Use OpenSSL instead of crypto++

[ranisalt]

Pull Request Prelude

• I have followed proper The Forgotten Server code styling.
• I have read and understood the contribution guidelines before making this PR.
• I am aware that this PR may be closed if the above-mentioned criteria are not fulfilled.

Changes Proposed

Use OpenSSL for SHA1 hashing and RSA encryption, which is more readily available in all systems than crypto++

[Codinablack]

This is a very good call IMO.

Cryptopp dropped the support of CMake, which makes this PR all the more valuable!

[nekiro]

aff, too bad openssl interface is pain

[divinity76]

I haven't kept up to date with the tibia protocol for many years, but last i checked, RSA is only used for login, and XTEA is used for in-game communication, is this still the case?

(If that's the case, the performance between crypto++ and openssl is a non-factor)

[DSpeichert]

me likey.

openssl was already implicitly required by mariadb-dev in most cases

[ranisalt]

I haven't kept up to date with the tibia protocol for many years, but last i checked, RSA is only used for login, and XTEA is used for in-game communication, is this still the case?

(If that's the case, the performance between crypto++ and openssl is a non-factor)

That's still the case. RSA is only for the XTEA key, so 128 bytes once per connection. XTEA is now fast enough to be negligible.

[ranisalt]

Would like a few ✅ especially from those on Windows, since installing and using OpenSSL on Linux is a piece of cake 😆

Also: gonna add some tests

[Zbizu]

I know that no one is probably compiling that way, but getting rid of crypto++ will make it possible to build with cmake on windows again so it's another reason to go with this pr 👍

[ranisalt]

I think I'll remove the checks below this line, only n, e and d are useful for RSA and the rest is just extra information but isn't used to encrypt/decrypt

[gesior]

@ranisalt
I've replaced transformToSHA1 with your code (+ #4665 ) in my TFS 1.4 and now I cannot login into game anymore.

transformToSHA1 returns 20 bytes with SHA1 digest (binary format) and then it's compared to SHA1 generated by acc. maker (40 bytes, hex format):

if (transformToSHA1(password) != result->getString("password")) {

Is there missing conversion to hex format after these changes?

I added this function to convert transformToSHA1 result and now it works:

std::string bin2hex(std::string_view binary)
{
	const unsigned char *hash = reinterpret_cast<const unsigned char*>(binary.data());
	char hex[binary.size() * 2 + 1];
	for (int i = 0; i < binary.size(); ++i) {
		sprintf(&hex[i * 2], "%02x", (unsigned int) hash[i]);
	}

	return std::string(hex, binary.size() * 2);
}

[EvilHero90]

It was basicly resolved in #4669 with using UNHEX on mysql password, but yea the transformToSha1 function now returns binary, can't for sure say why this decision was made but it might be due to changing to a different encryption like SCrypt or Argon2 later on (just a guess)

[ranisalt]

No particular reason to do that, although due to small string optimization the 20-byte string may be faster by avoiding the heap. Not significant, but cool 😎