0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch

   1 From 72fe7011fe981f90a04a62a3fb6ad33037390dff Mon Sep 17 00:00:00 2001
   2 From: Michal Schmidt <mschmidt@redhat.com>
   3 Date: Mon, 20 Feb 2017 10:43:10 +0100
   4 Subject: [PATCH 2/3] Fix build with OpenSSL 1.1 due to RSA being an opaque
   5  struct
   6
   7 RSA is an opaque struct in OpenSSL 1.1. New getter functions must be
   8 used to access the key components. The functions were not present in
   9 OpenSSL 1.0, so add a compat header with the implementation of the
  10 needed functions as suggested by the OpenSSL wiki [1] in order to allow
  11 building tpm-tools with any version of OpenSSL.
  12
  13 [1] https://wiki.openssl.org/index.php/1.1_API_Changes
  14 ---
  15  src/data_mgmt/Makefile.am      |  3 ++-
  16  src/data_mgmt/data_import.c    | 52 ++++++++++++++++++++++---------------
  17  src/data_mgmt/openssl_compat.h | 58 ++++++++++++++++++++++++++++++++++++++++++
  18  3 files changed, 92 insertions(+), 21 deletions(-)
  19  create mode 100644 src/data_mgmt/openssl_compat.h
  20
  21 diff --git a/src/data_mgmt/Makefile.am b/src/data_mgmt/Makefile.am
  22 index de505e48ef..9457618ab9 100644
  23 --- a/src/data_mgmt/Makefile.am
  24 +++ b/src/data_mgmt/Makefile.am
  25 @@ -32,7 +32,8 @@ noinst_HEADERS =      data_common.h \
  26                         data_init.h \
  27                         data_object.h \
  28                         data_passwd.h \
  29 -                       data_protect.h
  30 +                       data_protect.h \
  31 +                       openssl_compat.h
  32
  33  #
  34  # Common build flags
  35 diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c
  36 index d4d2052bc6..532543f7d3 100644
  37 --- a/src/data_mgmt/data_import.c
  38 +++ b/src/data_mgmt/data_import.c
  39 @@ -39,6 +39,7 @@
  40  #include <openssl/evp.h>
  41  #include <openssl/err.h>
  42
  43 +#include "openssl_compat.h"
  44
  45  /*
  46   * Global variables
  47 @@ -691,8 +692,11 @@ createRsaPubKeyObject( RSA               *a_pRsa,
  48
  49         int  rc = -1;
  50
  51 -       int  nLen = BN_num_bytes( a_pRsa->n );
  52 -       int  eLen = BN_num_bytes( a_pRsa->e );
  53 +       const BIGNUM *rsa_n, *rsa_e;
  54 +       RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, NULL );
  55 +
  56 +       int  nLen = BN_num_bytes( rsa_n );
  57 +       int  eLen = BN_num_bytes( rsa_e );
  58
  59         CK_RV  rv;
  60
  61 @@ -732,8 +736,8 @@ createRsaPubKeyObject( RSA               *a_pRsa,
  62         }
  63
  64         // Get binary representations of the RSA key information
  65 -       BN_bn2bin( a_pRsa->n, n );
  66 -       BN_bn2bin( a_pRsa->e, e );
  67 +       BN_bn2bin( rsa_n, n );
  68 +       BN_bn2bin( rsa_e, e );
  69
  70         // Create the RSA public key object
  71         rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
  72 @@ -760,14 +764,22 @@ createRsaPrivKeyObject( RSA               *a_pRsa,
  73
  74         int  rc = -1;
  75
  76 -       int  nLen = BN_num_bytes( a_pRsa->n );
  77 -       int  eLen = BN_num_bytes( a_pRsa->e );
  78 -       int  dLen = BN_num_bytes( a_pRsa->d );
  79 -       int  pLen = BN_num_bytes( a_pRsa->p );
  80 -       int  qLen = BN_num_bytes( a_pRsa->q );
  81 -       int  dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
  82 -       int  dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
  83 -       int  iqmpLen = BN_num_bytes( a_pRsa->iqmp );
  84 +       const BIGNUM *rsa_n, *rsa_e, *rsa_d;
  85 +       const BIGNUM *rsa_p, *rsa_q;
  86 +       const BIGNUM *rsa_dmp1, *rsa_dmq1, *rsa_iqmp;
