaintextLen = 0;
EVP_DecryptUpdate(cipher, plaintext, &plaintextLen, ciphertext, ciphertextLen);
EVP_CIPHER_CTX_free(cipher);
}
int gs_unpair(PSERVER_DATA server) { int gs_unpair(PSERVER_DATA server) {
int ret = GS_OK; int ret = GS_OK;
char url[4096]; char url[4096];
@ -428,25 +452,21 @@ int gs_pair(PSERVER_DATA server, char* pin) {
plaincert[strlen(result)/2] = '\0'; plaincert[strlen(result)/2] = '\0';
unsigned char salt_pin[20]; unsigned char salt_pin[20];
unsigned char aes_key_hash[32]; unsigned char aes_key[32];
AES_KEY enc_key, dec_key;
memcpy(salt_pin, salt_data, 16); memcpy(salt_pin, salt_data, 16);
memcpy(salt_pin+16, pin, 4); memcpy(salt_pin+16, pin, 4);
int hash_length = server->serverMajorVersion >= 7 ? 32 : 20; int hash_length = server->serverMajorVersion >= 7 ? 32 : 20;
if (server->serverMajorVersion >= 7) if (server->serverMajorVersion >= 7)
SHA256(salt_pin, 20, aes_key_hash); SHA256(salt_pin, 20, aes_key);
else else
SHA1(salt_pin, 20, aes_key_hash); SHA1(salt_pin, 20, aes_key);
AES_set_encrypt_key((unsigned char *)aes_key_hash, 128, &enc_key);
AES_set_decrypt_key((unsigned char *)aes_key_hash, 128, &dec_key);
unsigned char challenge_data[16]; unsigned char challenge_data[16];
unsigned char challenge_enc[16]; unsigned char challenge_enc[16];
char challenge_hex[33]; char challenge_hex[33];
RAND_bytes(challenge_data, 16); RAND_bytes(challenge_data, 16);
AES_encrypt(challenge_data, challenge_enc, &enc_key); encrypt(challenge_data, 16, aes_key, challenge_enc);
bytes_to_hex(challenge_enc, challenge_hex, 16); bytes_to_hex(challenge_enc, challenge_hex, 16);
uuid_generate_random(uuid); uuid_generate_random(uuid);
@ -481,9 +501,7 @@ int gs_pair(PSERVER_DATA server, char* pin) {
sscanf(&result[count], "%2hhx", &challenge_response_data_enc[count / 2]); sscanf(&result[count], "%2hhx", &challenge_response_data_enc[count / 2]);
} }
for (int i = 0; i < 48; i += 16) { decrypt(challenge_response_data_enc, 48, aes_key, challenge_response_data);
AES_decrypt(&challenge_response_data_enc[i], &challenge_response_data[i], &dec_key);
}
char client_secret_data[16]; char client_secret_data[16];
RAND_bytes(client_secret_data, 16); RAND_bytes(client_secret_data, 16);
@ -503,9 +521,7 @@ int gs_pair(PSERVER_DATA server, char* pin) {
else else
SHA1(challenge_response, 16 + 256 + 16, challenge_response_hash); SHA1(challenge_response, 16 + 256 + 16, challenge_response_hash);
for (int i = 0; i < 32; i += 16) { encrypt(challenge_response_hash, 32, aes_key, challenge_response_hash_enc);
AES_encrypt(&challenge_response_hash[i], &challenge_response_hash_enc[i], &enc_key);
}
bytes_to_hex(challenge_response_hash_enc, challenge_response_hex, 32); bytes_to_hex(challenge_response_hash_enc, challenge_response_hex, 32);
uuid_generate_random(uuid); uuid_generate_random(uuid);

81
libgamestream/mkcert.c
View File

@ -39,7 +39,6 @@ CERT_KEY_PAIR mkcert_generate() {
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
PKCS12 *p12 = NULL; PKCS12 *p12 = NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
@ -81,71 +80,47 @@ void mkcert_save(const char* certFile, const char* p12File, const char* keyPairF
} }
int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years) { int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years) {
X509 *x; EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
EVP_PKEY *pk; EVP_PKEY_keygen_init(ctx);
RSA *rsa; EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits);
X509_NAME *name = NULL;
if (*pkeyp == NULL) { // pk must be initialized on input
if ((pk=EVP_PKEY_new()) == NULL) { EVP_PKEY *pk = NULL;;
abort(); EVP_PKEY_keygen(ctx, &pk);
return(0);
}
} else {
pk = *pkeyp;
}
if (*x509p == NULL) { EVP_PKEY_CTX_free(ctx);
if ((x = X509_new()) == NULL) {
goto err;
}
} else {
x = *x509p;
}
if ((rsa = RSA_new()) == NULL) X509* cert = X509_new();
goto err; X509_set_version(cert, 2);
ASN1_INTEGER_set(X509_get_serialNumber(cert), serial);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
X509_gmtime_adj(X509_get_notBefore(cert), 0);
X509_gmtime_adj(X509_get_notAfter(cert), 60 * 60 * 24 * 365 * years);
#else
ASN1_TIME* before = ASN1_STRING_dup(X509_get0_notBefore(cert));
ASN1_TIME* after = ASN1_STRING_dup(X509_get0_notAfter(cert));
BIGNUM* bne = BN_new(); X509_gmtime_adj(before, 0);
if (bne == NULL) { X509_gmtime_adj(after, 60 * 60 * 24 * 365 * years);
abort();
goto err;
}
BN_set_word(bne, RSA_F4); X509_set1_notBefore(cert, before);
if (RSA_generate_key_ex(rsa, bits, bne, NULL) == 0) { X509_set1_notAfter(cert, after);
abort();
goto err;
}
if (!EVP_PKEY_assign_RSA(pk, rsa)) { ASN1_STRING_free(before);
abort(); ASN1_STRING_free(after);
goto err; #endif
}
X509_set_version(x, 2); X509_set_pubkey(cert, pk);
ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
X509_gmtime_adj(X509_get_notBefore(x), 0);
X509_gmtime_adj(X509_get_notAfter(x), (long)60*60*24*365*years);
X509_set_pubkey(x, pk);
name = X509_get_subject_name(x); X509_NAME* name = X509_get_subject_name(cert);
/* This function creates and adds the entry, working out the
* correct string type and performing checks on its length.
*/
X509_NAME_add_entry_by_txt(name,"CN", MBSTRING_ASC, (unsigned char*)"NVIDIA GameStream Client", -1, -1, 0); X509_NAME_add_entry_by_txt(name,"CN", MBSTRING_ASC, (unsigned char*)"NVIDIA GameStream Client", -1, -1, 0);
X509_set_issuer_name(cert, name);
/* Its self signed so set the issuer name to be the same as the if (!X509_sign(cert, pk, EVP_sha256())) {
* subject.
*/
X509_set_issuer_name(x, name);
if (!X509_sign(x, pk, EVP_sha256())) {
goto err; goto err;
} }
*x509p = x; *x509p = cert;
*pkeyp = pk; *pkeyp = pk;
return(1); return(1);