Initial idea of openssl-1.1.0 compatibility (still missing some magic around certificates)
This commit is contained in:
+1
-1
@@ -40,7 +40,7 @@ noinst_LTLIBRARIES = libpiv_cmd.la libpiv_util.la
|
|||||||
libpiv_cmd_la_SOURCES = cmdline.ggo cmdline.c cmdline.h
|
libpiv_cmd_la_SOURCES = cmdline.ggo cmdline.c cmdline.h
|
||||||
libpiv_cmd_la_CFLAGS =
|
libpiv_cmd_la_CFLAGS =
|
||||||
|
|
||||||
libpiv_util_la_SOURCES = util.c util.h
|
libpiv_util_la_SOURCES = util.c util.h openssl-compat.c
|
||||||
libpiv_util_la_LIBADD = $(top_builddir)/lib/libykpiv.la $(OPENSSL_LIBS)
|
libpiv_util_la_LIBADD = $(top_builddir)/lib/libykpiv.la $(OPENSSL_LIBS)
|
||||||
|
|
||||||
cmdline.c cmdline.h: cmdline.ggo Makefile.am $(top_srcdir)/configure.ac
|
cmdline.c cmdline.h: cmdline.ggo Makefile.am $(top_srcdir)/configure.ac
|
||||||
|
|||||||
@@ -0,0 +1,53 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||||
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
* in the file LICENSE in the source distribution or at
|
||||||
|
* https://www.openssl.org/source/license.html
|
||||||
|
*/
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
#include <openssl/engine.h>
|
||||||
|
|
||||||
|
|
||||||
|
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
|
||||||
|
{
|
||||||
|
/* If the fields n and e in r are NULL, the corresponding input
|
||||||
|
* parameters MUST be non-NULL for n and e. d may be
|
||||||
|
* left NULL (in case only the public key is used).
|
||||||
|
*/
|
||||||
|
if ((r->n == NULL && n == NULL)
|
||||||
|
|| (r->e == NULL && e == NULL))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
if (n != NULL) {
|
||||||
|
BN_free(r->n);
|
||||||
|
r->n = n;
|
||||||
|
}
|
||||||
|
if (e != NULL) {
|
||||||
|
BN_free(r->e);
|
||||||
|
r->e = e;
|
||||||
|
}
|
||||||
|
if (d != NULL) {
|
||||||
|
BN_free(r->d);
|
||||||
|
r->d = d;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
void RSA_get0_key(const RSA *r,
|
||||||
|
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
|
||||||
|
{
|
||||||
|
if (n != NULL)
|
||||||
|
*n = r->n;
|
||||||
|
if (e != NULL)
|
||||||
|
*e = r->e;
|
||||||
|
if (d != NULL)
|
||||||
|
*d = r->d;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* OPENSSL_VERSION_NUMBER */
|
||||||
@@ -0,0 +1,27 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||||
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
* in the file LICENSE in the source distribution or at
|
||||||
|
* https://www.openssl.org/source/license.html
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef LIBCRYPTO_COMPAT_H
|
||||||
|
#define LIBCRYPTO_COMPAT_H
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
|
|
||||||
|
#include <openssl/rsa.h>
|
||||||
|
#include <openssl/dsa.h>
|
||||||
|
#include <openssl/ecdsa.h>
|
||||||
|
#include <openssl/dh.h>
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
|
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
|
||||||
|
void RSA_get0_key(const RSA *r,
|
||||||
|
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
|
||||||
|
|
||||||
|
#endif /* OPENSSL_VERSION_NUMBER */
|
||||||
|
#endif /* LIBCRYPTO_COMPAT_H */
|
||||||
|
|
||||||
+6
-3
@@ -37,6 +37,7 @@
|
|||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#include "openssl-compat.h"
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
@@ -61,7 +62,7 @@ FILE *open_file(const char *file_name, int mode) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
unsigned char get_algorithm(EVP_PKEY *key) {
|
unsigned char get_algorithm(EVP_PKEY *key) {
|
||||||
int type = EVP_PKEY_type(key->type);
|
int type = EVP_PKEY_type(EVP_PKEY_id(key));
|
||||||
switch(type) {
|
switch(type) {
|
||||||
case EVP_PKEY_RSA:
|
case EVP_PKEY_RSA:
|
||||||
{
|
{
|
||||||
@@ -641,15 +642,17 @@ int SSH_write_X509(FILE *fp, X509 *x) {
|
|||||||
case EVP_PKEY_RSA2: {
|
case EVP_PKEY_RSA2: {
|
||||||
RSA *rsa;
|
RSA *rsa;
|
||||||
unsigned char n[256];
|
unsigned char n[256];
|
||||||
|
const BIGNUM *bn_n;
|
||||||
|
|
||||||
char rsa_id[] = "\x00\x00\x00\x07ssh-rsa";
|
char rsa_id[] = "\x00\x00\x00\x07ssh-rsa";
|
||||||
char rsa_f4[] = "\x00\x00\x00\x03\x01\x00\x01";
|
char rsa_f4[] = "\x00\x00\x00\x03\x01\x00\x01";
|
||||||
|
|
||||||
rsa = EVP_PKEY_get1_RSA(pkey);
|
rsa = EVP_PKEY_get1_RSA(pkey);
|
||||||
|
RSA_get0_key(rsa, &bn_n, NULL, NULL);
|
||||||
|
|
||||||
set_component(n, rsa->n, RSA_size(rsa));
|
set_component(n, bn_n, RSA_size(rsa));
|
||||||
|
|
||||||
uint32_t bytes = BN_num_bytes(rsa->n);
|
uint32_t bytes = BN_num_bytes(bn_n);
|
||||||
char len_buf[5];
|
char len_buf[5];
|
||||||
int len = 4;
|
int len = 4;
|
||||||
|
|
||||||
|
|||||||
@@ -42,6 +42,7 @@
|
|||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#include "openssl-compat.h"
|
||||||
#include <openssl/des.h>
|
#include <openssl/des.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
#include <openssl/pkcs12.h>
|
#include <openssl/pkcs12.h>
|
||||||
@@ -234,8 +235,7 @@ static bool generate_key(ykpiv_state *state, const char *slot,
|
|||||||
goto generate_out;
|
goto generate_out;
|
||||||
}
|
}
|
||||||
|
|
||||||
rsa->n = bignum_n;
|
RSA_set0_key(rsa, bignum_n, bignum_e, NULL);
|
||||||
rsa->e = bignum_e;
|
|
||||||
EVP_PKEY_set1_RSA(public_key, rsa);
|
EVP_PKEY_set1_RSA(public_key, rsa);
|
||||||
} else if(algorithm == algorithm_arg_ECCP256 || algorithm == algorithm_arg_ECCP384) {
|
} else if(algorithm == algorithm_arg_ECCP256 || algorithm == algorithm_arg_ECCP384) {
|
||||||
EC_GROUP *group;
|
EC_GROUP *group;
|
||||||
|
|||||||
Reference in New Issue
Block a user