diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-06-27 12:36:32 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-06-29 11:09:37 +0200 |
| commit | 6688f7986eaa3defeb6136021d635e53a5f4cfdb (patch) | |
| tree | 8969b439ea4bdcd74c587e52ff09b108821abcf6 /src | |
| parent | 3fb2c8edb7bf15969ff99b6bbb2e6cf789193b87 (diff) | |
| download | strongswan-6688f7986eaa3defeb6136021d635e53a5f4cfdb.tar.bz2 strongswan-6688f7986eaa3defeb6136021d635e53a5f4cfdb.tar.xz | |
openssl: Update ECDSA API to OpenSSL 1.1.0
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_ec_private_key.c | 10 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_ec_public_key.c | 19 |
2 files changed, 24 insertions, 5 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index bc7884c99..24fe623eb 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -28,6 +28,10 @@ #include <openssl/ecdsa.h> #include <openssl/x509.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s) +#endif + typedef struct private_openssl_ec_private_key_t private_openssl_ec_private_key_t; /** @@ -59,15 +63,17 @@ bool openssl_ec_fingerprint(EC_KEY *ec, cred_encoding_type_t type, chunk_t *fp); static bool build_signature(private_openssl_ec_private_key_t *this, chunk_t hash, chunk_t *signature) { - bool built = FALSE; + const BIGNUM *r, *s; ECDSA_SIG *sig; + bool built = FALSE; sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec); if (sig) { + ECDSA_SIG_get0(sig, &r, &s); /* concatenate BNs r/s to a signature chunk */ built = openssl_bn_cat(EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)), - sig->r, sig->s, signature); + r, s, signature); ECDSA_SIG_free(sig); } return built; diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index 21dcb0120..a1e56fc5e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -27,6 +27,10 @@ #include <openssl/ecdsa.h> #include <openssl/x509.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s) +#endif + typedef struct private_openssl_ec_public_key_t private_openssl_ec_public_key_t; /** @@ -55,14 +59,23 @@ struct private_openssl_ec_public_key_t { static bool verify_signature(private_openssl_ec_public_key_t *this, chunk_t hash, chunk_t signature) { - bool valid = FALSE; + BIGNUM *r, *s; ECDSA_SIG *sig; + bool valid = FALSE; sig = ECDSA_SIG_new(); if (sig) { - /* split the signature chunk in r and s */ - if (openssl_bn_split(signature, sig->r, sig->s)) + r = BN_new(); + s = BN_new(); + if (!openssl_bn_split(signature, r, s)) + { + BN_free(r); + BN_free(s); + ECDSA_SIG_free(sig); + return FALSE; + } + if (ECDSA_SIG_set0(sig, r, s)) { valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1); } |