Fixing for OpenSSL 3.0 support

Author: sambitdash

Project.toml

@@ -21,8 +21,8 @@ Zlib_jll = "83775a58-1f1d-513f-b197-d71354ab007a"
 
 [compat]
 BinDeps = "1.0"
-OpenSSL_jll = "1.1"
-julia = "1.6"
+OpenSSL_jll = "3"
+julia = "1.10"
 
 [extras]
 Test = "8dfed614-e22c-5e08-85e1-65c5234f0b40"

src/CosCrypt.jl

@@ -5,7 +5,7 @@ function store_key(s::SecHandler, cfn::CosName,
                    data::Tuple{UInt32, SecretBuffer})
     skey = SecretBuffer!(read(s.skey_path, 32))
     iv   = SecretBuffer!(read(s.iv_path, 16))
-    cctx = CipherContext("aes_256_cbc", skey, iv, true)
+    cctx = CipherContext("AES-256-CBC", skey, iv, true)
     shred!(skey); shred!(iv)
 
     perm, key = data
@@ -21,7 +21,7 @@ function get_key(s::SecHandler, cfn::CosName)
 
     skey = SecretBuffer!(read(s.skey_path, 32))
     iv   = SecretBuffer!(read(s.iv_path, 16))
-    cctx = CipherContext("aes_256_cbc", skey, iv, false)
+    cctx = CipherContext("AES-256-CBC", skey, iv, false)
     shred!(skey); shred!(iv)
 
     perm, c = permkey
@@ -95,7 +95,7 @@ function algo01(h::SecHandler, params::CryptParams,
         n != kc.size && error("Invalid encryption key length")
         seekend(kc); write(kc, numarr); write(kc, genarr)
         !isRC4 && write(kc, AES_SUFFIX)
-        mdctx = DigestContext("md5")
+        mdctx = DigestContext("MD5")
         update!(mdctx, kc)
         return close(mdctx)
     end
@@ -104,7 +104,7 @@ function algo01(h::SecHandler, params::CryptParams,
     iv = SecretBuffer!(isRC4 ?     UInt8[] :
                        isencrypt ? crypto_random(16) : data[1:16])
     try
-        cctx = CipherContext(isRC4 ? "rc4" : "aes_128_cbc", key, iv, isencrypt)
+        cctx = CipherContext(isRC4 ? "RC4" : "AES-128-CBC", key, iv, isencrypt)
         d = (isRC4 || isencrypt) ? update!(cctx, data) :
             update!(cctx, (@view data[17:end]))
         append!(d, close(cctx))
@@ -119,7 +119,7 @@ function algo01a(h::SecHandler, params::CryptParams,
     perm, key = get_key(h, params)
     iv = SecretBuffer!(isencrypt ? crypto_random(16) : data[1:16])
     try
-        cctx = CipherContext("aes_256_cbc", key, iv, isencrypt)
+        cctx = CipherContext("AES-256-CBC", key, iv, isencrypt)
         d = isencrypt ? update!(cctx, data) : update!(cctx, (@view data[17:end]))
         append!(d, close(cctx))
         return d

src/LibCrypto.jl

@@ -1,6 +1,6 @@
 using OpenSSL_jll: libcrypto
 
-using Base: SecretBuffer, SecretBuffer!
+using Base: SecretBuffer, SecretBuffer!, cconvert
 import Base: copy
 
 export
@@ -160,17 +160,20 @@ end
 
 function get_date_from_utctime(d::String)
     # Remove fraction seconds if there
-    d[end] == 'Z' || error(E_INVALID_DATE)
+    d = strip(d)
+    endswith(d, 'Z') || error(E_INVALID_DATE)
     a = split(d, '.')
     length(a) > 1 && (d = a[1]*"Z")
     pfx = length(d) == 15 ? "D:" :
           parse(Int, d[1:2]) < 50 ? "D:20" : "D:19"
     return CDDate(pfx*d)
 end
 
-read_cddate(bio::BIO) =
-    bio |> read |> pointer |> unsafe_string |> get_date_from_utctime
-
+function read_cddate(bio::BIO)
+    data = read(bio)
+    d = transcode(String, data)
+    return get_date_from_utctime(d)
+end
 #====
     
