diff --git a/depends/packages/openssl.mk b/depends/packages/openssl.mk index 661d0c318..7d5a7c81c 100644 --- a/depends/packages/openssl.mk +++ b/depends/packages/openssl.mk @@ -1,8 +1,8 @@ package=openssl -$(package)_version=1.0.1k +$(package)_version=1.1.0b $(package)_download_path=https://www.openssl.org/source $(package)_file_name=$(package)-$($(package)_version).tar.gz -$(package)_sha256_hash=8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c +$(package)_sha256_hash=a45de072bf9be4dea437230aaf036000f0e68c6a665931c57e76b5b036cef6f7 define $(package)_set_vars $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)" @@ -10,33 +10,25 @@ $(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/o $(package)_config_opts+=no-camellia $(package)_config_opts+=no-capieng $(package)_config_opts+=no-cast +$(package)_config_opts+=no-cms $(package)_config_opts+=no-comp $(package)_config_opts+=no-dso $(package)_config_opts+=no-dtls1 $(package)_config_opts+=no-ec_nistp_64_gcc_128 $(package)_config_opts+=no-gost -$(package)_config_opts+=no-gmp $(package)_config_opts+=no-heartbeats $(package)_config_opts+=no-idea -$(package)_config_opts+=no-jpake -$(package)_config_opts+=no-krb5 -$(package)_config_opts+=no-libunbound $(package)_config_opts+=no-md2 $(package)_config_opts+=no-mdc2 $(package)_config_opts+=no-rc4 $(package)_config_opts+=no-rc5 $(package)_config_opts+=no-rdrand $(package)_config_opts+=no-rfc3779 -$(package)_config_opts+=no-rsax $(package)_config_opts+=no-sctp $(package)_config_opts+=no-seed -$(package)_config_opts+=no-sha0 $(package)_config_opts+=no-shared $(package)_config_opts+=no-ssl-trace -$(package)_config_opts+=no-ssl2 $(package)_config_opts+=no-ssl3 -$(package)_config_opts+=no-static_engine -$(package)_config_opts+=no-store $(package)_config_opts+=no-unit-test $(package)_config_opts+=no-weak-ssl-ciphers $(package)_config_opts+=no-whirlpool @@ -58,7 +50,7 @@ endef define $(package)_preprocess_cmds sed -i.old "/define DATE/d" util/mkbuildinf.pl && \ - sed -i.old "s|engines apps test|engines|" Makefile.org + sed -i.old "s|\"engines\", \"apps\", \"test\"|\"engines\"|" Configure endef define $(package)_config_cmds @@ -70,7 +62,7 @@ define $(package)_build_cmds endef define $(package)_stage_cmds - $(MAKE) INSTALL_PREFIX=$($(package)_staging_dir) -j1 install_sw + $(MAKE) DESTDIR=$($(package)_staging_dir) -j1 install_sw endef define $(package)_postprocess_cmds diff --git a/src/ecwrapper.cpp b/src/ecwrapper.cpp index f94bc954f..73e8a8395 100644 --- a/src/ecwrapper.cpp +++ b/src/ecwrapper.cpp @@ -8,7 +8,6 @@ #include "uint256.h" #include -#include #include namespace { @@ -62,6 +61,9 @@ int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned ch int n = 0; int i = recid / 2; + const BIGNUM *sig_r, *sig_s; + ECDSA_SIG_get0(ecsig, &sig_r, &sig_s); + const EC_GROUP *group = EC_KEY_get0_group(eckey); if ((ctx = BN_CTX_new()) == NULL) { ret = -1; goto err; } BN_CTX_start(ctx); @@ -70,7 +72,7 @@ int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned ch x = BN_CTX_get(ctx); if (!BN_copy(x, order)) { ret=-1; goto err; } if (!BN_mul_word(x, i)) { ret=-1; goto err; } - if (!BN_add(x, x, ecsig->r)) { ret=-1; goto err; } + if (!BN_add(x, x, sig_r)) { ret=-1; goto err; } field = BN_CTX_get(ctx); if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; } if (BN_cmp(x, field) >= 0) { ret=0; goto err; } @@ -91,9 +93,9 @@ int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned ch if (!BN_zero(zero)) { ret=-1; goto err; } if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; } rr = BN_CTX_get(ctx); - if (!BN_mod_inverse(rr, ecsig->r, order, ctx)) { ret=-1; goto err; } + if (!BN_mod_inverse(rr, sig_r, order, ctx)) { ret=-1; goto err; } sor = BN_CTX_get(ctx); - if (!BN_mod_mul(sor, ecsig->s, rr, order, ctx)) { ret=-1; goto err; } + if (!BN_mod_mul(sor, sig_s, rr, order, ctx)) { ret=-1; goto err; } eor = BN_CTX_get(ctx); if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; } if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; } @@ -177,8 +179,14 @@ bool CECKey::Recover(const uint256 &hash, const unsigned char *p64, int rec) if (rec<0 || rec>=3) return false; ECDSA_SIG *sig = ECDSA_SIG_new(); - BN_bin2bn(&p64[0], 32, sig->r); - BN_bin2bn(&p64[32], 32, sig->s); + BIGNUM *sig_r, *sig_s; + if (!(sig_r = BN_bin2bn(&p64[0], 32, nullptr)) || + !(sig_s = BN_bin2bn(&p64[32], 32, nullptr)) || + !ECDSA_SIG_set0(sig, sig_r, sig_s)) { + BN_free(sig_r); + BN_free(sig_s); + return false; + } bool ret = ECDSA_SIG_recover_key_GFp(pkey, sig, (unsigned char*)&hash, sizeof(hash), rec, 0) == 1; ECDSA_SIG_free(sig); return ret; diff --git a/src/test/bignum.h b/src/test/bignum.h index e7aeee9db..94307985b 100644 --- a/src/test/bignum.h +++ b/src/test/bignum.h @@ -23,48 +23,49 @@ public: /** C++ wrapper for BIGNUM (OpenSSL bignum) */ -class CBigNum : public BIGNUM +class CBigNum { + BIGNUM* bn; public: CBigNum() { - BN_init(this); + bn = BN_new(); } CBigNum(const CBigNum& b) { - BN_init(this); - if (!BN_copy(this, &b)) + bn = BN_new(); + if (!BN_copy(bn, b.bn)) { - BN_clear_free(this); + BN_clear_free(bn); throw bignum_error("CBigNum::CBigNum(const CBigNum&): BN_copy failed"); } } CBigNum& operator=(const CBigNum& b) { - if (!BN_copy(this, &b)) + if (!BN_copy(bn, b.bn)) throw bignum_error("CBigNum::operator=: BN_copy failed"); return (*this); } ~CBigNum() { - BN_clear_free(this); + BN_clear_free(bn); } - CBigNum(long long n) { BN_init(this); setint64(n); } + CBigNum(long long n) { bn = BN_new(); setint64(n); } explicit CBigNum(const std::vector& vch) { - BN_init(this); + bn = BN_new(); setvch(vch); } int getint() const { - BN_ULONG n = BN_get_word(this); - if (!BN_is_negative(this)) + BN_ULONG n = BN_get_word(bn); + if (!BN_is_negative(bn)) return (n > (BN_ULONG)std::numeric_limits::max() ? std::numeric_limits::max() : n); else return (n > (BN_ULONG)std::numeric_limits::max() ? std::numeric_limits::min() : -(int)n); @@ -112,7 +113,7 @@ public: pch[1] = (nSize >> 16) & 0xff; pch[2] = (nSize >> 8) & 0xff; pch[3] = (nSize) & 0xff; - BN_mpi2bn(pch, p - pch, this); + BN_mpi2bn(pch, p - pch, bn); } void setvch(const std::vector& vch) @@ -127,22 +128,30 @@ public: vch2[3] = (nSize >> 0) & 0xff; // swap data to big endian reverse_copy(vch.begin(), vch.end(), vch2.begin() + 4); - BN_mpi2bn(&vch2[0], vch2.size(), this); + BN_mpi2bn(&vch2[0], vch2.size(), bn); } std::vector getvch() const { - unsigned int nSize = BN_bn2mpi(this, NULL); + unsigned int nSize = BN_bn2mpi(bn, NULL); if (nSize <= 4) return std::vector(); std::vector vch(nSize); - BN_bn2mpi(this, &vch[0]); + BN_bn2mpi(bn, &vch[0]); vch.erase(vch.begin(), vch.begin() + 4); reverse(vch.begin(), vch.end()); return vch; } + friend inline const CBigNum operator+(const CBigNum& a, const CBigNum& b); friend inline const CBigNum operator-(const CBigNum& a, const CBigNum& b); + friend inline const CBigNum operator-(const CBigNum& a); + friend inline bool operator==(const CBigNum& a, const CBigNum& b); + friend inline bool operator!