2023-11-22 09:06 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)

* contrib/hbssl/hbssl.hbm * contrib/hbssl/hbssl.hbx * contrib/hbssl/hbssl.h + contrib/hbssl/rsa.c + added PRG functions for RSA encryption/decryption: RSA_size( <pKey> ) -> <nCipherBlockSize> RSA_public_encrypt( <pKey>, <cData>, @<cDataEnc> ; [, <nPadding> = HB_RSA_PKCS1_PADDING ] ) ; -> <nSize> > 0 | <nError> <= 0 RSA_private_decrypt( <pKey>, <cDataEnc>, @<cDataDec> ; [, <nPadding> = HB_RSA_PKCS1_PADDING ] ) ; -> <nSize> > 0 | <nError> <= 0 RSA_private_encrypt( <pKey>, <cData>, @<cDataEnc> ; [, <nPadding> = HB_RSA_PKCS1_PADDING ] ) ; -> <nSize> > 0 | <nError> <= 0 RSA_public_decrypt( <pKey>, <cDataEnc>, @<cDataDec> ; [, <nPadding> = HB_RSA_PKCS1_PADDING ] ) ; -> <nSize> > 0 | <nError> <= 0 + added C functions for manipulating RSA keys inside HB_ITEMs: HB_BOOL hb_RSA_is( int iParam ); RSA * hb_RSA_par( int iParam ); void hb_RSA_ret( RSA * rsa ); * contrib/hbssl/pem.c + added support for RSA keys. Now the following PRG functions return RSA key which can be passed to RSA_* functions: PEM_READ_BIO_RSAPRIVATEKEY() PEM_READ_BIO_RSAPUBLICKEY() PEM_READ_BIO_RSA_PUBKEY() * contrib/hbssl/evppkey.c + added functions for EVP_PKEY encryption/decryption: EVP_PKEY_base_id( <pKey> ) -> <nType> EVP_PKEY_CTX_new( <pKey> ) -> <pKeyCTX> EVP_PKEY_encrypt_init( <pKeyCTX> ) -> <nResult> (1 - OK, <=0 - Error) EVP_PKEY_encrypt( <pKeyCTX>, @<cDataEnc>, <cData> ) ; -> <nSize> > 0 | <nError> <= 0 EVP_PKEY_decrypt_init( <pKeyCTX> ) -> <nResult> (1 - OK, <=0 - Error) EVP_PKEY_decrypt( <pKeyCTX>, @<cDataDec>, <cDataEnc> ) ; -> <nSize> > 0 | <nError> <= 0 Above functions can be used with keys loaded by: PEM_READ_PRIVATEKEY() PEM_READ_PUBKEY() In OpenSSL 3.0 typed functions like *RSA*, *DSA*, *DH*, ... are depreciated and common for different methods EVP ones should be used instead. + added support for RSA encryption/decryption in above functions in OpenSSL libraries prior 1.0.0 which do not have EVP_PKEY_CTX. RSA support is emulated by direct calls to RSA_* functions so now for RSA it's possible to use new functions with old OpenSSL libraries. * contrib/hbssl/hbssl.ch + added constants for RSA padding: HB_RSA_*_PADDING + added constants for EVP PKEY types: HB_EVP_PKEY_* * contrib/hbssl/hbssl.hbx + added new functions
harbour · Nov 22, 2023 · 74322e7 · 74322e7
1 parent 0000838
commit 74322e7
Show file tree

Hide file tree

Showing 8 changed files with 612 additions and 13 deletions.
diff --git a/ChangeLog.txt b/ChangeLog.txt
@@ -7,6 +7,66 @@
    Entries may not always be in chronological/commit order.
    See license at the end of file. */
 