     DigestContext
@@ -236,34 +239,62 @@ end
     CipherContext
 
 ====#
+abstract type CipherContext end
+
+set_padding(_::CipherContext, _) = nothing
+
+Base.reset(_::CipherContext) = nothing
+
+Base.close(_::CipherContext) = UInt8[]
+
+init(_::CipherContext, _::SecretBuffer, _::SecretBuffer, _::Bool) = nothing
+
+update!(_::CipherContext, indata::AbstractVector{UInt8}) = indata
+
+function CipherContext(algo::String, key::SecretBuffer, 
+                       iv::SecretBuffer, isencrypt::Bool) 
+    return algo == "RC4" ? 
+        CipherContextRC4(key) : 
+        CipherContextImpl(algo, key, iv, isencrypt)
+end
+
+mutable struct CipherContextRC4 <: CipherContext
+    key::SecretBuffer
+end
+
+function init(ctx::CipherContextRC4, key::SecretBuffer,
+    _::SecretBuffer, _::Bool)
+    ctx.key = key
+    return nothing
+end
+
+function update!(ctx::CipherContextRC4, indata::AbstractVector{UInt8}) 
+    rc4((@view ctx.key.data[1:ctx.key.size]), indata)
+end
 
-mutable struct CipherContext
+mutable struct CipherContextImpl <: CipherContext
     data::Ptr{Cvoid}
     ca::Ptr{Cvoid}
-    function CipherContext(algo::String, key::SecretBuffer,
+    function CipherContextImpl(algo::String, key::SecretBuffer,
                            iv::SecretBuffer, isencrypt::Bool)
-        ca = ccall((:EVP_get_cipherbyname, libcrypto), Ptr{Cvoid},
-                   (Ptr{Cstring}, ), pointer(algo))
-        if ca == C_NULL
-            ca = (algo == "aes_128_cbc") ?
-                ccall((:EVP_aes_128_cbc, libcrypto), Ptr{Cvoid}, ()) :
-                (algo == "aes_256_cbc") ?
-                ccall((:EVP_aes_256_cbc, libcrypto), Ptr{Cvoid}, ()) :
-                (algo == "aes_256_ecb") ?
-                ccall((:EVP_aes_256_ecb, libcrypto), Ptr{Cvoid}, ()) :
-                error("Unable to find message digest algorithm "*algo)
-        end
+        properties = "provider=default"
+        ca = ccall((:EVP_CIPHER_fetch, libcrypto), Ptr{Cvoid},
+                    (Ptr{Cvoid}, Ptr{Cstring}, Ptr{Cstring}), 
+                    C_NULL, pointer(algo), pointer(properties))
+        ca == C_NULL && error("Unable to find cipher algorithm "*algo)
         data = ccall((:EVP_CIPHER_CTX_new, libcrypto), Ptr{Cvoid}, ())
         data == C_NULL && error("Unable to create cipher context")
         this = new(data, ca)
-        finalizer(x->ccall((:EVP_CIPHER_CTX_free, libcrypto), Cvoid,
-                           (Ptr{Cvoid}, ), x.data), this)
+        finalizer(this) do x
+            ccall((:EVP_CIPHER_CTX_free, libcrypto), Cvoid, (Ptr{Cvoid}, ), x.data)
+            ccall((:EVP_CIPHER_free, libcrypto), Cvoid, (Ptr{Cvoid}, ), x.ca)
+        end
         init(this, key, iv, isencrypt)
         return this
     end
 end
 
-function init(ctx::CipherContext, key::SecretBuffer,
+function init(ctx::CipherContextImpl, key::SecretBuffer,
               iv::SecretBuffer, isencrypt::Bool)
     enc = Cint(isencrypt ? 1 : 0)
     piv = iv.size > 0 ? pointer(iv.data) : C_NULL
@@ -278,21 +309,21 @@ function init(ctx::CipherContext, key::SecretBuffer,
     return nothing
 end
 
-function set_padding(ctx::CipherContext, pad_size::Int)
+function set_padding(ctx::CipherContextImpl, pad_size::Int)
     ret = ccall((:EVP_CIPHER_CTX_set_padding, libcrypto), Cint,
                 (Ptr{Cvoid}, Cint), ctx.data, Cint(pad_size))
     openssl_error(ret)
 end
 
-function Base.reset(ctx::CipherContext)
+function Base.reset(ctx::CipherContextImpl)
     ret = ccall((:EVP_CIPHER_CTX_reset, libcrypto), Cint,
                 (Ptr{Cvoid}, ), ctx.data)
     openssl_error(ret)
 end
 
 const EVP_MAX_BLOCK_LENGTH = Cint(32)
 
