aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net-im/libqtelegram-ae/Makefile2
-rw-r--r--net-im/libqtelegram-ae/files/patch-openssl-11x328
2 files changed, 329 insertions, 1 deletions
diff --git a/net-im/libqtelegram-ae/Makefile b/net-im/libqtelegram-ae/Makefile
index 2f404ee31980..86fa01ae033f 100644
--- a/net-im/libqtelegram-ae/Makefile
+++ b/net-im/libqtelegram-ae/Makefile
@@ -3,7 +3,7 @@
PORTNAME= libqtelegram-ae
PORTVERSION= 6.1
-PORTREVISION= 2
+PORTREVISION= 3
DISTVERSIONPREFIX= v
DISTVERSIONSUFFIX= -stable
CATEGORIES= net-im
diff --git a/net-im/libqtelegram-ae/files/patch-openssl-11x b/net-im/libqtelegram-ae/files/patch-openssl-11x
new file mode 100644
index 000000000000..c42f74d9fb26
--- /dev/null
+++ b/net-im/libqtelegram-ae/files/patch-openssl-11x
@@ -0,0 +1,328 @@
+From 2b31ce1780e8fdcc7cf55cb9ac17e9bae48eb2b0 Mon Sep 17 00:00:00 2001
+From: Bardia Daneshvar <realbardiax@gmail.com>
+Date: Sun, 25 Mar 2018 00:46:01 +0430
+Subject: [PATCH] Compatible with openssl 1.1.x
+
+---
+ core/dcauth.cpp | 40 ++++++++++++++++++
+ libqtelegram-ae.pri | 2 +-
+ util/cryptoutils.cpp | 98 +++++++++++++++++++++++++++++++++++++++++---
+ util/cryptoutils.h | 4 ++
+ util/utils.cpp | 12 +++++-
+ util/utils.h | 2 +-
+ 6 files changed, 150 insertions(+), 8 deletions(-)
+
+index 4a7c81b..dd5904d 100644
+--- core/dcauth.cpp
++++ core/dcauth.cpp
+@@ -213,6 +213,7 @@ void DCAuth::processDHAnswer(InboundPkt &inboundPkt) {
+ inboundPkt.setInPtr(decryptBuffer + 15);
+ inboundPkt.setInEnd(decryptBuffer + (l >> 2));
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BIGNUM dh_prime, dh_g, g_a, auth_key_num;
+ BN_init(&dh_prime);
+ BN_init (&g_a);
+@@ -223,6 +224,19 @@ void DCAuth::processDHAnswer(InboundPkt &inboundPkt) {
+ qint32 serverTime = inboundPkt.fetchInt();
+ mAsserter.check(inboundPkt.inPtr() <= inboundPkt.inEnd());
+ mAsserter.check(mCrypto->checkDHParams (&dh_prime, g) >= 0);
++#else
++ BIGNUM *dh_prime = BN_new();
++ BIGNUM *dh_g = BN_new();
++ BIGNUM *g_a = BN_new();
++ BIGNUM *auth_key_num = BN_new();
++ mAsserter.check(inboundPkt.fetchBignum(dh_prime) > 0);
++ mAsserter.check(inboundPkt.fetchBignum(g_a) > 0);
++ mAsserter.check(Utils::check_g_bn(dh_prime, g_a) >= 0);
++
++ qint32 serverTime = inboundPkt.fetchInt();
++ mAsserter.check(inboundPkt.inPtr() <= inboundPkt.inEnd());
++ mAsserter.check(mCrypto->checkDHParams (dh_prime, g) >= 0);
++#endif
+
+ static char sha1Buffer[20];
+ SHA1 ((uchar *) decryptBuffer + 20, (inboundPkt.inPtr() - decryptBuffer - 5) * 4, (uchar *) sha1Buffer);
+@@ -242,6 +256,7 @@ void DCAuth::processDHAnswer(InboundPkt &inboundPkt) {
+ outboundPkt.appendInts((qint32 *)m_serverNonce, 4);
+ outboundPkt.appendLong(0LL);
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BN_init (&dh_g);
+ Utils::ensure (BN_set_word (&dh_g, g));
+ char s_power [256];
+@@ -267,6 +282,31 @@ void DCAuth::processDHAnswer(InboundPkt &inboundPkt) {
+ BN_free (&dh_g);
+ BN_free (&g_a);
+ BN_free (&dh_prime);
++#else
