Created
January 24, 2025 20:58
-
-
Save llm96/625803ceed0d23eb81a10fe587b6fb7e to your computer and use it in GitHub Desktop.
Fix aacskeys compilation with OpenSSL 3.4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/src/aacs_aes.cpp b/src/aacs_aes.cpp | |
| index b1bb19b..b7b335f 100644 | |
| --- a/src/aacs_aes.cpp | |
| +++ b/src/aacs_aes.cpp | |
| @@ -113,14 +113,16 @@ int calculate_title_key_file_mac(const unsigned char *title_key_file, size_t len | |
| int calculate_title_key_file_hash(const unsigned char *title_key_file, size_t length, /*out*/ unsigned char *title_key_file_hash) { | |
| - EVP_MD_CTX mdctx; | |
| + EVP_MD_CTX* mdctx = NULL; | |
| unsigned int md_len; | |
| - EVP_MD_CTX_init(&mdctx); | |
| + mdctx = EVP_MD_CTX_new(); | |
| - EVP_DigestInit(&mdctx, EVP_sha1()); | |
| - EVP_DigestUpdate(&mdctx, title_key_file, length); | |
| - EVP_DigestFinal_ex(&mdctx, title_key_file_hash, &md_len); | |
| + EVP_DigestInit(mdctx, EVP_sha1()); | |
| + EVP_DigestUpdate(mdctx, title_key_file, length); | |
| + EVP_DigestFinal_ex(mdctx, title_key_file_hash, &md_len); | |
| + | |
| + EVP_MD_CTX_free(mdctx); | |
| return 1; | |
| } | |
| diff --git a/src/aacs_ecdsa.cpp b/src/aacs_ecdsa.cpp | |
| index ff6e29c..ce1308d 100644 | |
| --- a/src/aacs_ecdsa.cpp | |
| +++ b/src/aacs_ecdsa.cpp | |
| @@ -155,9 +155,10 @@ int aacs_set_cert(/*out*/ EC_KEY *key, const unsigned char *cert) { | |
| int aacs_verify(const unsigned char *cert, const unsigned char *signature, const unsigned char *nonce, const unsigned char *point) { | |
| unsigned char md_value[EVP_MAX_MD_SIZE]; | |
| unsigned int md_len; | |
| - EVP_MD_CTX mdctx; | |
| + EVP_MD_CTX* mdctx = NULL; | |
| EC_KEY *key = NULL; | |
| ECDSA_SIG *sig = NULL; // Can be freed before beeing intialized, initialize here | |
| + BIGNUM* r = NULL, *s = NULL; | |
| int ret = -1; | |
| if ((key = aacs_key()) == NULL) { | |
| @@ -170,21 +171,28 @@ int aacs_verify(const unsigned char *cert, const unsigned char *signature, const | |
| goto err; | |
| } | |
| - EVP_MD_CTX_init(&mdctx); | |
| + mdctx = EVP_MD_CTX_new(); | |
| - EVP_DigestInit(&mdctx, EVP_ecdsa()); | |
| - EVP_DigestUpdate(&mdctx, nonce, 20); | |
| - EVP_DigestUpdate(&mdctx, point, 40); | |
| - EVP_DigestFinal_ex(&mdctx, md_value, &md_len); | |
| + EVP_DigestInit(mdctx, EVP_sha1()); | |
| + EVP_DigestUpdate(mdctx, nonce, 20); | |
| + EVP_DigestUpdate(mdctx, point, 40); | |
| + EVP_DigestFinal_ex(mdctx, md_value, &md_len); | |
| - if ((sig = ECDSA_SIG_new()) == NULL || BN_bin2bn(signature, 20, sig->r) == NULL || BN_bin2bn(signature+20, 20, sig->s) == NULL) { | |
| + r = BN_new(); | |
| + s = BN_new(); | |
| + | |
| + if ((sig = ECDSA_SIG_new()) == NULL || BN_bin2bn(signature, 20, r) == NULL || BN_bin2bn(signature+20, 20, s) == NULL) { | |
| ret = -4; | |
| goto err; | |
| } | |
| + ECDSA_SIG_set0(sig, r, s); | |
| ret = ECDSA_do_verify(md_value, md_len, sig, key); | |
| err: | |
| + if (mdctx) | |
| + EVP_MD_CTX_free(mdctx); | |
| + | |
| if (sig) | |
| ECDSA_SIG_free(sig); | |
| @@ -197,9 +205,10 @@ err: | |
| int aacs_sign(const unsigned char *cert, const unsigned char *priv_key, /*out*/ unsigned char *signature, const unsigned char *nonce, const unsigned char *point) { | |
| unsigned char md_value[EVP_MAX_MD_SIZE]; | |
| unsigned int md_len; | |
| - EVP_MD_CTX mdctx; | |
| + EVP_MD_CTX* mdctx = NULL; | |
| EC_KEY *key = NULL; | |
| ECDSA_SIG *sig = NULL; | |
| + const BIGNUM *r = NULL, *s = NULL; | |
| BIGNUM *priv_key_bn = NULL; | |
| int ret = -1; | |
| @@ -218,21 +227,24 @@ int aacs_sign(const unsigned char *cert, const unsigned char *priv_key, /*out*/ | |
| goto err; | |
| } | |
| - EVP_MD_CTX_init(&mdctx); | |
| + mdctx = EVP_MD_CTX_new(); | |
| - EVP_DigestInit(&mdctx, EVP_ecdsa()); | |
| - EVP_DigestUpdate(&mdctx, nonce, 20); | |
| - EVP_DigestUpdate(&mdctx, point, 40); | |
| - EVP_DigestFinal_ex(&mdctx, md_value, &md_len); | |
| + EVP_DigestInit(mdctx, EVP_sha1()); | |
| + EVP_DigestUpdate(mdctx, nonce, 20); | |
| + EVP_DigestUpdate(mdctx, point, 40); | |
| + EVP_DigestFinal_ex(mdctx, md_value, &md_len); | |
| sig = ECDSA_do_sign(md_value, md_len, key); | |
| - if (BN_bn2bin(sig->r, signature) != 20) { | |
| + r = ECDSA_SIG_get0_r(sig); | |
| + s = ECDSA_SIG_get0_s(sig); | |
| + | |
| + if (BN_bn2bin(r, signature) != 20) { | |
| ret = -5; | |
| goto err; | |
| } | |
| - if (BN_bn2bin(sig->s, signature+20) != 20) { | |
| + if (BN_bn2bin(s, signature+20) != 20) { | |
| ret = -6; | |
| goto err; | |
| } | |
| @@ -241,6 +253,9 @@ int aacs_sign(const unsigned char *cert, const unsigned char *priv_key, /*out*/ | |
| ret = 1; | |
| err: | |
| + if (mdctx) | |
| + EVP_MD_CTX_free(mdctx); | |
| + | |
| if (sig) | |
| ECDSA_SIG_free(sig); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment