diff options
| author | Shauren <shauren.trinity@gmail.com> | 2022-05-03 17:03:57 +0200 |
|---|---|---|
| committer | Shauren <shauren.trinity@gmail.com> | 2022-06-16 12:37:00 +0200 |
| commit | 77091ed599bf34782e26ede0c6b6cbd44c23c52d (patch) | |
| tree | e2172d0303f543ca9f974c3c746b62d127e7124f | |
| parent | e23a9943dd24cc8333f121c65f4ece969cc6be3d (diff) | |
Core/Crypto: Switch away from most deprecated openssl functions and removed upper version limit
(cherry picked from commit bc87f7b337154e683369a3790ee8fd1a7d4cba98)
| -rw-r--r-- | cmake/macros/FindOpenSSL.cmake | 3 | ||||
| -rw-r--r-- | src/common/Cryptography/CryptoConstants.h | 1 | ||||
| -rw-r--r-- | src/common/Cryptography/CryptoHash.h | 38 | ||||
| -rw-r--r-- | src/common/Cryptography/HMAC.h | 81 | ||||
| -rw-r--r-- | src/server/authserver/Main.cpp | 2 | ||||
| -rw-r--r-- | src/server/game/Warden/Warden.cpp | 31 | ||||
| -rw-r--r-- | src/server/game/Warden/WardenMac.cpp | 9 | ||||
| -rw-r--r-- | src/server/worldserver/Main.cpp | 2 |
8 files changed, 93 insertions, 74 deletions
diff --git a/cmake/macros/FindOpenSSL.cmake b/cmake/macros/FindOpenSSL.cmake index 2a18f098189..f40a591f9a7 100644 --- a/cmake/macros/FindOpenSSL.cmake +++ b/cmake/macros/FindOpenSSL.cmake @@ -80,7 +80,6 @@ Set ``OPENSSL_MSVC_STATIC_RT`` set ``TRUE`` to choose the MT version of the lib. #]=======================================================================] set(OPENSSL_EXPECTED_VERSION "1.0") -set(OPENSSL_MAX_VERSION "1.2") macro(_OpenSSL_test_and_find_dependencies ssl_library crypto_library) if((CMAKE_SYSTEM_NAME STREQUAL "Linux") AND @@ -574,7 +573,7 @@ if(OPENSSL_FOUND) message(STATUS "Found OpenSSL library: ${OPENSSL_LIBRARIES}") message(STATUS "Found OpenSSL headers: ${OPENSSL_INCLUDE_DIR}") include(EnsureVersion) - ENSURE_VERSION_RANGE("${OPENSSL_EXPECTED_VERSION}" "${OPENSSL_VERSION}" "${OPENSSL_MAX_VERSION}" OPENSSL_VERSION_OK) + ENSURE_VERSION("${OPENSSL_EXPECTED_VERSION}" "${OPENSSL_VERSION}" OPENSSL_VERSION_OK) if(NOT OPENSSL_VERSION_OK) message(FATAL_ERROR "TrinityCore needs OpenSSL version ${OPENSSL_EXPECTED_VERSION} but found too new version ${OPENSSL_VERSION}. TrinityCore needs OpenSSL 1.0.x or 1.1.x to work properly. If you still have problems please install OpenSSL 1.0.x if you still have problems search on forum for TCE00022") endif() diff --git a/src/common/Cryptography/CryptoConstants.h b/src/common/Cryptography/CryptoConstants.h index 7e698a685e4..d9fad902ab6 100644 --- a/src/common/Cryptography/CryptoConstants.h +++ b/src/common/Cryptography/CryptoConstants.h @@ -24,6 +24,7 @@ namespace Trinity::Crypto { struct Constants { + static constexpr size_t MD5_DIGEST_LENGTH_BYTES = 16; static constexpr size_t SHA1_DIGEST_LENGTH_BYTES = 20; static constexpr size_t SHA256_DIGEST_LENGTH_BYTES = 32; }; diff --git a/src/common/Cryptography/CryptoHash.h b/src/common/Cryptography/CryptoHash.h index 56af9740c04..38f2047c30d 100644 --- a/src/common/Cryptography/CryptoHash.h +++ b/src/common/Cryptography/CryptoHash.h @@ -35,10 +35,10 @@ namespace Trinity::Impl typedef EVP_MD const* (*HashCreator)(); #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L - static EVP_MD_CTX* MakeCTX() { return EVP_MD_CTX_create(); } + static EVP_MD_CTX* MakeCTX() noexcept { return EVP_MD_CTX_create(); } static void DestroyCTX(EVP_MD_CTX* ctx) { EVP_MD_CTX_destroy(ctx); } #else - static EVP_MD_CTX* MakeCTX() { return EVP_MD_CTX_new(); } + static EVP_MD_CTX* MakeCTX() noexcept { return EVP_MD_CTX_new(); } static void DestroyCTX(EVP_MD_CTX* ctx) { EVP_MD_CTX_free(ctx); } #endif }; @@ -73,6 +73,16 @@ namespace Trinity::Impl ASSERT(result == 1); } + GenericHash(GenericHash const& right) : _ctx(GenericHashImpl::MakeCTX()) + { + *this = right; + } + + GenericHash(GenericHash&& right) noexcept + { + *this = std::move(right); + } + ~GenericHash() { if (!_ctx) @@ -81,6 +91,27 @@ namespace Trinity::Impl _ctx = nullptr; } + GenericHash& operator=(GenericHash const& right) + { + if (this == &right) + return *this; + + int result = EVP_MD_CTX_copy(_ctx, right._ctx); + ASSERT(result == 1); + _digest = right._digest; + return *this; + } + + GenericHash& operator=(GenericHash&& right) noexcept + { + if (this == &right) + return *this; + + _ctx = std::exchange(right._ctx, GenericHashImpl::MakeCTX()); + _digest = std::exchange(right._digest, Digest{}); + return *this; + } + void UpdateData(uint8 const* data, size_t len) { int result = EVP_DigestUpdate(_ctx, data, len); @@ -98,8 +129,6 @@ namespace Trinity::Impl int result = EVP_DigestFinal_ex(_ctx, _digest.data(), &length); ASSERT(result == 1); ASSERT(length == DIGEST_LENGTH); - GenericHashImpl::DestroyCTX(_ctx); - _ctx = nullptr; } Digest const& GetDigest() const { return _digest; } @@ -112,6 +141,7 @@ namespace Trinity::Impl namespace Trinity::Crypto { + using MD5 = Trinity::Impl::GenericHash<EVP_md5, Constants::MD5_DIGEST_LENGTH_BYTES>; using SHA1 = Trinity::Impl::GenericHash<EVP_sha1, Constants::SHA1_DIGEST_LENGTH_BYTES>; using SHA256 = Trinity::Impl::GenericHash<EVP_sha256, Constants::SHA256_DIGEST_LENGTH_BYTES>; } diff --git a/src/common/Cryptography/HMAC.h b/src/common/Cryptography/HMAC.h index 200955df832..b8db59a1ae9 100644 --- a/src/common/Cryptography/HMAC.h +++ b/src/common/Cryptography/HMAC.h @@ -19,41 +19,18 @@ #define TRINITY_HMAC_H #include "CryptoConstants.h" +#include "CryptoHash.h" #include "Define.h" #include "Errors.h" #include <array> #include <string> #include <string_view> -#include <openssl/hmac.h> class BigNumber; namespace Trinity::Impl { - struct HMACImpl - { - typedef EVP_MD const* (*HashCreator)(); - -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L - static HMAC_CTX* MakeCTX() - { - HMAC_CTX* ctx = new HMAC_CTX(); - HMAC_CTX_init(ctx); - return ctx; - } - - static void DestroyCTX(HMAC_CTX* ctx) - { - HMAC_CTX_cleanup(ctx); - delete ctx; - } -#else - static HMAC_CTX* MakeCTX() { return HMAC_CTX_new(); } - static void DestroyCTX(HMAC_CTX* ctx) { HMAC_CTX_free(ctx); } -#endif - }; - - template <HMACImpl::HashCreator HashCreator, size_t DigestLength> + template <GenericHashImpl::HashCreator HashCreator, size_t DigestLength> class GenericHMAC { public: @@ -78,25 +55,58 @@ namespace Trinity::Impl return hash.GetDigest(); } - GenericHMAC(uint8 const* seed, size_t len) : _ctx(HMACImpl::MakeCTX()) + GenericHMAC(uint8 const* seed, size_t len) : _ctx(GenericHashImpl::MakeCTX()), _key(EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, nullptr, seed, len)) { - int result = HMAC_Init_ex(_ctx, seed, len, HashCreator(), nullptr); + int result = EVP_DigestSignInit(_ctx, nullptr, HashCreator(), nullptr, _key); ASSERT(result == 1); } template <typename Container> GenericHMAC(Container const& container) : GenericHMAC(std::data(container), std::size(container)) {} + GenericHMAC(GenericHMAC const& right) : _ctx(GenericHashImpl::MakeCTX()) + { + *this = right; + } + + GenericHMAC(GenericHMAC&& right) noexcept + { + *this = std::move(right); + } + ~GenericHMAC() { - if (!_ctx) - return; - HMACImpl::DestroyCTX(_ctx); + GenericHashImpl::DestroyCTX(_ctx); _ctx = nullptr; + EVP_PKEY_free(_key); + _key = nullptr; + } + + GenericHMAC& operator=(GenericHMAC const& right) + { + if (this == &right) + return *this; + + int result = EVP_MD_CTX_copy(_ctx, right._ctx); + ASSERT(result == 1); + _key = right._key; // EVP_PKEY uses reference counting internally, just copy the pointer + _digest = right._digest; + return *this; + } + + GenericHMAC& operator=(GenericHMAC&& right) noexcept + { + if (this == &right) + return *this; + + _ctx = std::exchange(right._ctx, GenericHashImpl::MakeCTX()); + _key = std::exchange(right._key, EVP_PKEY_new()); + _digest = std::exchange(right._digest, Digest{}); + return *this; } void UpdateData(uint8 const* data, size_t len) { - int result = HMAC_Update(_ctx, data, len); + int result = EVP_DigestSignUpdate(_ctx, data, len); ASSERT(result == 1); } void UpdateData(std::string_view str) { UpdateData(reinterpret_cast<uint8 const*>(str.data()), str.size()); } @@ -107,17 +117,16 @@ namespace Trinity::Impl void Finalize() { - uint32 length = 0; - int result = HMAC_Final(_ctx, _digest.data(), &length); + size_t length = 0; + int result = EVP_DigestSignFinal(_ctx, _digest.data(), &length); ASSERT(result == 1); ASSERT(length == DIGEST_LENGTH); - HMACImpl::DestroyCTX(_ctx); - _ctx = nullptr; } Digest const& GetDigest() const { return _digest; } private: - HMAC_CTX* _ctx; + EVP_MD_CTX* _ctx; + EVP_PKEY* _key; Digest _digest = { }; }; } diff --git a/src/server/authserver/Main.cpp b/src/server/authserver/Main.cpp index af0acb97236..145ec132966 100644 --- a/src/server/authserver/Main.cpp +++ b/src/server/authserver/Main.cpp @@ -121,7 +121,7 @@ int main(int argc, char** argv) []() { TC_LOG_INFO("server.authserver", "Using configuration file %s.", sConfigMgr->GetFilename().c_str()); - TC_LOG_INFO("server.authserver", "Using SSL version: %s (library: %s)", OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION)); + TC_LOG_INFO("server.authserver", "Using SSL version: %s (library: %s)", OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION)); TC_LOG_INFO("server.authserver", "Using Boost version: %i.%i.%i", BOOST_VERSION / 100000, BOOST_VERSION / 100 % 1000, BOOST_VERSION % 100); } ); diff --git a/src/server/game/Warden/Warden.cpp b/src/server/game/Warden/Warden.cpp index 8f109e387df..2f974860185 100644 --- a/src/server/game/Warden/Warden.cpp +++ b/src/server/game/Warden/Warden.cpp @@ -21,15 +21,12 @@ #include "Log.h" #include "Opcodes.h" #include "ByteBuffer.h" +#include "CryptoHash.h" #include "GameTime.h" #include "World.h" #include "Util.h" #include "Warden.h" #include "AccountMgr.h" - -#include <openssl/sha.h> -#include <openssl/md5.h> - #include <charconv> Warden::Warden() : _session(nullptr), _checkTimer(10 * IN_MILLISECONDS), _clientResponseTimer(0), @@ -47,10 +44,7 @@ void Warden::MakeModuleForClient() TC_LOG_DEBUG("warden", "Make module for client"); InitializeModuleForClient(_module.emplace()); - MD5_CTX ctx; - MD5_Init(&ctx); - MD5_Update(&ctx, _module->CompressedData, _module->CompressedSize); - MD5_Final(_module->Id.data(), &ctx); + _module->Id = Trinity::Crypto::MD5::GetDigestOf(_module->CompressedData, _module->CompressedSize); } void Warden::SendModuleToClient() @@ -160,28 +154,19 @@ bool Warden::IsValidCheckSum(uint32 checksum, uint8 const* data, const uint16 le } } -struct keyData { - union - { - struct - { - uint8 bytes[20]; - } bytes; - - struct - { - uint32 ints[5]; - } ints; - }; +union keyData +{ + std::array<uint8, 20> bytes; + std::array<uint32, 5> ints; }; uint32 Warden::BuildChecksum(uint8 const* data, uint32 length) { keyData hash; - SHA1(data, length, hash.bytes.bytes); + hash.bytes = Trinity::Crypto::SHA1::GetDigestOf(data, size_t(length)); uint32 checkSum = 0; for (uint8 i = 0; i < 5; ++i) - checkSum = checkSum ^ hash.ints.ints[i]; + checkSum = checkSum ^ hash.ints[i]; return checkSum; } diff --git a/src/server/game/Warden/WardenMac.cpp b/src/server/game/Warden/WardenMac.cpp index b2242123818..65f60670771 100644 --- a/src/server/game/Warden/WardenMac.cpp +++ b/src/server/game/Warden/WardenMac.cpp @@ -18,6 +18,7 @@ #include "WardenMac.h" #include "ByteBuffer.h" #include "Common.h" +#include "CryptoHash.h" #include "GameTime.h" #include "Log.h" #include "Opcodes.h" @@ -28,7 +29,6 @@ #include "WorldPacket.h" #include "WorldSession.h" -#include <openssl/md5.h> #include <array> WardenMac::WardenMac() : Warden() { } @@ -231,12 +231,7 @@ void WardenMac::HandleCheckResult(ByteBuffer &buff) //found = true; } - MD5_CTX ctx; - MD5_Init(&ctx); - MD5_Update(&ctx, str.c_str(), str.size()); - std::array<uint8, 16> ourMD5Hash; - MD5_Final(ourMD5Hash.data(), &ctx); - + std::array<uint8, 16> ourMD5Hash = Trinity::Crypto::MD5::GetDigestOf(str); std::array<uint8, 16> theirsMD5Hash; buff.read(theirsMD5Hash); diff --git a/src/server/worldserver/Main.cpp b/src/server/worldserver/Main.cpp index f370881001e..1c97d92b8f3 100644 --- a/src/server/worldserver/Main.cpp +++ b/src/server/worldserver/Main.cpp @@ -201,7 +201,7 @@ extern int main(int argc, char** argv) []() { TC_LOG_INFO("server.worldserver", "Using configuration file %s.", sConfigMgr->GetFilename().c_str()); - TC_LOG_INFO("server.worldserver", "Using SSL version: %s (library: %s)", OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION)); + TC_LOG_INFO("server.worldserver", "Using SSL version: %s (library: %s)", OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION)); TC_LOG_INFO("server.worldserver", "Using Boost version: %i.%i.%i", BOOST_VERSION / 100000, BOOST_VERSION / 100 % 1000, BOOST_VERSION % 100); } ); |