++ Utils::ensure (BN_set_word (dh_g, g));
++ char s_power [256];
++ Utils::randomBytes(s_power, 256);
++ BIGNUM *dh_power = BN_bin2bn ((uchar *)s_power, 256, 0);
++ Utils::ensurePtr(dh_power);
++
++ BIGNUM *y = BN_new ();
++ Utils::ensurePtr(y);
++ Utils::ensure(mCrypto->BNModExp(y, dh_g, dh_power, dh_prime));
++ outboundPkt.appendBignum(y);
++ BN_free (y);
++
++ Utils::ensure(mCrypto->BNModExp(auth_key_num, g_a, dh_power, dh_prime));
++ l = BN_num_bytes (auth_key_num);
++
++ mAsserter.check(l >= 250 && l <= 256);
++ mAsserter.check(BN_bn2bin (auth_key_num, (uchar *)m_dc->authKey()));
++ Utils::secureZeroMemory (m_dc->authKey() + l, 0, 256 - l);
++ BN_free (dh_power);
++ BN_free (auth_key_num);
++ BN_free (dh_g);
++ BN_free (g_a);
++ BN_free (dh_prime);
++#endif
+
+ SHA1 ((uchar *) (outboundPkt.buffer() + 5), (outboundPkt.length() - 5) * 4, (uchar *) outboundPkt.buffer());
+ qint32 encryptBuffer[DECRYPT_BUFFER_INTS];
+index 73f9e47..a030e19 100644
+--- libqtelegram-ae.pri
++++ libqtelegram-ae.pri
+@@ -33,7 +33,7 @@ win32 {
+ LIBS += -L$${OPENSSL_LIB_DIR} -lssl -lcrypto -lz
+ }
+
+- INCLUDEPATH += $${OPENSSL_INCLUDE_PATH}
++# INCLUDEPATH += $${OPENSSL_INCLUDE_PATH}
+ }
+
+ include(telegram/telegram.pri)
+index 83ea85d..d88a2d6 100644
+--- util/cryptoutils.cpp
++++ util/cryptoutils.cpp
+@@ -40,7 +40,15 @@ CryptoUtils::~CryptoUtils() {
+
+ qint32 CryptoUtils::encryptPacketBuffer(OutboundPkt &p, void *encryptBuffer) {
+ RSA *pubKey = mSettings->pubKey();
+- return padRsaEncrypt((char *) p.buffer(), p.length() * 4, (char *) encryptBuffer, ENCRYPT_BUFFER_INTS * 4, pubKey->n, pubKey->e);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ BIGNUM *key_e = pubKey->e;
++ BIGNUM *key_n = pubKey->n;
++#else
++ const BIGNUM *key_e;
++ const BIGNUM *key_n;
++ RSA_get0_key(pubKey, &key_n, &key_e, NULL);
++#endif
++ return padRsaEncrypt((char *) p.buffer(), p.length() * 4, (char *) encryptBuffer, ENCRYPT_BUFFER_INTS * 4, key_n, key_e);
+ }
+
+ qint32 CryptoUtils::encryptPacketBufferAESUnAuth(const char serverNonce[16], const char hiddenClientNonce[32], OutboundPkt &p, void *encryptBuffer) {
+@@ -48,7 +56,11 @@ qint32 CryptoUtils::encryptPacketBufferAESUnAuth(const char serverNonce[16], con
+ return padAESEncrypt ((char *) p.buffer(), p.length() * 4, (char *) encryptBuffer, ENCRYPT_BUFFER_INTS * 4);
+ }
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ qint32 CryptoUtils::padRsaEncrypt (char *from, qint32 from_len, char *to, qint32 size, BIGNUM *N, BIGNUM *E) {
++#else
++qint32 CryptoUtils::padRsaEncrypt (char *from, qint32 from_len, char *to, qint32 size, const BIGNUM *N, const BIGNUM *E) {
++#endif
+ qint32 pad = (255000 - from_len - 32) % 255 + 32;
+ qint32 chunks = (from_len + pad) / 255;
+ qint32 bits = BN_num_bits (N);
+@@ -61,6 +73,7 @@ qint32 CryptoUtils::padRsaEncrypt (char *from, qint32 from_len, char *to, qint32
+ Q_UNUSED(isSupported);
+ Q_ASSERT(isSupported >= 0);
+ qint32 i;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BIGNUM x, y;