-function update!(ctx::CipherContext, indata::AbstractVector{UInt8})
+function update!(ctx::CipherContextImpl, indata::AbstractVector{UInt8})
     inlen = Cint(length(indata))
     out, outlen = Vector{UInt8}(undef, inlen + EVP_MAX_BLOCK_LENGTH),
                   Ref(inlen + EVP_MAX_BLOCK_LENGTH)
@@ -303,11 +334,10 @@ function update!(ctx::CipherContext, indata::AbstractVector{UInt8})
     return resize!(out, outlen[])
 end
 
-update!(ctx::CipherContext, s::SecretBuffer) =
+update!(ctx::CipherContextImpl, s::SecretBuffer) =
     update!(ctx, (@view s.data[1:s.size]))
 
-
-function Base.close(ctx::CipherContext)
+function Base.close(ctx::CipherContextImpl)
     c_value = Vector{UInt8}(undef, EVP_MAX_BLOCK_LENGTH)
     c_len = Ref(EVP_MAX_BLOCK_LENGTH)
     ret = ccall((:EVP_CipherFinal_ex, libcrypto), Cint,
@@ -342,7 +372,7 @@ mutable struct CertStore
 
         ret = ccall((:X509_STORE_load_locations, libcrypto), Cint,
                     (Ptr{Cvoid}, Ptr{Cstring}, Ptr{Cstring}),
-                    store, transcode(UInt8, cacerts), C_NULL)
+                    store, pointer(cacerts), C_NULL)
         openssl_error(ret)
 
         ccall((:X509_STORE_set_default_paths, libcrypto),
@@ -879,7 +909,7 @@ function read_pkcs12(fn::AbstractString, pw::SecretBuffer)
     ret = ccall((:PKCS12_parse, libcrypto), Cint,
                 (Ptr{Cvoid}, Ptr{Cstring},
                  Ptr{Ptr{Cvoid}}, Ptr{Ptr{Cvoid}}, Ptr{Ptr{Cvoid}}),
-                p12, pointer(pw.data), xkey, xcert, xca)
+                p12, cconvert(Cstring, pw), xkey, xcert, xca)
     openssl_error(ret)
     return Cert(xcert[]), PKey(xkey[])
 end
@@ -927,3 +957,38 @@ function decrypt(ci::CMSContentInfo, key::PKey, cert::Cert,
         return nothing
     end
 end
+
+# Adapted from https://gist.github.com/rverton/a44fc8ca67ab9ec32089 for 1-indexing
+
+const N = 256
+
+function ksa(K::AbstractVector{UInt8})
+    lk = length(K)
+    S = [UInt8(i) for i=0:(N-1)]
+    j = 0
+    lk == 0 && return S
+    for i = 0:(N-1)
+        ik = i % lk 
+        j = (j + S[i+1] + K[ik+1]) % N
+        S[i+1], S[j+1] = S[j+1], S[i+1]
+    end
+    return S
+end
+
+function prga(S, plaintext::AbstractVector{UInt8})
+    i = j = 0
+    len = length(plaintext)
+    ciphertext = copy(plaintext)
+    for n = 0:(len-1)
+        i = (i + 1) % N
+        j = (j + S[i+1]) % N
+
+        S[i+1], S[j+1] = S[j+1], S[i+1]
+        t = (S[i+1] + S[j+1]) % N 
+
+        ciphertext[n+1] = xor(S[t+1], plaintext[n+1])
+    end
+    return ciphertext
+end
+
+rc4(key::AbstractVector{UInt8}, plaintext::AbstractVector{UInt8}) = prga(ksa(key), plaintext)

src/PDDoc.jl

@@ -537,10 +537,12 @@ function pdDocValidateSignatures(doc::PDDoc; export_certs=false)
         pd_validate_signature(doc, sig)
         d = sig[2]
         push!(ret, d)
-        cis = d[:certs]
-        for ci in cis
-            key = (ci[:subject], ci[:issuer])
-            get!(certmap, key, ci[:text])
+        if haskey(d, :certs)
+            cis = d[:certs]
+            for ci in cis
+                key = (ci[:subject], ci[:issuer])
+                get!(certmap, key, ci[:text])
+            end
         end
     end
     export_certs || return ret

src/StdSecHandler.jl

@@ -59,7 +59,7 @@ end
 
 function algo02(h::StdSecHandler, password::SecretBuffer)
     # step a, b
-    mdctx = DigestContext("md5")
+    mdctx = DigestContext("MD5")
     shred!(get_padded_pw(password)) do pw
         update!(mdctx, pw)
     end
@@ -118,7 +118,7 @@ function algo02a(h::StdSecHandler, pw::SecretBuffer, isowner::Bool)
     end
     iv = SecretBuffer!(fill(0x00, 16))
     try
-        cctx = CipherContext("aes_256_cbc", ik, iv, false)
+        cctx = CipherContext("AES-256-CBC", ik, iv, false)
         set_padding(cctx, 0)
         de = isowner ? oe : ue
         fek = SecretBuffer!(update!(cctx, de))
@@ -147,7 +147,7 @@ function algo02b(h::StdSecHandler, password::SecretBuffer,
                 end
                 # b
                 key = SecretBuffer!(k[1:16]); iv = SecretBuffer!(k[17:32])
-                cctx = CipherContext("aes_128_cbc", key, iv, true)
+                cctx = CipherContext("AES-128-CBC", key, iv, true)
                 shred!(key); shred!(iv)
                 set_padding(cctx, 0)
                 e = update!(cctx, k1)
@@ -176,7 +176,7 @@ end
 
 function algo03p_a_d(h::StdSecHandler, password::SecretBuffer)
     # a, b
-    mdctx = DigestContext("md5")
+    mdctx = DigestContext("MD5")
     shred!(get_padded_pw(password)) do pw
         update!(mdctx, pw)
     end
@@ -199,7 +199,7 @@ algo03(h::StdSecHandler, password::Vector{UInt8}) = error(E_NOT_IMPLEMENTED)
 function algo04(h::StdSecHandler, password::SecretBuffer)
     key = SecretBuffer!(algo02(h, password))
     iv = SecretBuffer!(UInt8[])
-    cctx = CipherContext("rc4", key, iv, true)
+    cctx = CipherContext("RC4", key, iv, true)
     shred!(iv)
     u = update!(cctx, PASSWD_PADDING)
     c = close(cctx)
@@ -216,24 +216,25 @@ function modkey(key::SecretBuffer, f::Int)
 end
 
 function algo05p_a_e(h::StdSecHandler, password::SecretBuffer)
-    key = SecretBuffer!(algo02(h, password))
+    b = algo02(h, password)
+    key = SecretBuffer!(b)
     iv = SecretBuffer!(UInt8[])
     try
-        mdctx = DigestContext("md5")
+        mdctx = DigestContext("MD5")
         update!(mdctx, PASSWD_PADDING)
         update!(mdctx, h.id)
         md = close(mdctx)
-        cctx = CipherContext("rc4", key, iv, true)
+        cctx = CipherContext("RC4", key, iv, true)
         c = update!(cctx, md)
         append!(c, close(cctx))
 
         for i = 1:19
             reset(cctx)
             shred!(modkey(key, i)) do tkey
                 init(cctx, tkey, iv, true)
+                c = update!(cctx, c)
+                append!(c, close(cctx))
             end
-            c = update!(cctx, c)
-            append!(c, close(cctx))
         end
         return c, key
     finally
@@ -256,15 +257,15 @@ function algo07(h::StdSecHandler, password::SecretBuffer)
     # b
     iv = SecretBuffer!(UInt8[])
     try
-        cctx = CipherContext("rc4", key, iv, false)
+        cctx = CipherContext("RC4", key, iv, false)
         od, count = h.o, (h.r == 2 ? 0 : 19)
         for i = count:-1:0
             reset(cctx)
             shred!(modkey(key, i)) do tkey
                 init(cctx, tkey, iv, false)
+                od = update!(cctx, od)
+                append!(od, close(cctx))
             end
-            od = update!(cctx, od)
-            append!(od, close(cctx))
         end
         return shred!(upw -> algo06(h, upw), SecretBuffer!(od))
     finally
@@ -299,7 +300,7 @@ end
 function algo13(h::StdSecHandler, fek::SecretBuffer)
     perms = h.perms
     cctx = shred!(SecretBuffer!(fill(0x00, 16))) do iv
-        CipherContext("aes_256_ecb", fek, iv, false)
+        CipherContext("AES-256-ECB", fek, iv, false)
     end
     set_padding(cctx, 0)
     dperm = update!(cctx, perms)