=(const CBigNum& a, const CBigNum& b); + friend inline bool operator<=(const CBigNum& a, const CBigNum& b); + friend inline bool operator>=(const CBigNum& a, const CBigNum& b); + friend inline bool operator<(const CBigNum& a, const CBigNum& b); + friend inline bool operator>(const CBigNum& a, const CBigNum& b); }; @@ -150,7 +159,7 @@ public: inline const CBigNum operator+(const CBigNum& a, const CBigNum& b) { CBigNum r; - if (!BN_add(&r, &a, &b)) + if (!BN_add(r.bn, a.bn, b.bn)) throw bignum_error("CBigNum::operator+: BN_add failed"); return r; } @@ -158,7 +167,7 @@ inline const CBigNum operator+(const CBigNum& a, const CBigNum& b) inline const CBigNum operator-(const CBigNum& a, const CBigNum& b) { CBigNum r; - if (!BN_sub(&r, &a, &b)) + if (!BN_sub(r.bn, a.bn, b.bn)) throw bignum_error("CBigNum::operator-: BN_sub failed"); return r; } @@ -166,15 +175,15 @@ inline const CBigNum operator-(const CBigNum& a, const CBigNum& b) inline const CBigNum operator-(const CBigNum& a) { CBigNum r(a); - BN_set_negative(&r, !BN_is_negative(&r)); + BN_set_negative(r.bn, !BN_is_negative(r.bn)); return r; } -inline bool operator==(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) == 0); } -inline bool operator!=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) != 0); } -inline bool operator<=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) <= 0); } -inline bool operator>=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) >= 0); } -inline bool operator<(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) < 0); } -inline bool operator>(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) > 0); } +inline bool operator==(const CBigNum& a, const CBigNum& b) { return (BN_cmp(a.bn, b.bn) == 0); } +inline bool operator!=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(a.bn, b.bn) != 0); } +inline bool operator<=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(a.bn, b.bn) <= 0); } +inline bool operator>=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(a.bn, b.bn) >= 0); } +inline bool operator<(const CBigNum& a, const CBigNum& b) { return (BN_cmp(a.bn, b.bn) < 0); } +inline bool operator>(const CBigNum& a, const CBigNum& b) { return (BN_cmp(a.bn, b.bn) > 0); } #endif // BITCOIN_TEST_BIGNUM_H diff --git a/src/wallet/crypter.cpp b/src/wallet/crypter.cpp index 0b0fb562e..7c57550b7 100644 --- a/src/wallet/crypter.cpp +++ b/src/wallet/crypter.cpp @@ -58,15 +58,13 @@ bool CCrypter::Encrypt(const CKeyingMaterial& vchPlaintext, std::vector (nCLen); - EVP_CIPHER_CTX ctx; - bool fOk = true; - EVP_CIPHER_CTX_init(&ctx); - if (fOk) fOk = EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0; - if (fOk) fOk = EVP_EncryptUpdate(&ctx, &vchCiphertext[0], &nCLen, &vchPlaintext[0], nLen) != 0; - if (fOk) fOk = EVP_EncryptFinal_ex(&ctx, (&vchCiphertext[0]) + nCLen, &nFLen) != 0; - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + if (fOk) fOk = EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0; + if (fOk) fOk = EVP_EncryptUpdate(ctx, &vchCiphertext[0], &nCLen, &vchPlaintext[0], nLen) != 0; + if (fOk) fOk = EVP_EncryptFinal_ex(ctx, (&vchCiphertext[0]) + nCLen, &nFLen) != 0; + EVP_CIPHER_CTX_free(ctx); if (!fOk) return false; @@ -85,15 +83,13 @@ bool CCrypter::Decrypt(const std::vector& vchCiphertext, CKeyingM vchPlaintext = CKeyingMaterial(nPLen); - EVP_CIPHER_CTX ctx; - bool fOk = true; - EVP_CIPHER_CTX_init(&ctx); - if (fOk) fOk = EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0; - if (fOk) fOk = EVP_DecryptUpdate(&ctx, &vchPlaintext[0], &nPLen, &vchCiphertext[0], nLen) != 0; - if (fOk) fOk = EVP_DecryptFinal_ex(&ctx, (&vchPlaintext[0]) + nPLen, &nFLen) != 0; - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + if (fOk) fOk = EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0; + if (fOk) fOk = EVP_DecryptUpdate(ctx, &vchPlaintext[0], &nPLen, &vchCiphertext[0], nLen) != 0; + if (fOk) fOk = EVP_DecryptFinal_ex(ctx, (&vchPlaintext[0]) + nPLen, &nFLen) != 0; + EVP_CIPHER_CTX_free(ctx); if (!fOk) return false;