Few more OpenSSL 1.1.0 incompatibilities

This commit is contained in:
Jakub Jelen
2017-02-23 13:23:45 +01:00
parent bd351261ec
commit ad4e93a462
6 changed files with 73 additions and 28 deletions
+1 -1
View File
@@ -40,7 +40,7 @@ noinst_LTLIBRARIES = libpiv_cmd.la libpiv_util.la
libpiv_cmd_la_SOURCES = cmdline.ggo cmdline.c cmdline.h libpiv_cmd_la_SOURCES = cmdline.ggo cmdline.c cmdline.h
libpiv_cmd_la_CFLAGS = libpiv_cmd_la_CFLAGS =
libpiv_util_la_SOURCES = util.c util.h openssl-compat.c libpiv_util_la_SOURCES = util.c util.h openssl-compat.c openssl-compat.h
libpiv_util_la_LIBADD = $(top_builddir)/lib/libykpiv.la $(OPENSSL_LIBS) libpiv_util_la_LIBADD = $(top_builddir)/lib/libykpiv.la $(OPENSSL_LIBS)
cmdline.c cmdline.h: cmdline.ggo Makefile.am $(top_srcdir)/configure.ac cmdline.c cmdline.h: cmdline.ggo Makefile.am $(top_srcdir)/configure.ac
+30
View File
@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#include <openssl/opensslv.h>
#if OPENSSL_VERSION_NUMBER < 0x10100000L #if OPENSSL_VERSION_NUMBER < 0x10100000L
#include <string.h> #include <string.h>
@@ -50,4 +51,33 @@ void RSA_get0_key(const RSA *r,
*d = r->d; *d = r->d;
} }
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
{
if (p != NULL)
*p = r->p;
if (q != NULL)
*q = r->q;
}
void RSA_get0_crt_params(const RSA *r,
const BIGNUM **dmp1, const BIGNUM **dmq1,
const BIGNUM **iqmp)
{
if (dmp1 != NULL)
*dmp1 = r->dmp1;
if (dmq1 != NULL)
*dmq1 = r->dmq1;
if (iqmp != NULL)
*iqmp = r->iqmp;
}
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest)
{
if (palg)
*palg = sig->algor;
if (pdigest)
*pdigest = sig->digest;
}
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */
+7
View File
@@ -17,10 +17,17 @@
#include <openssl/ecdsa.h> #include <openssl/ecdsa.h>
#include <openssl/dh.h> #include <openssl/dh.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/x509.h>
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
void RSA_get0_key(const RSA *r, void RSA_get0_key(const RSA *r,
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
void RSA_get0_crt_params(const RSA *r,
const BIGNUM **dmp1, const BIGNUM **dmq1,
const BIGNUM **iqmp);
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest);
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */
#endif /* LIBCRYPTO_COMPAT_H */ #endif /* LIBCRYPTO_COMPAT_H */
+13 -13
View File
@@ -438,23 +438,23 @@ bool set_component(unsigned char *in_ptr, const BIGNUM *bn, int element_len) {
} }
bool prepare_rsa_signature(const unsigned char *in, unsigned int in_len, unsigned char *out, unsigned int *out_len, int nid) { bool prepare_rsa_signature(const unsigned char *in, unsigned int in_len, unsigned char *out, unsigned int *out_len, int nid) {
X509_SIG digestInfo; X509_SIG *digestInfo;
X509_ALGOR algor; X509_ALGOR *algor;
ASN1_TYPE parameter; ASN1_TYPE parameter;
ASN1_OCTET_STRING digest; ASN1_OCTET_STRING *digest;
unsigned char data[1024]; unsigned char data[1024];
memcpy(data, in, in_len); memcpy(data, in, in_len);
digestInfo.algor = &algor; digestInfo = X509_SIG_new();
digestInfo.algor->algorithm = OBJ_nid2obj(nid); X509_SIG_getm(digestInfo, &algor, &digest);
digestInfo.algor->parameter = &parameter; algor = X509_ALGOR_new();
digestInfo.algor->parameter->type = V_ASN1_NULL; X509_ALGOR_set0(algor, OBJ_nid2obj(nid), V_ASN1_NULL, &parameter);