+ BN_init (&x);
+ BN_init (&y);
+@@ -77,6 +90,23 @@ qint32 CryptoUtils::padRsaEncrypt (char *from, qint32 from_len, char *to, qint32
+ }
+ BN_free (&x);
+ BN_free (&y);
++#else
++ BIGNUM *x = BN_new(),
++ *y = BN_new();
++ for (i = 0; i < chunks; i++) {
++ BN_bin2bn ((uchar *) from, 255, x);
++ qint32 success = BN_mod_exp (y, x, E, N, BN_ctx);
++ Q_UNUSED(success);
++ Q_ASSERT(success == 1);
++ unsigned l = 256 - BN_num_bytes (y);
++ Q_ASSERT(l <= 256);
++ memset (to, 0, l);
++ BN_bn2bin (y, (uchar *) to + l);
++ to += 256;
++ }
++ BN_free (x);
++ BN_free (y);
++#endif
+ return chunks * 256;
+ }
+
+@@ -173,18 +203,26 @@ qint32 CryptoUtils::checkPrime (BIGNUM *p) {
+
+ qint32 CryptoUtils::checkDHParams (BIGNUM *p, qint32 g) {
+ if (g < 2 || g > 7) { return -1; }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BIGNUM t;
+ BN_init (&t);
+-
+ BIGNUM dh_g;
+ BN_init (&dh_g);
+- Utils::ensure (BN_set_word (&dh_g, 4 * g));
+
++ Utils::ensure (BN_set_word (&dh_g, 4 * g));
+ Utils::ensure (BN_mod (&t, p, &dh_g, BN_ctx));
+ qint32 x = BN_get_word (&t);
+- Q_ASSERT(x >= 0 && x < 4 * g);
+-
+ BN_free (&dh_g);
++#else
++ BIGNUM *t = BN_new();
++ BIGNUM *dh_g = BN_new();
++
++ Utils::ensure (BN_set_word (dh_g, 4 * g));
++ Utils::ensure (BN_mod (t, p, dh_g, BN_ctx));
++ qint32 x = BN_get_word (t);
++ BN_free (dh_g);
++#endif
++ Q_ASSERT(x >= 0 && x < 4 * g);
+
+ switch (g) {
+ case 2:
+@@ -208,6 +246,7 @@ qint32 CryptoUtils::checkDHParams (BIGNUM *p, qint32 g) {
+
+ if (!checkPrime (p)) { return -1; }
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BIGNUM b;
+ BN_init (&b);
+ Utils::ensure (BN_set_word (&b, 2));
+@@ -215,6 +254,14 @@ qint32 CryptoUtils::checkDHParams (BIGNUM *p, qint32 g) {
+ if (!checkPrime (&t)) { return -1; }
+ BN_free (&b);
+ BN_free (&t);
++#else
++ BIGNUM *b = BN_new();
++ Utils::ensure (BN_set_word (b, 2));
++ Utils::ensure (BN_div (t, 0, p, b, BN_ctx));
++ if (!checkPrime (t)) { return -1; }
++ BN_free (b);
++ BN_free (t);
++#endif
+ return 0;
+ }
+
+@@ -229,6 +276,7 @@ qint32 CryptoUtils::checkCalculatedParams(const BIGNUM *gAOrB, const BIGNUM *g,
+ ASSERT(p);
+
+ // 1) gAOrB and g greater than one and smaller than p-1
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BIGNUM one;
+ BN_init(&one);
+ Utils::ensure(BN_one(&one));
+@@ -272,6 +320,46 @@ qint32 CryptoUtils::checkCalculatedParams(const BIGNUM *gAOrB, const BIGNUM *g,
+ BN_free(&exp);
+ BN_free(&lowLimit);
+ BN_free(&highLimit);
++#else
++ BIGNUM *one = BN_new();
++ Utils::ensure(BN_one(one));
++
++ BIGNUM *pMinusOne = BN_dup(p);
++ Utils::ensure(BN_sub_word(pMinusOne, 1));
++
++ // check params greater than one
++ if (BN_cmp(gAOrB, one) <= 0) return -1;
++ if (BN_cmp(g, one) <= 0) return -1;
++
++ // check params <= p-1
++ if (BN_cmp(gAOrB, pMinusOne) >= 0) return -1;
++ if (BN_cmp(g, pMinusOne) >= 0) return -1;
++
++ // 2) gAOrB between 2^{2048-64} and p - 2^{2048-64}
++ quint64 expWord = 2048 - 64;
++ BIGNUM *exp = BN_new();
