Few more OpenSSL 1.1.0 incompatibilities

This commit is contained in:
Jakub Jelen
2017-02-23 13:23:45 +01:00
parent bd351261ec
commit ad4e93a462
6 changed files with 73 additions and 28 deletions
+1 -1
View File
@@ -40,7 +40,7 @@ noinst_LTLIBRARIES = libpiv_cmd.la libpiv_util.la
libpiv_cmd_la_SOURCES = cmdline.ggo cmdline.c cmdline.h
libpiv_cmd_la_CFLAGS =
libpiv_util_la_SOURCES = util.c util.h openssl-compat.c
libpiv_util_la_SOURCES = util.c util.h openssl-compat.c openssl-compat.h
libpiv_util_la_LIBADD = $(top_builddir)/lib/libykpiv.la $(OPENSSL_LIBS)
cmdline.c cmdline.h: cmdline.ggo Makefile.am $(top_srcdir)/configure.ac
+30
View File
@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslv.h>
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#include <string.h>
@@ -50,4 +51,33 @@ void RSA_get0_key(const RSA *r,
*d = r->d;
}
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
{
if (p != NULL)
*p = r->p;
if (q != NULL)
*q = r->q;
}
void RSA_get0_crt_params(const RSA *r,
const BIGNUM **dmp1, const BIGNUM **dmq1,
const BIGNUM **iqmp)
{
if (dmp1 != NULL)
*dmp1 = r->dmp1;
if (dmq1 != NULL)
*dmq1 = r->dmq1;
if (iqmp != NULL)
*iqmp = r->iqmp;
}
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest)
{
if (palg)
*palg = sig->algor;
if (pdigest)
*pdigest = sig->digest;
}
#endif /* OPENSSL_VERSION_NUMBER */
+7
View File
@@ -17,10 +17,17 @@
#include <openssl/ecdsa.h>
#include <openssl/dh.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
void RSA_get0_key(const RSA *r,
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
void RSA_get0_crt_params(const RSA *r,
const BIGNUM **dmp1, const BIGNUM **dmq1,
const BIGNUM **iqmp);
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest);
#endif /* OPENSSL_VERSION_NUMBER */
#endif /* LIBCRYPTO_COMPAT_H */
+13 -13
View File
@@ -438,23 +438,23 @@ bool set_component(unsigned char *in_ptr, const BIGNUM *bn, int element_len) {
}
bool prepare_rsa_signature(const unsigned char *in, unsigned int in_len, unsigned char *out, unsigned int *out_len, int nid) {
X509_SIG digestInfo;
X509_ALGOR algor;
X509_SIG *digestInfo;
X509_ALGOR *algor;
ASN1_TYPE parameter;
ASN1_OCTET_STRING digest;
ASN1_OCTET_STRING *digest;
unsigned char data[1024];
memcpy(data, in, in_len);
digestInfo.algor = &algor;
digestInfo.algor->algorithm = OBJ_nid2obj(nid);
digestInfo.algor->parameter = &parameter;
digestInfo.algor->parameter->type = V_ASN1_NULL;
digestInfo.algor->parameter->value.ptr = NULL;
digestInfo.digest = &digest;
digestInfo.digest->data = data;
digestInfo.digest->length = (int)in_len;
*out_len = (unsigned int)i2d_X509_SIG(&digestInfo, &out);
digestInfo = X509_SIG_new();
X509_SIG_getm(digestInfo, &algor, &digest);
algor = X509_ALGOR_new();
X509_ALGOR_set0(algor, OBJ_nid2obj(nid), V_ASN1_NULL, &parameter);
parameter.type = V_ASN1_NULL;
parameter.value.ptr = NULL;
digest->data = data;
digest->length = (int)in_len;
*out_len = (unsigned int)i2d_X509_SIG(digestInfo, &out);
return true;
}
@@ -637,7 +637,7 @@ int SSH_write_X509(FILE *fp, X509 *x) {
return ret;
}
switch (pkey->type) {
switch (EVP_PKEY_id(pkey)) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2: {
RSA *rsa;
+10 -6
View File
@@ -411,39 +411,43 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
unsigned char dmp1[128];
unsigned char dmq1[128];
unsigned char iqmp[128];
const BIGNUM *bn_e, *bn_p, *bn_q, *bn_dmp1, *bn_dmq1, *bn_iqmp;
int element_len = 128;
if(algorithm == YKPIV_ALGO_RSA1024) {
element_len = 64;
