Add support for building with OpenSSL 4.0

2026-04-03 06:16:12 +00:00 · 2026-03-28 00:56:34 -05:00
parent 2e9fbecfea
commit e785be03c2
3 changed files with 39 additions and 37 deletions
--- a/app/backend/identitymanager.cpp
+++ b/app/backend/identitymanager.cpp
@@ -31,6 +31,10 @@ void IdentityManager::createCredentials(QSettings& settings)
    X509* cert = X509_new();
    THROW_BAD_ALLOC_IF_NULL(cert);

+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    EVP_PKEY* pk = EVP_RSA_gen(2048);
+    THROW_BAD_ALLOC_IF_NULL(pk);
+#else
    EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
    THROW_BAD_ALLOC_IF_NULL(ctx);

@@ -43,6 +47,7 @@ void IdentityManager::createCredentials(QSettings& settings)

    EVP_PKEY_CTX_free(ctx);
    THROW_BAD_ALLOC_IF_NULL(pk);
+#endif

    X509_set_version(cert, 2);
    ASN1_INTEGER_set(X509_get_serialNumber(cert), 0);
@@ -50,28 +55,20 @@ void IdentityManager::createCredentials(QSettings& settings)
    X509_gmtime_adj(X509_get_notBefore(cert), 0);
    X509_gmtime_adj(X509_get_notAfter(cert), 60 * 60 * 24 * 365 * 20); // 20 yrs
 #else
-    ASN1_TIME* before = ASN1_STRING_dup(X509_get0_notBefore(cert));
-    THROW_BAD_ALLOC_IF_NULL(before);
-    ASN1_TIME* after = ASN1_STRING_dup(X509_get0_notAfter(cert));
-    THROW_BAD_ALLOC_IF_NULL(after);
-
-    X509_gmtime_adj(before, 0);
-    X509_gmtime_adj(after, 60 * 60 * 24 * 365 * 20); // 20 yrs
-
-    X509_set1_notBefore(cert, before);
-    X509_set1_notAfter(cert, after);
-
-    ASN1_STRING_free(before);
-    ASN1_STRING_free(after);
+    X509_gmtime_adj(X509_getm_notBefore(cert), 0);
+    X509_gmtime_adj(X509_getm_notAfter(cert), 60 * 60 * 24 * 365 * 20); // 20 yrs
 #endif

    X509_set_pubkey(cert, pk);

-    X509_NAME* name = X509_get_subject_name(cert);
+    X509_NAME* name = X509_NAME_new();
+    THROW_BAD_ALLOC_IF_NULL(name);
    X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
                               reinterpret_cast<unsigned char *>(const_cast<char*>("NVIDIA GameStream Client")),
                               -1, -1, 0);
+    X509_set_subject_name(cert, name);
    X509_set_issuer_name(cert, name);
+    X509_NAME_free(name);

    X509_sign(cert, pk, EVP_sha256());

--- a/app/backend/nvpairingmanager.cpp
+++ b/app/backend/nvpairingmanager.cpp
@@ -101,6 +101,29 @@ NvPairingManager::decrypt(const QByteArray& ciphertext, const QByteArray& key)
    return plaintext;
 }

+QByteArray
+NvPairingManager::getSignatureFromCert(X509* cert)
+{
+#if (OPENSSL_VERSION_NUMBER < 0x10002000L)
+    ASN1_BIT_STRING *asnSignature = cert->signature;
+#elif (OPENSSL_VERSION_NUMBER < 0x10100000L)
+    ASN1_BIT_STRING *asnSignature;
+    X509_get0_signature(&asnSignature, NULL, cert);
+#else
+    const ASN1_BIT_STRING *asnSignature;
+    X509_get0_signature(&asnSignature, NULL, cert);
+#endif
+
+    return QByteArray(
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+        reinterpret_cast<const char*>(ASN1_STRING_data(asnSignature)),
+#else
+        reinterpret_cast<const char*>(ASN1_STRING_get0_data(asnSignature)),
+#endif
+        ASN1_STRING_length(asnSignature)
+    );
+}
+
 QByteArray
 NvPairingManager::getSignatureFromPemCert(const QByteArray& certificate)
 {
@@ -114,18 +137,7 @@ NvPairingManager::getSignatureFromPemCert(const QByteArray& certificate)
    X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
    BIO_free_all(bio);

-#if (OPENSSL_VERSION_NUMBER < 0x10002000L)
-    ASN1_BIT_STRING *asnSignature = cert->signature;
-#elif (OPENSSL_VERSION_NUMBER < 0x10100000L)
-    ASN1_BIT_STRING *asnSignature;
-    X509_get0_signature(&asnSignature, NULL, cert);
-#else
-    const ASN1_BIT_STRING *asnSignature;
-    X509_get0_signature(&asnSignature, NULL, cert);
-#endif
-
-    QByteArray signature(reinterpret_cast<char*>(asnSignature->data), asnSignature->length);
-
+    QByteArray signature = getSignatureFromCert(cert);
    X509_free(cert);

    return signature;
@@ -267,18 +279,8 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC
    QByteArray challengeResponse;
    QByteArray serverResponse(challengeResponseData.data(), hashLength);

-#if (OPENSSL_VERSION_NUMBER < 0x10002000L)
-    ASN1_BIT_STRING *asnSignature = m_Cert->signature;
-#elif (OPENSSL_VERSION_NUMBER < 0x10100000L)
-    ASN1_BIT_STRING *asnSignature;
-    X509_get0_signature(&asnSignature, NULL, m_Cert);
-#else
-    const ASN1_BIT_STRING *asnSignature;
-    X509_get0_signature(&asnSignature, NULL, m_Cert);
-#endif
-
    challengeResponse.append(challengeResponseData.data() + hashLength, 16);
-    challengeResponse.append(reinterpret_cast<char*>(asnSignature->data), asnSignature->length);
+    challengeResponse.append(getSignatureFromCert(m_Cert));
    challengeResponse.append(clientSecretData);

    QByteArray paddedHash = QCryptographicHash::hash(challengeResponse, hashAlgo);
--- a/app/backend/nvpairingmanager.h
+++ b/app/backend/nvpairingmanager.h
@@ -37,6 +37,9 @@ private:
    QByteArray
    decrypt(const QByteArray& ciphertext, const QByteArray& key);

+    QByteArray
+    getSignatureFromCert(X509* cert);
+
    QByteArray
    getSignatureFromPemCert(const QByteArray& certificate);