++ Utils::ensure(BN_set_word(exp, expWord));
++
++ BIGNUM *base = BN_new();
++ Utils::ensure(BN_set_word(base, 2));
++
++ // lowLimit = base ^ exp
++ BIGNUM *lowLimit = BN_new();
++ Utils::ensure(BN_exp(lowLimit, base, exp, BN_ctx));
++
++ // highLimit = p - lowLimit
++ BIGNUM *highLimit = BN_new();
++ BN_sub(highLimit, p, lowLimit);
++
++ if (BN_cmp(gAOrB, lowLimit) < 0) return -1;
++ if (BN_cmp(gAOrB, highLimit) > 0) return -1;
++
++ BN_free(one);
++ BN_free(pMinusOne);
++ BN_free(exp);
++ BN_free(lowLimit);
++ BN_free(highLimit);
++#endif
+
+ return 0;
+ }
+index 3eb9fde..bb0df13 100644
+--- util/cryptoutils.h
++++ util/cryptoutils.h
+@@ -39,7 +39,11 @@ class CryptoUtils : public QObject
+
+ qint32 encryptPacketBuffer(OutboundPkt &p, void *encryptBuffer);
+ qint32 encryptPacketBufferAESUnAuth(const char serverNonce[16], const char hiddenClientNonce[32], OutboundPkt &p, void *encryptBuffer);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ qint32 padRsaEncrypt(char *from, qint32 from_len, char *to, qint32 size, BIGNUM *N, BIGNUM *E);
++#else
++ qint32 padRsaEncrypt(char *from, qint32 from_len, char *to, qint32 size, const BIGNUM *N, const BIGNUM *E);
++#endif
+
+ void initAESAuth (char authKey[192], char msgKey[16], qint32 encrypt);
+ void initAESUnAuth(const char serverNonce[16], const char hiddenClientNonce[32], qint32 encrypt);
+index f12a3b0..8b12b3b 100644
+--- util/utils.cpp
++++ util/utils.cpp
+@@ -152,7 +152,7 @@ QByteArray Utils::generateRandomBytes() {
+ return randomBytes;
+ }
+
+-qint32 Utils::serializeBignum(BIGNUM *b, char *buffer, qint32 maxlen) {
++qint32 Utils::serializeBignum(const BIGNUM *b, char *buffer, qint32 maxlen) {
+ qint32 itslen = BN_num_bytes (b);
+ qint32 reqlen;
+ if (itslen < 254) {
+@@ -300,10 +300,20 @@ RSA *Utils::rsaLoadPublicKey(const QString &publicKeyName) {
+ qint64 Utils::computeRSAFingerprint(RSA *key) {
+ static char tempbuff[4096];
+ static uchar sha[20];
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ Q_ASSERT(key->n && key->e);
+ qint32 l1 = serializeBignum (key->n, tempbuff, 4096);
+ Q_ASSERT(l1 > 0);
+ qint32 l2 = serializeBignum (key->e, tempbuff + l1, 4096 - l1);
++#else
++ const BIGNUM *key_e;
++ const BIGNUM *key_n;
++ RSA_get0_key(key, &key_n, &key_e, NULL);
++ Q_ASSERT(key_n && key_e);
++ qint32 l1 = serializeBignum (key_n, tempbuff, 4096);
++ Q_ASSERT(l1 > 0);
++ qint32 l2 = serializeBignum (key_e, tempbuff + l1, 4096 - l1);
++#endif
+ Q_ASSERT(l2 > 0 && l1 + l2 <= 4096);
+ SHA1 ((uchar *)tempbuff, l1 + l2, sha);
+ return *(qint64 *)(sha + 12);
+index 8afcebd..1297e3a 100644
+--- util/utils.h
++++ util/utils.h
+@@ -39,5 +39,5 @@ class LIBQTELEGRAMSHARED_EXPORT Utils : public QObject
+ static qint32 randomBytes(void *buffer, qint32 count);
+- static qint32 serializeBignum(BIGNUM *b, char *buffer, qint32 maxlen);
++ static qint32 serializeBignum(const BIGNUM *b, char *buffer, qint32 maxlen);
+ static double getUTime(qint32 clockId);
+ static quint64 gcd (quint64 a, quint64 b);
+