}
if((set_component(e, rsa_private_key->e, 3) == false) ||
RSA_get0_key(rsa_private_key, NULL, &bn_e, NULL);
RSA_get0_factors(rsa_private_key, &bn_p, &bn_q);
RSA_get0_crt_params(rsa_private_key, &bn_dmp1, &bn_dmq1, &bn_iqmp);
if((set_component(e, bn_e, 3) == false) ||
!(e[0] == 0x01 && e[1] == 0x00 && e[2] == 0x01)) {
fprintf(stderr, "Invalid public exponent for import (only 0x10001 supported)\n");
goto import_out;
}
if(set_component(p, rsa_private_key->p, element_len) == false) {
if(set_component(p, bn_p, element_len) == false) {
fprintf(stderr, "Failed setting p component.\n");
goto import_out;
}
if(set_component(q, rsa_private_key->q, element_len) == false) {
if(set_component(q, bn_q, element_len) == false) {
fprintf(stderr, "Failed setting q component.\n");
goto import_out;
}
if(set_component(dmp1, rsa_private_key->dmp1, element_len) == false) {
if(set_component(dmp1, bn_dmp1, element_len) == false) {
fprintf(stderr, "Failed setting dmp1 component.\n");
goto import_out;
}
if(set_component(dmq1, rsa_private_key->dmq1, element_len) == false) {
if(set_component(dmq1, bn_dmq1, element_len) == false) {
fprintf(stderr, "Failed setting dmq1 component.\n");
goto import_out;
}
if(set_component(iqmp, rsa_private_key->iqmp, element_len) == false) {
if(set_component(iqmp, bn_iqmp, element_len) == false) {
fprintf(stderr, "Failed setting iqmp component.\n");
goto import_out;
}
+12 -8
View File
@@ -31,6 +31,7 @@
#include "openssl_utils.h"
#include <stdbool.h>
#include "../tool/util.h" // TODO: share this better?
#include "../tool/openssl-compat.h" // TODO: share this better?
#include "debug.h"
#include <string.h>
@@ -115,8 +116,7 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
if(bignum_e == NULL)
goto create_empty_cert_cleanup;
rsa->n = bignum_n;
rsa->e = bignum_e;
RSA_set0_key(rsa, bignum_n, bignum_e, NULL);
if (EVP_PKEY_set1_RSA(key, rsa) == 0)
goto create_empty_cert_cleanup;
@@ -316,7 +316,7 @@ CK_RV do_store_pubk(X509 *cert, EVP_PKEY **key) {
CK_KEY_TYPE do_get_key_type(EVP_PKEY *key) {
switch (key->type) {
switch (EVP_PKEY_id(key)) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
return CKK_RSA;
@@ -349,18 +349,20 @@ CK_ULONG do_get_rsa_modulus_length(EVP_PKEY *key) {
CK_RV do_get_modulus(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
RSA *rsa;
const BIGNUM *n;
rsa = EVP_PKEY_get1_RSA(key);
if (rsa == NULL)
return CKR_FUNCTION_FAILED;
if ((CK_ULONG)BN_num_bytes(rsa->n) > *len) {
RSA_get0_key(rsa, &n, NULL, NULL);
if ((CK_ULONG)BN_num_bytes(n) > *len) {
RSA_free(rsa);
rsa = NULL;
return CKR_BUFFER_TOO_SMALL;
}
*len = (CK_ULONG)BN_bn2bin(rsa->n, data);
*len = (CK_ULONG)BN_bn2bin(n, data);
RSA_free(rsa);
rsa = NULL;
@@ -372,18 +374,20 @@ CK_RV do_get_public_exponent(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len)
CK_ULONG e = 0;
RSA *rsa;
const BIGNUM *bn_e;
rsa = EVP_PKEY_get1_RSA(key);
if (rsa == NULL)
return CKR_FUNCTION_FAILED;
if ((CK_ULONG)BN_num_bytes(rsa->e) > *len) {
RSA_get0_key(rsa, NULL, &bn_e, NULL);
if ((CK_ULONG)BN_num_bytes(bn_e) > *len) {
RSA_free(rsa);
rsa = NULL;
return CKR_BUFFER_TOO_SMALL;
}
*len = (CK_ULONG)BN_bn2bin(rsa->e, data);
*len = (CK_ULONG)BN_bn2bin(bn_e, data);
RSA_free(rsa);
rsa = NULL;
@@ -406,7 +410,7 @@ CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
const EC_POINT *ecp;
point_conversion_form_t pcf = POINT_CONVERSION_UNCOMPRESSED;
switch(key->type) {
switch(EVP_PKEY_id(key)) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2: