From 5d6ee51e1f2a3e7169945d338c906d541e383a1a Mon Sep 17 00:00:00 2001 From: Bailey Brown Date: Sun, 13 Aug 2023 18:16:25 -0400 Subject: [PATCH] changes for using openssl 3.0 --- INSTALL.md | 2 +- cppcryptfs/cppcryptfs.rc | Bin 38586 -> 38586 bytes cppcryptfsctl/cppcryptfsctl.rc | 8 ++++---- libcppcryptfs/crypt/aes.cpp | 12 ++++++++++++ libcppcryptfs/crypt/crypt.cpp | 2 +- 5 files changed, 18 insertions(+), 6 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 1980bc7..4a5ff51 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -85,7 +85,7 @@ To start an elevated command prompt in Windows 10, click on the search (magnifyi Whether or not you are using git, everything will go easier if you put everything in c:\git. Getting OpenSSL from github will get you the latest development version of OpenSSL. However, the cppcryptfs releases are built using the -current 1.1.1x Long Term Support (LTS) version of OpenSSL (currently openssl-1.1.1n). These are available from https://www.openssl.org/source/. To use those, you will need to download +current 3.0.x Long Term Support (LTS) version of OpenSSL (currently openssl-3.0.10). These are available from https://www.openssl.org/source/. To use those, you will need to download the .tar.gz and extract it into a directory. You can build it with the same instructions that follow regardless of how you get OpenSSL. Microsoft has announced a compiler-based mitigation for one variant of the Spectre vulnerability. To use it, you need to have version 15.5 or higher of Visual Studio. To use the mitigation with OpenSSL, you need to add the /Qspectre flag to the compiler optimization flags. OpenSSL currently does not use this flag. Also, to be extra safe, add the /guard:cf (Control Flow Guard) flag. To use these, you need to edit c:\\git\openssl\\Configurations\\10-main.conf and change "/O2" to "/O2 /Qspectre /guard:cf". diff --git a/cppcryptfs/cppcryptfs.rc b/cppcryptfs/cppcryptfs.rc index 94b4756659f3615cb451e864b87eb78f29f1e87b..108dc1aea6fbd60ea20fff95d54ec9562167215b 100644 GIT binary patch delta 51 zcmdnBmTA{orVVoCj7F2?%MBTgHV2kJWMVdAP@3H6Dmz)PmTz-Hl@m-rbn&hlDFDef B5ZC|! delta 51 zcmdnBmTA{orVVoCjE0lt%MBR~HwTtKWMVdCP@3H6Dmz)PmTz-Hl@m-rbn&hlDFDdB B5Yzww diff --git a/cppcryptfsctl/cppcryptfsctl.rc b/cppcryptfsctl/cppcryptfsctl.rc index db6470b..48e31d1 100644 --- a/cppcryptfsctl/cppcryptfsctl.rc +++ b/cppcryptfsctl/cppcryptfsctl.rc @@ -51,8 +51,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 1,4,4,1 - PRODUCTVERSION 1,4,4,1 + FILEVERSION 1,4,4,2 + PRODUCTVERSION 1,4,4,2 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,12 +69,12 @@ BEGIN BEGIN VALUE "CompanyName", "Bailey Brown" VALUE "FileDescription", "cppcryptfsctl" - VALUE "FileVersion", "1.4.4.1" + VALUE "FileVersion", "1.4.4.2" VALUE "InternalName", "cppcryptfsctl.exe" VALUE "LegalCopyright", "Copyright (C) 2020-2023 Bailey Brown. All rights reserved." VALUE "OriginalFilename", "cppcryptfsctl.exe" VALUE "ProductName", "cppcryptfsctl" - VALUE "ProductVersion", "1.4.4.1" + VALUE "ProductVersion", "1.4.4.2" END END BLOCK "VarFileInfo" diff --git a/libcppcryptfs/crypt/aes.cpp b/libcppcryptfs/crypt/aes.cpp index 9af4be2..dfd7063 100644 --- a/libcppcryptfs/crypt/aes.cpp +++ b/libcppcryptfs/crypt/aes.cpp @@ -73,8 +73,12 @@ void AES::initialize_keys(const unsigned char *key, int keylen /* in bits */, } else #endif { +// low-level AES functions are deprecated in Openssl 3.0 +#pragma warning( push ) +#pragma warning(disable : 4996) AES_set_encrypt_key(key, keylen, encrypt_key); AES_set_decrypt_key(key, keylen, decrypt_key); +#pragma warning( pop ) } } @@ -105,7 +109,11 @@ void AES::encrypt(const unsigned char* plain, unsigned char *cipher) const } else #endif { +// low-level AES functions are deprecated in Openssl 3.0 +#pragma warning( push ) +#pragma warning(disable : 4996) AES_encrypt(plain, cipher, m_key_encrypt); +#pragma warning( pop ) } } @@ -118,7 +126,11 @@ void AES::decrypt(const unsigned char *cipher, unsigned char *plain) const } else #endif { +// low-level AES functions are deprecated in Openssl 3.0 +#pragma warning( push ) +#pragma warning(disable : 4996) AES_decrypt(cipher, plain, m_key_decrypt); +#pragma warning( pop ) } } diff --git a/libcppcryptfs/crypt/crypt.cpp b/libcppcryptfs/crypt/crypt.cpp index 1758bb6..7c74713 100644 --- a/libcppcryptfs/crypt/crypt.cpp +++ b/libcppcryptfs/crypt/crypt.cpp @@ -438,7 +438,7 @@ bool hkdfDerive(const BYTE *masterKey, int masterKeyLen, BYTE *newKey, int newKe #endif if (EVP_PKEY_CTX_set1_hkdf_key(pctx, masterKey, masterKeyLen) <= 0) throw(-1); - if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, (int)strlen(info)) <= 0) + if (EVP_PKEY_CTX_add1_hkdf_info(pctx, reinterpret_cast(info), (int)strlen(info)) <= 0) throw(-1); if (EVP_PKEY_derive(pctx, newKey, &outLen) <= 0) throw(-1);