diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-06-27 12:08:29 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-06-29 11:09:37 +0200 |
| commit | 3fb2c8edb7bf15969ff99b6bbb2e6cf789193b87 (patch) | |
| tree | 4fba119d1b3c1e64a3d9593a6707d24a63f2019d | |
| parent | 375a5ed2400ba51918f01623ee0067acb2960d9d (diff) | |
| download | strongswan-3fb2c8edb7bf15969ff99b6bbb2e6cf789193b87.tar.bz2 strongswan-3fb2c8edb7bf15969ff99b6bbb2e6cf789193b87.tar.xz | |
openssl: Update RSA API to OpenSSL 1.1.0
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c | 41 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c | 27 |
2 files changed, 52 insertions, 16 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index de02f302d..485e0bbc7 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -20,6 +20,7 @@ #include "openssl_rsa_private_key.h" #include "openssl_rsa_public_key.h" +#include "openssl_util.h" #include <utils/debug.h> @@ -35,6 +36,12 @@ */ #define PUBLIC_EXPONENT 0x10001 +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) +OPENSSL_KEY_FALLBACK(RSA, factors, p, q) +OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp) +#endif + typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t; /** @@ -436,22 +443,38 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, } else if (n.ptr && e.ptr && d.ptr && p.ptr && q.ptr && coeff.ptr) { + BIGNUM *bn_n, *bn_e, *bn_d, *bn_p, *bn_q; + BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; + this->rsa = RSA_new(); - this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); - this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); - this->rsa->d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL); - this->rsa->p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL); - this->rsa->q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL); + + bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); + bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); + bn_d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL); + if (!RSA_set0_key(this->rsa, bn_n, bn_e, bn_d)) + { + destroy(this); + return NULL; + + } + bn_p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL); + bn_q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL); + if (!RSA_set0_factors(this->rsa, bn_p, bn_q)) + { + destroy(this); + return NULL; + } if (exp1.ptr) { - this->rsa->dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL); + dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL); } if (exp2.ptr) { - this->rsa->dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL); + dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL); } - this->rsa->iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL); - if (RSA_check_key(this->rsa) == 1) + iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL); + if (RSA_set0_crt_params(this->rsa, dmp1, dmq1, iqmp) && + RSA_check_key(this->rsa) == 1) { return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index db928569f..d66d5016e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -28,6 +28,10 @@ #include <openssl/rsa.h> #include <openssl/x509.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) +#endif + typedef struct private_openssl_rsa_public_key_t private_openssl_rsa_public_key_t; /** @@ -224,11 +228,13 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp) break; default: { + const BIGNUM *bn_n, *bn_e; chunk_t n = chunk_empty, e = chunk_empty; bool success = FALSE; - if (openssl_bn2chunk(rsa->n, &n) && - openssl_bn2chunk(rsa->e, &e)) + RSA_get0_key(rsa, &bn_n, &bn_e, NULL); + if (openssl_bn2chunk(bn_n, &n) && + openssl_bn2chunk(bn_e, &e)) { success = lib->encoding->encode(lib->encoding, type, rsa, fp, CRED_PART_RSA_MODULUS, n, @@ -297,10 +303,12 @@ METHOD(public_key_t, get_encoding, bool, } default: { + const BIGNUM *bn_n, *bn_e; chunk_t n = chunk_empty, e = chunk_empty; - if (openssl_bn2chunk(this->rsa->n, &n) && - openssl_bn2chunk(this->rsa->e, &e)) + RSA_get0_key(this->rsa, &bn_n, &bn_e, NULL); + if (openssl_bn2chunk(bn_n, &n) && + openssl_bn2chunk(bn_e, &e)) { success = lib->encoding->encode(lib->encoding, type, NULL, encoding, CRED_PART_RSA_MODULUS, n, @@ -416,10 +424,15 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type, } else if (n.ptr && e.ptr && type == KEY_RSA) { + BIGNUM *bn_n, *bn_e; + this->rsa = RSA_new(); - this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); - this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); - return &this->public; + bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); + bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); + if (RSA_set0_key(this->rsa, bn_n, bn_e, NULL)) + { + return &this->public; + } } destroy(this); return NULL; |