1 From 72fe7011fe981f90a04a62a3fb6ad33037390dff Mon Sep 17 00:00:00 2001
2 From: Michal Schmidt <mschmidt@redhat.com>
3 Date: Mon, 20 Feb 2017 10:43:10 +0100
4 Subject: [PATCH 2/3] Fix build with OpenSSL 1.1 due to RSA being an opaque
7 RSA is an opaque struct in OpenSSL 1.1. New getter functions must be
8 used to access the key components. The functions were not present in
9 OpenSSL 1.0, so add a compat header with the implementation of the
10 needed functions as suggested by the OpenSSL wiki [1] in order to allow
11 building tpm-tools with any version of OpenSSL.
13 [1] https://wiki.openssl.org/index.php/1.1_API_Changes
15 src/data_mgmt/Makefile.am | 3 ++-
16 src/data_mgmt/data_import.c | 52 ++++++++++++++++++++++---------------
17 src/data_mgmt/openssl_compat.h | 58 ++++++++++++++++++++++++++++++++++++++++++
18 3 files changed, 92 insertions(+), 21 deletions(-)
19 create mode 100644 src/data_mgmt/openssl_compat.h
21 diff --git a/src/data_mgmt/Makefile.am b/src/data_mgmt/Makefile.am
22 index de505e48ef..9457618ab9 100644
23 --- a/src/data_mgmt/Makefile.am
24 +++ b/src/data_mgmt/Makefile.am
25 @@ -32,7 +32,8 @@ noinst_HEADERS = data_common.h \
35 diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c
36 index d4d2052bc6..532543f7d3 100644
37 --- a/src/data_mgmt/data_import.c
38 +++ b/src/data_mgmt/data_import.c
40 #include <openssl/evp.h>
41 #include <openssl/err.h>
43 +#include "openssl_compat.h"
47 @@ -691,8 +692,11 @@ createRsaPubKeyObject( RSA *a_pRsa,
51 - int nLen = BN_num_bytes( a_pRsa->n );
52 - int eLen = BN_num_bytes( a_pRsa->e );
53 + const BIGNUM *rsa_n, *rsa_e;
54 + RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, NULL );
56 + int nLen = BN_num_bytes( rsa_n );
57 + int eLen = BN_num_bytes( rsa_e );
61 @@ -732,8 +736,8 @@ createRsaPubKeyObject( RSA *a_pRsa,
64 // Get binary representations of the RSA key information
65 - BN_bn2bin( a_pRsa->n, n );
66 - BN_bn2bin( a_pRsa->e, e );
67 + BN_bn2bin( rsa_n, n );
68 + BN_bn2bin( rsa_e, e );
70 // Create the RSA public key object
71 rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
72 @@ -760,14 +764,22 @@ createRsaPrivKeyObject( RSA *a_pRsa,
76 - int nLen = BN_num_bytes( a_pRsa->n );
77 - int eLen = BN_num_bytes( a_pRsa->e );
78 - int dLen = BN_num_bytes( a_pRsa->d );
79 - int pLen = BN_num_bytes( a_pRsa->p );
80 - int qLen = BN_num_bytes( a_pRsa->q );
81 - int dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
82 - int dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
83 - int iqmpLen = BN_num_bytes( a_pRsa->iqmp );
84 + const BIGNUM *rsa_n, *rsa_e, *rsa_d;
85 + const BIGNUM *rsa_p, *rsa_q;
86 + const BIGNUM *rsa_dmp1, *rsa_dmq1, *rsa_iqmp;
88 + RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, &rsa_d );
89 + RSA_get0_factors( a_pRsa, &rsa_p, &rsa_q );
90 + RSA_get0_crt_params( a_pRsa, &rsa_dmp1, &rsa_dmq1, &rsa_iqmp );
92 + int nLen = BN_num_bytes( rsa_n );
93 + int eLen = BN_num_bytes( rsa_e );
94 + int dLen = BN_num_bytes( rsa_d );
95 + int pLen = BN_num_bytes( rsa_p );
96 + int qLen = BN_num_bytes( rsa_q );
97 + int dmp1Len = BN_num_bytes( rsa_dmp1 );
98 + int dmq1Len = BN_num_bytes( rsa_dmq1 );
99 + int iqmpLen = BN_num_bytes( rsa_iqmp );
103 @@ -821,14 +833,14 @@ createRsaPrivKeyObject( RSA *a_pRsa,
106 // Get binary representations of the RSA key information
107 - BN_bn2bin( a_pRsa->n, n );
108 - BN_bn2bin( a_pRsa->e, e );
109 - BN_bn2bin( a_pRsa->d, d );
110 - BN_bn2bin( a_pRsa->p, p );
111 - BN_bn2bin( a_pRsa->q, q );
112 - BN_bn2bin( a_pRsa->dmp1, dmp1 );
113 - BN_bn2bin( a_pRsa->dmq1, dmq1 );
114 - BN_bn2bin( a_pRsa->iqmp, iqmp );
115 + BN_bn2bin( rsa_n, n );
116 + BN_bn2bin( rsa_e, e );
117 + BN_bn2bin( rsa_d, d );
118 + BN_bn2bin( rsa_p, p );
119 + BN_bn2bin( rsa_q, q );
120 + BN_bn2bin( rsa_dmp1, dmp1 );
121 + BN_bn2bin( rsa_dmq1, dmq1 );
122 + BN_bn2bin( rsa_iqmp, iqmp );
124 // Create the RSA private key object
125 rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
126 diff --git a/src/data_mgmt/openssl_compat.h b/src/data_mgmt/openssl_compat.h
128 index 0000000000..2a60fdf492
130 +++ b/src/data_mgmt/openssl_compat.h
133 + * Getter functions for OpenSSL < 1.1 compatibility. Based on code from:
134 + * https://wiki.openssl.org/index.php/1.1_API_Changes#Adding_forward-compatible_code_to_older_versions
136 + * Copyright OpenSSL 2016
137 + * Contents licensed under the terms of the OpenSSL license
138 + * See http://www.openssl.org/source/license.html for details
141 +#ifndef __OPENSSL_COMPAT_H
142 +#define __OPENSSL_COMPAT_H
144 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
146 +#include <openssl/engine.h>
149 +RSA_get0_key( const RSA *r,
152 + const BIGNUM **d ) {
163 +RSA_get0_factors( const RSA *r,
165 + const BIGNUM **q ) {
174 +RSA_get0_crt_params( const RSA *r,
175 + const BIGNUM **dmp1,
176 + const BIGNUM **dmq1,
177 + const BIGNUM **iqmp ) {
187 +#endif /* OPENSSL_VERSION_NUMBER */
189 +#endif /* __OPENSSL_COMPAT_H */