moonlight-stream/moonlight-qt
1
0
Fork 0
mirror of https://github.com/moonlight-stream/moonlight-qt.git synced 2026-04-12 02:36:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Avoid using functions deprecated in OpenSSL 3.0

Browse Source
This commit is contained in:
Cameron Gutman
2020-06-07 16:26:19 -07:00
parent 0757717bea
commit dcba5762c7
3 changed files with 49 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
app/backend/identitymanager.cpp
View File

@@ -5,7 +5,6 @@
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/rand.h> #include <openssl/rand.h>
@@ -32,20 +31,16 @@ void IdentityManager::createCredentials(QSettings& settings)
X509* cert = X509_new(); X509* cert = X509_new();
THROW_BAD_ALLOC_IF_NULL(cert); THROW_BAD_ALLOC_IF_NULL(cert);
EVP_PKEY* pk = EVP_PKEY_new(); EVP_PKEY* pk;
EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
THROW_BAD_ALLOC_IF_NULL(ctx);
EVP_PKEY_keygen_init(ctx);
EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048);
EVP_PKEY_keygen(ctx, &pk);
EVP_PKEY_CTX_free(ctx);
THROW_BAD_ALLOC_IF_NULL(pk); THROW_BAD_ALLOC_IF_NULL(pk);
BIGNUM* bne = BN_new();
THROW_BAD_ALLOC_IF_NULL(bne);
RSA* rsa = RSA_new();
THROW_BAD_ALLOC_IF_NULL(rsa);
BN_set_word(bne, RSA_F4);
RSA_generate_key_ex(rsa, 2048, bne, nullptr);
EVP_PKEY_assign_RSA(pk, rsa);
X509_set_version(cert, 2); X509_set_version(cert, 2);
ASN1_INTEGER_set(X509_get_serialNumber(cert), 0); ASN1_INTEGER_set(X509_get_serialNumber(cert), 0);
#if OPENSSL_VERSION_NUMBER < 0x10100000L #if OPENSSL_VERSION_NUMBER < 0x10100000L
@@ -94,7 +89,6 @@ void IdentityManager::createCredentials(QSettings& settings)
X509_free(cert); X509_free(cert);
EVP_PKEY_free(pk); EVP_PKEY_free(pk);
BN_free(bne);
BIO_free(biokey); BIO_free(biokey);
BIO_free(biocert); BIO_free(biocert);

60
app/backend/nvpairingmanager.cpp
View File

@@ -4,7 +4,6 @@
#include <stdexcept> #include <stdexcept>
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/aes.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/x509.h> #include <openssl/x509.h>
@@ -53,31 +52,51 @@ NvPairingManager::generateRandomBytes(int length)
} }
QByteArray QByteArray
NvPairingManager::encrypt(const QByteArray& plaintext, AES_KEY* key) NvPairingManager::encrypt(const QByteArray& plaintext, const QByteArray& key)
{ {
QByteArray ciphertext(plaintext.size(), 0); QByteArray ciphertext(plaintext.size(), 0);
EVP_CIPHER_CTX* cipher;
int ciphertextLen;
for (int i = 0; i < plaintext.size(); i += 16) cipher = EVP_CIPHER_CTX_new();
{ THROW_BAD_ALLOC_IF_NULL(cipher);
AES_encrypt(reinterpret_cast<unsigned char*>(const_cast<char*>(&plaintext.data()[i])),
reinterpret_cast<unsigned char*>(&ciphertext.data()[i]), EVP_EncryptInit(cipher, EVP_aes_128_ecb(), reinterpret_cast<const unsigned char*>(key.data()), NULL);
key); EVP_CIPHER_CTX_set_padding(cipher, 0);
}
EVP_EncryptUpdate(cipher,
reinterpret_cast<unsigned char*>(ciphertext.data()),
&ciphertextLen,
reinterpret_cast<const unsigned char*>(plaintext.data()),
plaintext.length());
Q_ASSERT(ciphertextLen == ciphertext.length());
EVP_CIPHER_CTX_free(cipher);
return ciphertext; return ciphertext;
} }
QByteArray QByteArray
NvPairingManager::decrypt(const QByteArray& ciphertext, AES_KEY* key) NvPairingManager::decrypt(const QByteArray& ciphertext, const QByteArray& key)
{ {
QByteArray plaintext(ciphertext.size(), 0); QByteArray plaintext(ciphertext.size(), 0);
EVP_CIPHER_CTX* cipher;
int plaintextLen;
for (int i = 0; i < plaintext.size(); i += 16) cipher = EVP_CIPHER_CTX_new();
{ THROW_BAD_ALLOC_IF_NULL(cipher);
AES_decrypt(reinterpret_cast<unsigned char*>(const_cast<char*>(&ciphertext.data()[i])),
reinterpret_cast<unsigned char*>(&plaintext.data()[i]), EVP_DecryptInit(cipher, EVP_aes_128_ecb(), reinterpret_cast<const unsigned char*>(key.data()), NULL);
key); EVP_CIPHER_CTX_set_padding(cipher, 0);
}
EVP_DecryptUpdate(cipher,
reinterpret_cast<unsigned char*>(plaintext.data()),
&plaintextLen,
reinterpret_cast<const unsigned char*>(ciphertext.data()),
ciphertext.length());
Q_ASSERT(plaintextLen == plaintext.length());
EVP_CIPHER_CTX_free(cipher);
return plaintext; return plaintext;
} }
@@ -188,9 +207,8 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC
QByteArray salt = generateRandomBytes(16); QByteArray salt = generateRandomBytes(16);
QByteArray saltedPin = saltPin(salt, pin); QByteArray saltedPin = saltPin(salt, pin);
AES_KEY encKey, decKey; QByteArray aesKey = QCryptographicHash::hash(saltedPin, hashAlgo).data();
AES_set_decrypt_key(reinterpret_cast<const unsigned char*>(QCryptographicHash::hash(saltedPin, hashAlgo).data()), 128, &decKey); aesKey.truncate(16);
AES_set_encrypt_key(reinterpret_cast<const unsigned char*>(QCryptographicHash::hash(saltedPin, hashAlgo).data()), 128, &encKey);
QString getCert = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, QString getCert = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
"pair", "pair",
@@ -225,7 +243,7 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC
m_Http.setServerCert(serverCert); m_Http.setServerCert(serverCert);
QByteArray randomChallenge = generateRandomBytes(16); QByteArray randomChallenge = generateRandomBytes(16);
QByteArray encryptedChallenge = encrypt(randomChallenge, &encKey); QByteArray encryptedChallenge = encrypt(randomChallenge, aesKey);
QString challengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, QString challengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
"pair", "pair",
"devicename=roth&updateState=1&clientchallenge=" + "devicename=roth&updateState=1&clientchallenge=" +
@@ -239,7 +257,7 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC
return PairState::FAILED; return PairState::FAILED;
} }
QByteArray challengeResponseData = decrypt(m_Http.getXmlStringFromHex(challengeXml, "challengeresponse"), &decKey); QByteArray challengeResponseData = decrypt(m_Http.getXmlStringFromHex(challengeXml, "challengeresponse"), aesKey);
QByteArray clientSecretData = generateRandomBytes(16); QByteArray clientSecretData = generateRandomBytes(16);
QByteArray challengeResponse; QByteArray challengeResponse;
QByteArray serverResponse(challengeResponseData.data(), hashLength); QByteArray serverResponse(challengeResponseData.data(), hashLength);
@@ -260,7 +278,7 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC
QByteArray paddedHash = QCryptographicHash::hash(challengeResponse, hashAlgo); QByteArray paddedHash = QCryptographicHash::hash(challengeResponse, hashAlgo);
paddedHash.resize(32); paddedHash.resize(32);
QByteArray encryptedChallengeResponseHash = encrypt(paddedHash, &encKey); QByteArray encryptedChallengeResponseHash = encrypt(paddedHash, aesKey);
QString respXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, QString respXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
"pair", "pair",
"devicename=roth&updateState=1&serverchallengeresp=" + "devicename=roth&updateState=1&serverchallengeresp=" +

5
app/backend/nvpairingmanager.h
View File

@@ -3,7 +3,6 @@
#include "identitymanager.h" #include "identitymanager.h"
#include "nvhttp.h" #include "nvhttp.h"
#include <openssl/aes.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/evp.h> #include <openssl/evp.h>
@@ -33,10 +32,10 @@ private:
saltPin(const QByteArray& salt, QString pin); saltPin(const QByteArray& salt, QString pin);
QByteArray QByteArray
encrypt(const QByteArray& plaintext, AES_KEY* key); encrypt(const QByteArray& plaintext, const QByteArray& key);
QByteArray QByteArray
decrypt(const QByteArray& ciphertext, AES_KEY* key); decrypt(const QByteArray& ciphertext, const QByteArray& key);
QByteArray QByteArray
getSignatureFromPemCert(const QByteArray& certificate); getSignatureFromPemCert(const QByteArray& certificate);