digestInfo.algor->parameter->value.ptr = NULL; parameter.type = V_ASN1_NULL;
digestInfo.digest = &digest; parameter.value.ptr = NULL;
digestInfo.digest->data = data; digest->data = data;
digestInfo.digest->length = (int)in_len; digest->length = (int)in_len;
*out_len = (unsigned int)i2d_X509_SIG(&digestInfo, &out); *out_len = (unsigned int)i2d_X509_SIG(digestInfo, &out);
return true; return true;
} }
@@ -637,7 +637,7 @@ int SSH_write_X509(FILE *fp, X509 *x) {
return ret; return ret;
} }
switch (pkey->type) { switch (EVP_PKEY_id(pkey)) {
case EVP_PKEY_RSA: case EVP_PKEY_RSA:
case EVP_PKEY_RSA2: { case EVP_PKEY_RSA2: {
RSA *rsa; RSA *rsa;
+10 -6
View File
@@ -411,39 +411,43 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
unsigned char dmp1[128]; unsigned char dmp1[128];
unsigned char dmq1[128]; unsigned char dmq1[128];
unsigned char iqmp[128]; unsigned char iqmp[128];
const BIGNUM *bn_e, *bn_p, *bn_q, *bn_dmp1, *bn_dmq1, *bn_iqmp;
int element_len = 128; int element_len = 128;
if(algorithm == YKPIV_ALGO_RSA1024) { if(algorithm == YKPIV_ALGO_RSA1024) {
element_len = 64; element_len = 64;
} }
if((set_component(e, rsa_private_key->e, 3) == false) || RSA_get0_key(rsa_private_key, NULL, &bn_e, NULL);
RSA_get0_factors(rsa_private_key, &bn_p, &bn_q);
RSA_get0_crt_params(rsa_private_key, &bn_dmp1, &bn_dmq1, &bn_iqmp);
if((set_component(e, bn_e, 3) == false) ||
!(e[0] == 0x01 && e[1] == 0x00 && e[2] == 0x01)) { !(e[0] == 0x01 && e[1] == 0x00 && e[2] == 0x01)) {
fprintf(stderr, "Invalid public exponent for import (only 0x10001 supported)\n"); fprintf(stderr, "Invalid public exponent for import (only 0x10001 supported)\n");
goto import_out; goto import_out;
} }
if(set_component(p, rsa_private_key->p, element_len) == false) { if(set_component(p, bn_p, element_len) == false) {
fprintf(stderr, "Failed setting p component.\n"); fprintf(stderr, "Failed setting p component.\n");
goto import_out; goto import_out;
} }
if(set_component(q, rsa_private_key->q, element_len) == false) { if(set_component(q, bn_q, element_len) == false) {
fprintf(stderr, "Failed setting q component.\n"); fprintf(stderr, "Failed setting q component.\n");
goto import_out; goto import_out;
} }
if(set_component(dmp1, rsa_private_key->dmp1, element_len) == false) { if(set_component(dmp1, bn_dmp1, element_len) == false) {
fprintf(stderr, "Failed setting dmp1 component.\n"); fprintf(stderr, "Failed setting dmp1 component.\n");
goto import_out; goto import_out;
} }
if(set_component(dmq1, rsa_private_key->dmq1, element_len) == false) { if(set_component(dmq1, bn_dmq1, element_len) == false) {
fprintf(stderr, "Failed setting dmq1 component.\n"); fprintf(stderr, "Failed setting dmq1 component.\n");
goto import_out; goto import_out;
} }
if(set_component(iqmp, rsa_private_key->iqmp, element_len) == false) { if(set_component(iqmp, bn_iqmp, element_len) == false) {
fprintf(stderr, "Failed setting iqmp component.\n"); fprintf(stderr, "Failed setting iqmp component.\n");
goto import_out; goto import_out;
} }
+12 -8
View File
@@ -31,6 +31,7 @@
#include "openssl_utils.h" #include "openssl_utils.h"
#include <stdbool.h> #include <stdbool.h>
#include "../tool/util.h" // TODO: share this better? #include "../tool/util.h" // TODO: share this better?
