From e785be03c22bb50dbb4024612e74e80c53927dcf Mon Sep 17 00:00:00 2001 From: Cameron Gutman Date: Sat, 28 Mar 2026 00:56:34 -0500 Subject: [PATCH] Add support for building with OpenSSL 4.0 --- app/backend/identitymanager.cpp | 25 ++++++++--------- app/backend/nvpairingmanager.cpp | 48 +++++++++++++++++--------------- app/backend/nvpairingmanager.h | 3 ++ 3 files changed, 39 insertions(+), 37 deletions(-) diff --git a/app/backend/identitymanager.cpp b/app/backend/identitymanager.cpp index 08bfcc17..3d7078c1 100644 --- a/app/backend/identitymanager.cpp +++ b/app/backend/identitymanager.cpp @@ -31,6 +31,10 @@ void IdentityManager::createCredentials(QSettings& settings) X509* cert = X509_new(); THROW_BAD_ALLOC_IF_NULL(cert); +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + EVP_PKEY* pk = EVP_RSA_gen(2048); + THROW_BAD_ALLOC_IF_NULL(pk); +#else EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); THROW_BAD_ALLOC_IF_NULL(ctx); @@ -43,6 +47,7 @@ void IdentityManager::createCredentials(QSettings& settings) EVP_PKEY_CTX_free(ctx); THROW_BAD_ALLOC_IF_NULL(pk); +#endif X509_set_version(cert, 2); ASN1_INTEGER_set(X509_get_serialNumber(cert), 0); @@ -50,28 +55,20 @@ void IdentityManager::createCredentials(QSettings& settings) X509_gmtime_adj(X509_get_notBefore(cert), 0); X509_gmtime_adj(X509_get_notAfter(cert), 60 * 60 * 24 * 365 * 20); // 20 yrs #else - ASN1_TIME* before = ASN1_STRING_dup(X509_get0_notBefore(cert)); - THROW_BAD_ALLOC_IF_NULL(before); - ASN1_TIME* after = ASN1_STRING_dup(X509_get0_notAfter(cert)); - THROW_BAD_ALLOC_IF_NULL(after); - - X509_gmtime_adj(before, 0); - X509_gmtime_adj(after, 60 * 60 * 24 * 365 * 20); // 20 yrs - - X509_set1_notBefore(cert, before); - X509_set1_notAfter(cert, after); - - ASN1_STRING_free(before); - ASN1_STRING_free(after); + X509_gmtime_adj(X509_getm_notBefore(cert), 0); + X509_gmtime_adj(X509_getm_notAfter(cert), 60 * 60 * 24 * 365 * 20); // 20 yrs #endif X509_set_pubkey(cert, pk); - X509_NAME* name = X509_get_subject_name(cert); + X509_NAME* name = X509_NAME_new(); + THROW_BAD_ALLOC_IF_NULL(name); X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, reinterpret_cast(const_cast("NVIDIA GameStream Client")), -1, -1, 0); + X509_set_subject_name(cert, name); X509_set_issuer_name(cert, name); + X509_NAME_free(name); X509_sign(cert, pk, EVP_sha256()); diff --git a/app/backend/nvpairingmanager.cpp b/app/backend/nvpairingmanager.cpp index 16cc5a87..9aa3a0d7 100644 --- a/app/backend/nvpairingmanager.cpp +++ b/app/backend/nvpairingmanager.cpp @@ -101,6 +101,29 @@ NvPairingManager::decrypt(const QByteArray& ciphertext, const QByteArray& key) return plaintext; } +QByteArray +NvPairingManager::getSignatureFromCert(X509* cert) +{ +#if (OPENSSL_VERSION_NUMBER < 0x10002000L) + ASN1_BIT_STRING *asnSignature = cert->signature; +#elif (OPENSSL_VERSION_NUMBER < 0x10100000L) + ASN1_BIT_STRING *asnSignature; + X509_get0_signature(&asnSignature, NULL, cert); +#else + const ASN1_BIT_STRING *asnSignature; + X509_get0_signature(&asnSignature, NULL, cert); +#endif + + return QByteArray( +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + reinterpret_cast(ASN1_STRING_data(asnSignature)), +#else + reinterpret_cast(ASN1_STRING_get0_data(asnSignature)), +#endif + ASN1_STRING_length(asnSignature) + ); +} + QByteArray NvPairingManager::getSignatureFromPemCert(const QByteArray& certificate) { @@ -114,18 +137,7 @@ NvPairingManager::getSignatureFromPemCert(const QByteArray& certificate) X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr); BIO_free_all(bio); -#if (OPENSSL_VERSION_NUMBER < 0x10002000L) - ASN1_BIT_STRING *asnSignature = cert->signature; -#elif (OPENSSL_VERSION_NUMBER < 0x10100000L) - ASN1_BIT_STRING *asnSignature; - X509_get0_signature(&asnSignature, NULL, cert); -#else - const ASN1_BIT_STRING *asnSignature; - X509_get0_signature(&asnSignature, NULL, cert); -#endif - - QByteArray signature(reinterpret_cast(asnSignature->data), asnSignature->length); - + QByteArray signature = getSignatureFromCert(cert); X509_free(cert); return signature; @@ -267,18 +279,8 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC QByteArray challengeResponse; QByteArray serverResponse(challengeResponseData.data(), hashLength); -#if (OPENSSL_VERSION_NUMBER < 0x10002000L) - ASN1_BIT_STRING *asnSignature = m_Cert->signature; -#elif (OPENSSL_VERSION_NUMBER < 0x10100000L) - ASN1_BIT_STRING *asnSignature; - X509_get0_signature(&asnSignature, NULL, m_Cert); -#else - const ASN1_BIT_STRING *asnSignature; - X509_get0_signature(&asnSignature, NULL, m_Cert); -#endif - challengeResponse.append(challengeResponseData.data() + hashLength, 16); - challengeResponse.append(reinterpret_cast(asnSignature->data), asnSignature->length); + challengeResponse.append(getSignatureFromCert(m_Cert)); challengeResponse.append(clientSecretData); QByteArray paddedHash = QCryptographicHash::hash(challengeResponse, hashAlgo); diff --git a/app/backend/nvpairingmanager.h b/app/backend/nvpairingmanager.h index 7fc555b0..9faafe59 100644 --- a/app/backend/nvpairingmanager.h +++ b/app/backend/nvpairingmanager.h @@ -37,6 +37,9 @@ private: QByteArray decrypt(const QByteArray& ciphertext, const QByteArray& key); + QByteArray + getSignatureFromCert(X509* cert); + QByteArray getSignatureFromPemCert(const QByteArray& certificate);