diff --git a/tool/Makefile.am b/tool/Makefile.am index 4a1657b..aa024a0 100644 --- a/tool/Makefile.am +++ b/tool/Makefile.am @@ -40,7 +40,7 @@ noinst_LTLIBRARIES = libpiv_cmd.la libpiv_util.la libpiv_cmd_la_SOURCES = cmdline.ggo cmdline.c cmdline.h libpiv_cmd_la_CFLAGS = -libpiv_util_la_SOURCES = util.c util.h +libpiv_util_la_SOURCES = util.c util.h openssl-compat.c libpiv_util_la_LIBADD = $(top_builddir)/lib/libykpiv.la $(OPENSSL_LIBS) cmdline.c cmdline.h: cmdline.ggo Makefile.am $(top_srcdir)/configure.ac diff --git a/tool/openssl-compat.c b/tool/openssl-compat.c new file mode 100644 index 0000000..b8b274b --- /dev/null +++ b/tool/openssl-compat.c @@ -0,0 +1,53 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +#include +#include + + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) +{ + /* If the fields n and e in r are NULL, the corresponding input + * parameters MUST be non-NULL for n and e. d may be + * left NULL (in case only the public key is used). + */ + if ((r->n == NULL && n == NULL) + || (r->e == NULL && e == NULL)) + return 0; + + if (n != NULL) { + BN_free(r->n); + r->n = n; + } + if (e != NULL) { + BN_free(r->e); + r->e = e; + } + if (d != NULL) { + BN_free(r->d); + r->d = d; + } + + return 1; +} + +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +{ + if (n != NULL) + *n = r->n; + if (e != NULL) + *e = r->e; + if (d != NULL) + *d = r->d; +} + +#endif /* OPENSSL_VERSION_NUMBER */ diff --git a/tool/openssl-compat.h b/tool/openssl-compat.h new file mode 100644 index 0000000..d5e9f7a --- /dev/null +++ b/tool/openssl-compat.h @@ -0,0 +1,27 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef LIBCRYPTO_COMPAT_H +#define LIBCRYPTO_COMPAT_H + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +#include +#include +#include +#include +#include + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); + +#endif /* OPENSSL_VERSION_NUMBER */ +#endif /* LIBCRYPTO_COMPAT_H */ + diff --git a/tool/util.c b/tool/util.c index baea3f1..678de85 100644 --- a/tool/util.c +++ b/tool/util.c @@ -37,6 +37,7 @@ #include #endif +#include "openssl-compat.h" #include #include #include @@ -61,7 +62,7 @@ FILE *open_file(const char *file_name, int mode) { } unsigned char get_algorithm(EVP_PKEY *key) { - int type = EVP_PKEY_type(key->type); + int type = EVP_PKEY_type(EVP_PKEY_id(key)); switch(type) { case EVP_PKEY_RSA: { @@ -641,15 +642,17 @@ int SSH_write_X509(FILE *fp, X509 *x) { case EVP_PKEY_RSA2: { RSA *rsa; unsigned char n[256]; + const BIGNUM *bn_n; char rsa_id[] = "\x00\x00\x00\x07ssh-rsa"; char rsa_f4[] = "\x00\x00\x00\x03\x01\x00\x01"; rsa = EVP_PKEY_get1_RSA(pkey); + RSA_get0_key(rsa, &bn_n, NULL, NULL); - set_component(n, rsa->n, RSA_size(rsa)); + set_component(n, bn_n, RSA_size(rsa)); - uint32_t bytes = BN_num_bytes(rsa->n); + uint32_t bytes = BN_num_bytes(bn_n); char len_buf[5]; int len = 4; diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index 757e1c4..5bf5df4 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -42,6 +42,7 @@ #include #endif +#include "openssl-compat.h" #include #include #include @@ -234,8 +235,7 @@ static bool generate_key(ykpiv_state *state, const char *slot, goto generate_out; } - rsa->n = bignum_n; - rsa->e = bignum_e; + RSA_set0_key(rsa, bignum_n, bignum_e, NULL); EVP_PKEY_set1_RSA(public_key, rsa); } else if(algorithm == algorithm_arg_ECCP256 || algorithm == algorithm_arg_ECCP384) { EC_GROUP *group;