summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2023-07-05 10:30:52 +0200
committerGravatar Nikias Bassen2023-07-05 10:30:52 +0200
commite57b6e7163277c6a63f22a7e2942cf666cf71a80 (patch)
tree56c083f63bffb238a1aabd8f43a42489c19570d6
parent474fd9284b76d8ddd3a3aec41cbca3cc48271cc1 (diff)
downloadlibimobiledevice-e57b6e7163277c6a63f22a7e2942cf666cf71a80.tar.gz
libimobiledevice-e57b6e7163277c6a63f22a7e2942cf666cf71a80.tar.bz2
Updated OpenSSL-specific code to use OpenSSL 3.0+ API
-rw-r--r--common/userpref.c25
-rw-r--r--src/idevice.c34
-rw-r--r--tools/idevicebackup.c18
3 files changed, 69 insertions, 8 deletions
diff --git a/common/userpref.c b/common/userpref.c
index 11e28ba..b64c703 100644
--- a/common/userpref.c
+++ b/common/userpref.c
@@ -435,6 +435,10 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
debug_info("Generating keys and certificates...");
#if defined(HAVE_OPENSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_PKEY* root_pkey = EVP_RSA_gen(2048);
+ EVP_PKEY* host_pkey = EVP_RSA_gen(2048);
+#else
BIGNUM *e = BN_new();
RSA* root_keypair = RSA_new();
RSA* host_keypair = RSA_new();
@@ -451,6 +455,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
EVP_PKEY* host_pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(host_pkey, host_keypair);
+#endif
/* generate root certificate */
X509* root_cert = X509_new();
@@ -561,12 +566,22 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
}
}
- RSA *pubkey = NULL;
+ EVP_PKEY *pubkey = NULL;
{
BIO *membp = BIO_new_mem_buf(public_key.data, public_key.size);
- if (!PEM_read_bio_RSAPublicKey(membp, &pubkey, NULL, NULL)) {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (!PEM_read_bio_PUBKEY(membp, &pubkey, NULL, NULL)) {
debug_info("WARNING: Could not read public key");
}
+#else
+ RSA *rsa_pubkey = NULL;
+ if (!PEM_read_bio_RSAPublicKey(membp, &rsa_pubkey, NULL, NULL)) {
+ debug_info("WARNING: Could not read public key");
+ } else {
+ pubkey = EVP_PKEY_new();
+ EVP_PKEY_assign_RSA(pubkey, rsa_pubkey);
+ }
+#endif
BIO_free(membp);
}
@@ -588,10 +603,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
X509_set1_notAfter(dev_cert, asn1time);
ASN1_TIME_free(asn1time);
- EVP_PKEY* pkey = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(pkey, pubkey);
- X509_set_pubkey(dev_cert, pkey);
- EVP_PKEY_free(pkey);
+ X509_set_pubkey(dev_cert, pubkey);
X509_add_ext_helper(dev_cert, NID_subject_key_identifier, (char*)"hash");
X509_add_ext_helper(dev_cert, NID_key_usage, (char*)"critical,digitalSignature,keyEncipherment");
@@ -618,6 +630,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
X509V3_EXT_cleanup();
X509_free(dev_cert);
+ EVP_PKEY_free(pubkey);
EVP_PKEY_free(root_pkey);
EVP_PKEY_free(host_pkey);
diff --git a/src/idevice.c b/src/idevice.c
index 8545317..719cd28 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -1057,18 +1057,33 @@ static void internal_ssl_cleanup(ssl_data_t ssl_data)
}
#ifdef HAVE_OPENSSL
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+static long ssl_idevice_bio_callback(BIO *b, int oper, const char *argp, size_t len, int argi, long argl, int retvalue, size_t *processed)
+#else
static long ssl_idevice_bio_callback(BIO *b, int oper, const char *argp, int argi, long argl, long retvalue)
+#endif
{
+ ssize_t bytes = 0;
idevice_connection_t conn = (idevice_connection_t)BIO_get_callback_arg(b);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
size_t len = (size_t)argi;
+ size_t *processed = (size_t*)&bytes;
+#endif
switch (oper) {
case (BIO_CB_READ|BIO_CB_RETURN):
- return argp ? (long)internal_ssl_read(conn, (char *)argp, len) : 0;
+ if (argp) {
+ bytes = internal_ssl_read(conn, (char *)argp, len);
+ *processed = bytes;
+ return (long)bytes;
+ }
+ return 0;
case (BIO_CB_PUTS|BIO_CB_RETURN):
len = strlen(argp);
// fallthrough
case (BIO_CB_WRITE|BIO_CB_RETURN):
- return (long)internal_ssl_write(conn, argp, len);
+ bytes = internal_ssl_write(conn, argp, len);
+ *processed = bytes;
+ return (long)bytes;
default:
return retvalue;
}
@@ -1079,7 +1094,11 @@ static BIO *ssl_idevice_bio_new(idevice_connection_t conn)
BIO *b = BIO_new(BIO_s_null());
if (!b) return NULL;
BIO_set_callback_arg(b, (char *)conn);
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ BIO_set_callback_ex(b, ssl_idevice_bio_callback);
+#else
BIO_set_callback(b, ssl_idevice_bio_callback);
+#endif
return b;
}
@@ -1257,6 +1276,16 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
X509_free(rootCert);
free(root_cert.data);
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_PKEY* rootPrivKey = NULL;
+ membp = BIO_new_mem_buf(root_privkey.data, root_privkey.size);
+ PEM_read_bio_PrivateKey(membp, &rootPrivKey, NULL, NULL);
+ BIO_free(membp);
+ if (SSL_CTX_use_PrivateKey(ssl_ctx, rootPrivKey) != 1) {
+ debug_info("WARNING: Could not load RootPrivateKey");
+ }
+ EVP_PKEY_free(rootPrivKey);
+#else
RSA* rootPrivKey = NULL;
membp = BIO_new_mem_buf(root_privkey.data, root_privkey.size);
PEM_read_bio_RSAPrivateKey(membp, &rootPrivKey, NULL, NULL);
@@ -1265,6 +1294,7 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
debug_info("WARNING: Could not load RootPrivateKey");
}
RSA_free(rootPrivKey);
+#endif
free(root_privkey.data);
SSL *ssl = SSL_new(ssl_ctx);
diff --git a/tools/idevicebackup.c b/tools/idevicebackup.c
index 1684666..5694c12 100644
--- a/tools/idevicebackup.c
+++ b/tools/idevicebackup.c
@@ -34,6 +34,9 @@
#include <getopt.h>
#if defined(HAVE_OPENSSL)
#include <openssl/sha.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
#elif defined(HAVE_GNUTLS)
#include <gcrypt.h>
#elif defined(HAVE_MBEDTLS)
@@ -113,7 +116,11 @@ static int compare_hash(const unsigned char *hash1, const unsigned char *hash2,
static void _sha1_update(void* context, const char* data, size_t len)
{
#if defined(HAVE_OPENSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_DigestUpdate(context, data, len);
+#else
SHA1_Update(context, data, len);
+#endif
#elif defined(HAVE_GNUTLS)
gcry_md_write(context, data, len);
#elif defined(HAVE_MBEDTLS)
@@ -124,9 +131,15 @@ static void _sha1_update(void* context, const char* data, size_t len)
static void compute_datahash(const char *path, const char *destpath, uint8_t greylist, const char *domain, const char *appid, const char *version, unsigned char *hash_out)
{
#if defined(HAVE_OPENSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_MD_CTX* sha1 = EVP_MD_CTX_new();
+ EVP_DigestInit(sha1, EVP_sha1());
+ void* psha1 = sha1;
+#else
SHA_CTX sha1;
SHA1_Init(&sha1);
void* psha1 = &sha1;
+#endif
#elif defined(HAVE_GNUTLS)
gcry_md_hd_t hd = NULL;
gcry_md_open(&hd, GCRY_MD_SHA1, 0);
@@ -180,7 +193,12 @@ static void compute_datahash(const char *path, const char *destpath, uint8_t gre
_sha1_update(psha1, "(null)", 6);
}
#if defined(HAVE_OPENSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_DigestFinal(sha1, hash_out, NULL);
+ EVP_MD_CTX_destroy(sha1);
+#else
SHA1_Final(hash_out, &sha1);
+#endif
#elif defined(HAVE_GNUTLS)
unsigned char *newhash = gcry_md_read(hd, GCRY_MD_SHA1);
memcpy(hash_out, newhash, 20);