+2023-11-22 09:06 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
+  * contrib/hbssl/hbssl.hbm
+  * contrib/hbssl/hbssl.hbx
+  * contrib/hbssl/hbssl.h
+  + contrib/hbssl/rsa.c
+    + added PRG functions for RSA encryption/decryption:
+         RSA_size( <pKey> ) -> <nCipherBlockSize>
+         RSA_public_encrypt( <pKey>, <cData>, @<cDataEnc> ;
+                              [, <nPadding> = HB_RSA_PKCS1_PADDING ] ) ;
+                  -> <nSize> > 0 | <nError> <= 0
+         RSA_private_decrypt( <pKey>, <cDataEnc>, @<cDataDec> ;
+                              [, <nPadding> = HB_RSA_PKCS1_PADDING ] ) ;
+                  -> <nSize> > 0 | <nError> <= 0
+         RSA_private_encrypt( <pKey>, <cData>, @<cDataEnc> ;
+                              [, <nPadding> = HB_RSA_PKCS1_PADDING ] ) ;
+                  -> <nSize> > 0 | <nError> <= 0
+         RSA_public_decrypt( <pKey>, <cDataEnc>, @<cDataDec> ;
+                              [, <nPadding> = HB_RSA_PKCS1_PADDING ] ) ;
+                  -> <nSize> > 0 | <nError> <= 0
+    + added C functions for manipulating RSA keys inside HB_ITEMs:
+         HB_BOOL hb_RSA_is( int iParam );
+         RSA *   hb_RSA_par( int iParam );
+         void    hb_RSA_ret( RSA * rsa );
+
+  * contrib/hbssl/pem.c
+    + added support for RSA keys.
+      Now the following PRG functions return RSA key which can be passed to
+      RSA_* functions:
+         PEM_READ_BIO_RSAPRIVATEKEY()
+         PEM_READ_BIO_RSAPUBLICKEY()
+         PEM_READ_BIO_RSA_PUBKEY()
+
+  * contrib/hbssl/evppkey.c
+    + added functions for EVP_PKEY encryption/decryption:
+         EVP_PKEY_base_id( <pKey> ) -> <nType>
+         EVP_PKEY_CTX_new( <pKey> ) -> <pKeyCTX>
+         EVP_PKEY_encrypt_init( <pKeyCTX> ) -> <nResult> (1 - OK, <=0 - Error)
+         EVP_PKEY_encrypt( <pKeyCTX>, @<cDataEnc>, <cData> ) ;
+                  -> <nSize> > 0 | <nError> <= 0
+         EVP_PKEY_decrypt_init( <pKeyCTX> ) -> <nResult> (1 - OK, <=0 - Error)
+         EVP_PKEY_decrypt( <pKeyCTX>, @<cDataDec>, <cDataEnc> ) ;
+                  -> <nSize> > 0 | <nError> <= 0
+      Above functions can be used with keys loaded by:
+         PEM_READ_PRIVATEKEY()
+         PEM_READ_PUBKEY()
+      In OpenSSL 3.0 typed functions like *RSA*, *DSA*, *DH*, ... are
+      depreciated and common for different methods EVP ones should be
+      used instead.
+    + added support for RSA encryption/decryption in above functions in
+      OpenSSL libraries prior 1.0.0 which do not have EVP_PKEY_CTX. RSA
+      support is emulated by direct calls to RSA_* functions so now for
+      RSA it's possible to use new functions with old OpenSSL libraries.
+
+  * contrib/hbssl/hbssl.ch
+    + added constants for RSA padding: HB_RSA_*_PADDING
+    + added constants for EVP PKEY types: HB_EVP_PKEY_*
+
+  * contrib/hbssl/hbssl.hbx
+    + added new functions
+
 2023-11-15 15:57 UTC+0100 Phil Krylov (phil a t krylov.eu)
   * contrib/hbsqlit3/tests/backup.prg
     + Simple change in test to provoke access to dangling pointer saved

diff --git a/contrib/hbssl/evppkey.c b/contrib/hbssl/evppkey.c
@@ -49,6 +49,7 @@
 #include "hbapiitm.h"
 
 #include <openssl/evp.h>
+#include <openssl/rsa.h>
 
 static HB_GARBAGE_FUNC( EVP_PKEY_release )
 {
@@ -92,6 +93,52 @@ void hb_EVP_PKEY_ret( EVP_PKEY * pkey )
    hb_retptrGC( ph );
 }
 
+static HB_GARBAGE_FUNC( EVP_PKEY_CTX_release )
+{
+   void ** ph = ( void ** ) Cargo;
+
+   /* Check if pointer is not NULL to avoid multiple freeing */
+   if( ph && *ph )
+   {
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+      EVP_PKEY_CTX_free( ( EVP_PKEY_CTX * ) *ph );
+#endif
+      /* set pointer to NULL just in case */
+      *ph = NULL;
+   }
+}
+
+static const HB_GC_FUNCS s_gcEVP_PKEY_CTX_funcs =
+{
+   EVP_PKEY_CTX_release,
+   hb_gcDummyMark
+};
+
+#if 0
+static HB_BOOL hb_EVP_PKEY_CTX_is( int iParam )
+{
+   return hb_parptrGC( &s_gcEVP_PKEY_CTX_funcs, iParam ) != NULL;
+}
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+static EVP_PKEY_CTX * hb_EVP_PKEY_CTX_par( int iParam )
+{
+   void ** ph = ( void ** ) hb_parptrGC( &s_gcEVP_PKEY_CTX_funcs, iParam );
+
+   return ph ? ( EVP_PKEY_CTX * ) *ph : NULL;
+}
+
+static void hb_EVP_PKEY_CTX_ret( EVP_PKEY_CTX * pkey )
+{
+   void ** ph = ( void ** ) hb_gcAllocate( sizeof( EVP_PKEY_CTX * ), &s_gcEVP_PKEY_CTX_funcs );
+
+   *ph = pkey;
+
+   hb_retptrGC( ph );
+}
+#endif
+
 HB_FUNC( EVP_PKEY_NEW )
 {
    hb_EVP_PKEY_ret( EVP_PKEY_new() );
@@ -102,6 +149,23 @@ HB_FUNC( EVP_PKEY_TYPE )
    hb_retni( EVP_PKEY_type( hb_parni( 1 ) ) );
 }
 
+HB_FUNC( EVP_PKEY_BASE_ID )
+{
+   if( hb_EVP_PKEY_is( 1 ) )
+   {
+      EVP_PKEY * pkey = hb_EVP_PKEY_par( 1 );
+
+      if( pkey )
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+         hb_retni( EVP_PKEY_base_id( pkey ) );
+#else
+         hb_retni( EVP_PKEY_type( hb_parni( 1 ) ) );
+#endif
+   }
+   else
+      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
+}
+
 HB_FUNC( EVP_PKEY_SIZE )
 {
    if( hb_EVP_PKEY_is( 1 ) )
@@ -196,6 +260,208 @@ HB_FUNC( EVP_PKEY_ASSIGN_DH )
 #endif
 }
 
+HB_FUNC( EVP_PKEY_CTX_NEW )
+{
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+   EVP_PKEY * pkey = hb_EVP_PKEY_par( 1 );
+
+   if( pkey )
+   {
+      hb_EVP_PKEY_CTX_ret( EVP_PKEY_CTX_new( pkey, ( ENGINE * ) hb_parptr( 2 ) ) );
+   }
+#else
+   if( hb_RSA_is( 1 ) )
+   {
+      hb_itemReturn( hb_param( 1, HB_IT_POINTER ) );
+   }
+#endif
+   else
+      hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
+}
+
+HB_FUNC( EVP_PKEY_ENCRYPT_INIT )
+{
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+   EVP_PKEY_CTX * ctx = hb_EVP_PKEY_CTX_par( 1 );
+
+   if( ctx )
+   {
+      hb_retni( EVP_PKEY_encrypt_init( ctx ) );
+   }
+#else
+   if( hb_RSA_is( 1 ) )
+   {
+      hb_retni( 1 );
+   }
+#endif
+   else
+      hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+   #define HB_RSA_KEY_ISPRIVATE( rsa )    ( RSA_get0_d( rsa ) != NULL )
+#else
+   #define HB_RSA_KEY_ISPRIVATE( rsa )    ( ( rsa )->d != NULL )
+#endif
+
+
+HB_FUNC( EVP_PKEY_ENCRYPT )
+{
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+   EVP_PKEY_CTX * ctx = hb_EVP_PKEY_CTX_par( 1 );
+
+   if( ctx )
+   {
+      const unsigned char * in = ( const unsigned char * ) hb_parcx( 3 );
+      size_t inlen = ( size_t ) hb_parclen( 3 ), outlen = 0;
+      unsigned char * buffer = NULL;
+      int ret;
+
+      ret = EVP_PKEY_encrypt( ctx, NULL, &outlen, in, inlen );
+      if( ret > 0 )
+      {
+         buffer = ( unsigned char * ) hb_xgrab( outlen + 1 );
+
+         ret = EVP_PKEY_encrypt( ctx, buffer, &outlen, in, inlen );
+         if( ret > 0 )
+         {
+            if( ! hb_storclen_buffer( ( char * ) buffer, outlen, 2 ) )
+               ret = 0;
+         }
+      }
+      if( ret <= 0 )
+      {
+         if( buffer )
+            hb_xfree( buffer );
+         hb_storc( NULL, 2 );
+      }
+      hb_retni( ret );
+   }
+#else
+   if( hb_RSA_is( 1 ) )
+   {
+      RSA * rsa = hb_RSA_par( 1 );
+      const unsigned char * from = ( const unsigned char * ) hb_parcx( 3 );
+      int flen = ( int ) hb_parclen( 3 );
+      unsigned char * buffer;
+      int ret;
+
+      buffer = ( unsigned char * ) hb_xgrab( RSA_size( rsa ) + 1 );
+
+      if( HB_RSA_KEY_ISPRIVATE( rsa ) )
+         /* private key */
+         ret = RSA_private_encrypt( flen, HB_UNCONST( from ), buffer, rsa, RSA_PKCS1_PADDING );
+      else
+         /* public key */
+         ret = RSA_public_encrypt( flen, HB_UNCONST( from ), buffer, rsa, RSA_PKCS1_PADDING );
+
+      if( ret > 0 )
+      {
+         if( ! hb_storclen_buffer( ( char * ) buffer, ret, 2 ) )
+            ret = 0;
+      }
+      if( ret <= 0 )
+      {
+         if( buffer )
+            hb_xfree( buffer );
+         hb_storc( NULL, 2 );
+      }
+      hb_retni( ret );
+   }
+#endif
+   else
+      hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
+}
+
+HB_FUNC( EVP_PKEY_DECRYPT_INIT )
+{
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+   EVP_PKEY_CTX * ctx = hb_EVP_PKEY_CTX_par( 1 );
+
+   if( ctx )
+   {
+      hb_retni( EVP_PKEY_decrypt_init( ctx ) );
+   }
+#else
+   if( hb_RSA_is( 1 ) )
+   {
+      hb_retni( 1 );
+   }
+#endif
+   else
+      hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
+}
+
+HB_FUNC( EVP_PKEY_DECRYPT )
+{
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+   EVP_PKEY_CTX * ctx = hb_EVP_PKEY_CTX_par( 1 );
+
+   if( ctx )
+   {
+      const unsigned char * in = ( const unsigned char * ) hb_parcx( 3 );
+      size_t inlen = ( size_t ) hb_parclen( 3 ), outlen = 0;
+      unsigned char * buffer = NULL;
+      int ret;
+
+      ret = EVP_PKEY_decrypt( ctx, NULL, &outlen, in, inlen );
+      if( ret > 0 )
+      {
+         buffer = ( unsigned char * ) hb_xgrab( outlen + 1 );
+
+         ret = EVP_PKEY_decrypt( ctx, buffer, &outlen, in, inlen );
+         if( ret > 0 )
+         {
+            if( ! hb_storclen_buffer( ( char * ) buffer, outlen, 2 ) )
+               ret = 0;
+         }
+      }
+      if( ret <= 0 )
+      {
+         if( buffer )
+            hb_xfree( buffer );
+         hb_storc( NULL, 2 );
+      }
+      hb_retni( ret );
+   }
+#else
+   if( hb_RSA_is( 1 ) )
+   {
+      RSA * rsa = hb_RSA_par( 1 );
+      const unsigned char * from = ( const unsigned char * ) hb_parcx( 3 );
+      int flen = ( int ) hb_parclen( 3 );
+      unsigned char * buffer;
+      int ret;
+
+      buffer = ( unsigned char * ) hb_xgrab( RSA_size( rsa ) + 1 );
+
+      if( HB_RSA_KEY_ISPRIVATE( rsa ) )
+         /* private key */
+         ret = RSA_private_decrypt( flen, HB_UNCONST( from ), buffer, rsa, RSA_PKCS1_PADDING );
+      else
+         /* public key */
+         ret = RSA_public_decrypt( flen, HB_UNCONST( from ), buffer, rsa, RSA_PKCS1_PADDING );
+
+      if( ret > 0 )
+      {
+         buffer = ( unsigned char * ) hb_xrealloc( buffer, ret + 1 );
+         if( ! hb_storclen_buffer( ( char * ) buffer, ret, 2 ) )
+            ret = 0;
+      }
+      if( ret <= 0 )
+      {
+         if( buffer )
+            hb_xfree( buffer );
+         hb_storc( NULL, 2 );
+      }
+      hb_retni( ret );
+   }
+#endif
+   else
+      hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
+}
+
+
 #if 0
 
 int EVP_PKEY_set1_RSA( EVP_PKEY * pkey, RSA * key );
@@ -228,14 +494,4 @@ int EVP_PKEY_verify_recover( EVP_PKEY_CTX * ctx,
                              unsigned char * rout, size_t * routlen,
                              const unsigned char * sig, size_t siglen );
 
-int EVP_PKEY_encrypt_init( EVP_PKEY_CTX * ctx );
-int EVP_PKEY_encrypt( EVP_PKEY_CTX * ctx,
-                      unsigned char * out, size_t * outlen,
-                      const unsigned char * in, size_t inlen );
-
-int EVP_PKEY_decrypt_init( EVP_PKEY_CTX * ctx );
-int EVP_PKEY_decrypt( EVP_PKEY_CTX * ctx,
-                      unsigned char * out, size_t * outlen,
-                      const unsigned char * in, size_t inlen );
-
 #endif