  87 +
  88 +       RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, &rsa_d );
  89 +       RSA_get0_factors( a_pRsa, &rsa_p, &rsa_q );
  90 +       RSA_get0_crt_params( a_pRsa, &rsa_dmp1, &rsa_dmq1, &rsa_iqmp );
  91 +
  92 +       int  nLen = BN_num_bytes( rsa_n );
  93 +       int  eLen = BN_num_bytes( rsa_e );
  94 +       int  dLen = BN_num_bytes( rsa_d );
  95 +       int  pLen = BN_num_bytes( rsa_p );
  96 +       int  qLen = BN_num_bytes( rsa_q );
  97 +       int  dmp1Len = BN_num_bytes( rsa_dmp1 );
  98 +       int  dmq1Len = BN_num_bytes( rsa_dmq1 );
  99 +       int  iqmpLen = BN_num_bytes( rsa_iqmp );
 100
 101         CK_RV  rv;
 102
 103 @@ -821,14 +833,14 @@ createRsaPrivKeyObject( RSA               *a_pRsa,
 104         }
 105
 106         // Get binary representations of the RSA key information
 107 -       BN_bn2bin( a_pRsa->n, n );
 108 -       BN_bn2bin( a_pRsa->e, e );
 109 -       BN_bn2bin( a_pRsa->d, d );
 110 -       BN_bn2bin( a_pRsa->p, p );
 111 -       BN_bn2bin( a_pRsa->q, q );
 112 -       BN_bn2bin( a_pRsa->dmp1, dmp1 );
 113 -       BN_bn2bin( a_pRsa->dmq1, dmq1 );
 114 -       BN_bn2bin( a_pRsa->iqmp, iqmp );
 115 +       BN_bn2bin( rsa_n, n );
 116 +       BN_bn2bin( rsa_e, e );
 117 +       BN_bn2bin( rsa_d, d );
 118 +       BN_bn2bin( rsa_p, p );
 119 +       BN_bn2bin( rsa_q, q );
 120 +       BN_bn2bin( rsa_dmp1, dmp1 );
 121 +       BN_bn2bin( rsa_dmq1, dmq1 );
 122 +       BN_bn2bin( rsa_iqmp, iqmp );
 123
 124         // Create the RSA private key object
 125         rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
 126 diff --git a/src/data_mgmt/openssl_compat.h b/src/data_mgmt/openssl_compat.h
 127 new file mode 100644
 128 index 0000000000..2a60fdf492
 129 --- /dev/null
 130 +++ b/src/data_mgmt/openssl_compat.h
 131 @@ -0,0 +1,58 @@
 132 +/*
 133 + * Getter functions for OpenSSL < 1.1 compatibility. Based on code from:
 134 + * https://wiki.openssl.org/index.php/1.1_API_Changes#Adding_forward-compatible_code_to_older_versions
 135 + * and therefore:
 136 + * Copyright OpenSSL 2016
 137 + * Contents licensed under the terms of the OpenSSL license
 138 + * See http://www.openssl.org/source/license.html for details
 139 + */
 140 +
 141 +#ifndef __OPENSSL_COMPAT_H
 142 +#define __OPENSSL_COMPAT_H
 143 +
 144 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 145 +
 146 +#include <openssl/engine.h>
 147 +
 148 +static inline void
 149 +RSA_get0_key( const RSA *r,
 150 +              const BIGNUM **n,
 151 +              const BIGNUM **e,
 152 +              const BIGNUM **d ) {
 153 +
 154 +       if ( n )
 155 +               *n = r->n;
 156 +       if ( e )
 157 +               *e = r->e;
 158 +       if ( d )
 159 +               *d = r->d;
 160 +}
 161 +
 162 +static inline void
 163 +RSA_get0_factors( const RSA *r,
 164 +                  const BIGNUM **p,
 165 +                  const BIGNUM **q ) {
 166 +
 167 +       if ( p )
 168 +               *p = r->p;
 169 +       if ( q )
 170 +               *q = r->q;
 171 +}
 172 +
 173 +static inline void
 174 +RSA_get0_crt_params( const RSA *r,
 175 +                     const BIGNUM **dmp1,
 176 +                     const BIGNUM **dmq1,
 177 +                     const BIGNUM **iqmp ) {
 178 +
 179 +       if ( dmp1 )
 180 +               *dmp1 = r->dmp1;
 181 +       if ( dmq1 )
 182 +               *dmq1 = r->dmq1;
 183 +       if ( iqmp )
 184 +               *iqmp = r->iqmp;
 185 +}
 186 +
 187 +#endif /* OPENSSL_VERSION_NUMBER */
 188 +
 189 +#endif /* __OPENSSL_COMPAT_H */
 190 --
 191 2.9.3
 192