#include "../tool/openssl-compat.h" // TODO: share this better?
#include "debug.h" #include "debug.h"
#include <string.h> #include <string.h>
@@ -115,8 +116,7 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
if(bignum_e == NULL) if(bignum_e == NULL)
goto create_empty_cert_cleanup; goto create_empty_cert_cleanup;
rsa->n = bignum_n; RSA_set0_key(rsa, bignum_n, bignum_e, NULL);
rsa->e = bignum_e;
if (EVP_PKEY_set1_RSA(key, rsa) == 0) if (EVP_PKEY_set1_RSA(key, rsa) == 0)
goto create_empty_cert_cleanup; goto create_empty_cert_cleanup;
@@ -316,7 +316,7 @@ CK_RV do_store_pubk(X509 *cert, EVP_PKEY **key) {
CK_KEY_TYPE do_get_key_type(EVP_PKEY *key) { CK_KEY_TYPE do_get_key_type(EVP_PKEY *key) {
switch (key->type) { switch (EVP_PKEY_id(key)) {
case EVP_PKEY_RSA: case EVP_PKEY_RSA:
case EVP_PKEY_RSA2: case EVP_PKEY_RSA2:
return CKK_RSA; return CKK_RSA;
@@ -349,18 +349,20 @@ CK_ULONG do_get_rsa_modulus_length(EVP_PKEY *key) {
CK_RV do_get_modulus(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) { CK_RV do_get_modulus(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
RSA *rsa; RSA *rsa;
const BIGNUM *n;
rsa = EVP_PKEY_get1_RSA(key); rsa = EVP_PKEY_get1_RSA(key);
if (rsa == NULL) if (rsa == NULL)
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
if ((CK_ULONG)BN_num_bytes(rsa->n) > *len) { RSA_get0_key(rsa, &n, NULL, NULL);
if ((CK_ULONG)BN_num_bytes(n) > *len) {
RSA_free(rsa); RSA_free(rsa);
rsa = NULL; rsa = NULL;
return CKR_BUFFER_TOO_SMALL; return CKR_BUFFER_TOO_SMALL;
} }
*len = (CK_ULONG)BN_bn2bin(rsa->n, data); *len = (CK_ULONG)BN_bn2bin(n, data);
RSA_free(rsa); RSA_free(rsa);
rsa = NULL; rsa = NULL;
@@ -372,18 +374,20 @@ CK_RV do_get_public_exponent(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len)
CK_ULONG e = 0; CK_ULONG e = 0;
RSA *rsa; RSA *rsa;
const BIGNUM *bn_e;
rsa = EVP_PKEY_get1_RSA(key); rsa = EVP_PKEY_get1_RSA(key);
if (rsa == NULL) if (rsa == NULL)
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
if ((CK_ULONG)BN_num_bytes(rsa->e) > *len) { RSA_get0_key(rsa, NULL, &bn_e, NULL);
if ((CK_ULONG)BN_num_bytes(bn_e) > *len) {
RSA_free(rsa); RSA_free(rsa);
rsa = NULL; rsa = NULL;
return CKR_BUFFER_TOO_SMALL; return CKR_BUFFER_TOO_SMALL;
} }
*len = (CK_ULONG)BN_bn2bin(rsa->e, data); *len = (CK_ULONG)BN_bn2bin(bn_e, data);
RSA_free(rsa); RSA_free(rsa);
rsa = NULL; rsa = NULL;
@@ -406,7 +410,7 @@ CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
const EC_POINT *ecp; const EC_POINT *ecp;
point_conversion_form_t pcf = POINT_CONVERSION_UNCOMPRESSED; point_conversion_form_t pcf = POINT_CONVERSION_UNCOMPRESSED;
switch(key->type) { switch(EVP_PKEY_id(key)) {
case EVP_PKEY_RSA: case EVP_PKEY_RSA:
case EVP_PKEY_RSA2: case EVP_PKEY_RSA2: