[packages/tpm-tools.git] / 0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch

From 72fe7011fe981f90a04a62a3fb6ad33037390dff Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Mon, 20 Feb 2017 10:43:10 +0100
Subject: [PATCH 2/3] Fix build with OpenSSL 1.1 due to RSA being an opaque
 struct

RSA is an opaque struct in OpenSSL 1.1. New getter functions must be
used to access the key components. The functions were not present in
OpenSSL 1.0, so add a compat header with the implementation of the
needed functions as suggested by the OpenSSL wiki [1] in order to allow
building tpm-tools with any version of OpenSSL.

[1] https://wiki.openssl.org/index.php/1.1_API_Changes
---
 src/data_mgmt/Makefile.am      |  3 ++-
 src/data_mgmt/data_import.c    | 52 ++++++++++++++++++++++---------------
 src/data_mgmt/openssl_compat.h | 58 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 92 insertions(+), 21 deletions(-)
 create mode 100644 src/data_mgmt/openssl_compat.h

diff --git a/src/data_mgmt/Makefile.am b/src/data_mgmt/Makefile.am
index de505e48ef..9457618ab9 100644
--- a/src/data_mgmt/Makefile.am
+++ b/src/data_mgmt/Makefile.am
@@ -32,7 +32,8 @@ noinst_HEADERS =	data_common.h \
 			data_init.h \
 			data_object.h \
 			data_passwd.h \
-			data_protect.h
+			data_protect.h \
+			openssl_compat.h
 
 #
 # Common build flags
diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c
index d4d2052bc6..532543f7d3 100644
--- a/src/data_mgmt/data_import.c
+++ b/src/data_mgmt/data_import.c
@@ -39,6 +39,7 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 
+#include "openssl_compat.h"
 
 /*
  * Global variables
@@ -691,8 +692,11 @@ createRsaPubKeyObject( RSA               *a_pRsa,
 
 	int  rc = -1;
 
-	int  nLen = BN_num_bytes( a_pRsa->n );
-	int  eLen = BN_num_bytes( a_pRsa->e );
+	const BIGNUM *rsa_n, *rsa_e;
+	RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, NULL );
+
+	int  nLen = BN_num_bytes( rsa_n );
+	int  eLen = BN_num_bytes( rsa_e );
 
 	CK_RV  rv;
 
@@ -732,8 +736,8 @@ createRsaPubKeyObject( RSA               *a_pRsa,
 	}
 
 	// Get binary representations of the RSA key information
-	BN_bn2bin( a_pRsa->n, n );
-	BN_bn2bin( a_pRsa->e, e );
+	BN_bn2bin( rsa_n, n );
+	BN_bn2bin( rsa_e, e );
 
 	// Create the RSA public key object
 	rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
@@ -760,14 +764,22 @@ createRsaPrivKeyObject( RSA               *a_pRsa,
 
 	int  rc = -1;
 
-	int  nLen = BN_num_bytes( a_pRsa->n );
-	int  eLen = BN_num_bytes( a_pRsa->e );
-	int  dLen = BN_num_bytes( a_pRsa->d );
-	int  pLen = BN_num_bytes( a_pRsa->p );
-	int  qLen = BN_num_bytes( a_pRsa->q );
-	int  dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
-	int  dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
-	int  iqmpLen = BN_num_bytes( a_pRsa->iqmp );
+	const BIGNUM *rsa_n, *rsa_e, *rsa_d;
+	const BIGNUM *rsa_p, *rsa_q;
+	const BIGNUM *rsa_dmp1, *rsa_dmq1, *rsa_iqmp;
+
+	RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, &rsa_d );
+	RSA_get0_factors( a_pRsa, &rsa_p, &rsa_q );
+	RSA_get0_crt_params( a_pRsa, &rsa_dmp1, &rsa_dmq1, &rsa_iqmp );
+
+	int  nLen = BN_num_bytes( rsa_n );
+	int  eLen = BN_num_bytes( rsa_e );
+	int  dLen = BN_num_bytes( rsa_d );
+	int  pLen = BN_num_bytes( rsa_p );
+	int  qLen = BN_num_bytes( rsa_q );
+	int  dmp1Len = BN_num_bytes( rsa_dmp1 );
+	int  dmq1Len = BN_num_bytes( rsa_dmq1 );
+	int  iqmpLen = BN_num_bytes( rsa_iqmp );
 
 	CK_RV  rv;
 
@@ -821,14 +833,14 @@ createRsaPrivKeyObject( RSA               *a_pRsa,
 	}
 
 	// Get binary representations of the RSA key information
-	BN_bn2bin( a_pRsa->n, n );
-	BN_bn2bin( a_pRsa->e, e );
-	BN_bn2bin( a_pRsa->d, d );
-	BN_bn2bin( a_pRsa->p, p );
-	BN_bn2bin( a_pRsa->q, q );
-	BN_bn2bin( a_pRsa->dmp1, dmp1 );
-	BN_bn2bin( a_pRsa->dmq1, dmq1 );
-	BN_bn2bin( a_pRsa->iqmp, iqmp );
+	BN_bn2bin( rsa_n, n );
+	BN_bn2bin( rsa_e, e );
+	BN_bn2bin( rsa_d, d );
+	BN_bn2bin( rsa_p, p );
+	BN_bn2bin( rsa_q, q );
+	BN_bn2bin( rsa_dmp1, dmp1 );
+	BN_bn2bin( rsa_dmq1, dmq1 );
+	BN_bn2bin( rsa_iqmp, iqmp );
 
 	// Create the RSA private key object
 	rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
diff --git a/src/data_mgmt/openssl_compat.h b/src/data_mgmt/openssl_compat.h
new file mode 100644
index 0000000000..2a60fdf492
--- /dev/null
+++ b/src/data_mgmt/openssl_compat.h
@@ -0,0 +1,58 @@
+/*
+ * Getter functions for OpenSSL < 1.1 compatibility. Based on code from:
+ * https://wiki.openssl.org/index.php/1.1_API_Changes#Adding_forward-compatible_code_to_older_versions
+ * and therefore:
+ * Copyright OpenSSL 2016
+ * Contents licensed under the terms of the OpenSSL license
+ * See http://www.openssl.org/source/license.html for details
+ */
+
+#ifndef __OPENSSL_COMPAT_H
+#define __OPENSSL_COMPAT_H
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <openssl/engine.h>
+
+static inline void
+RSA_get0_key( const RSA *r,
+              const BIGNUM **n,
+              const BIGNUM **e,
+              const BIGNUM **d ) {
+
+	if ( n )
+		*n = r->n;
+	if ( e )
+		*e = r->e;
+	if ( d )
+		*d = r->d;
+}
+
+static inline void
+RSA_get0_factors( const RSA *r,
+                  const BIGNUM **p,
+                  const BIGNUM **q ) {
+
+	if ( p )
+		*p = r->p;
+	if ( q )
+		*q = r->q;
+}
+
+static inline void
+RSA_get0_crt_params( const RSA *r,
+                     const BIGNUM **dmp1,
+                     const BIGNUM **dmq1,
+                     const BIGNUM **iqmp ) {
+
+	if ( dmp1 )
+		*dmp1 = r->dmp1;
+	if ( dmq1 )
+		*dmq1 = r->dmq1;
+	if ( iqmp )
+		*iqmp = r->iqmp;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER */
+
+#endif /* __OPENSSL_COMPAT_H */
-- 
2.9.3
Commit	Line	Data
63715edb AG	1	From 72fe7011fe981f90a04a62a3fb6ad33037390dff Mon Sep 17 00:00:00 2001
	2	From: Michal Schmidt <mschmidt@redhat.com>
	3	Date: Mon, 20 Feb 2017 10:43:10 +0100
	4	Subject: [PATCH 2/3] Fix build with OpenSSL 1.1 due to RSA being an opaque
	5	struct
	6
	7	RSA is an opaque struct in OpenSSL 1.1. New getter functions must be
	8	used to access the key components. The functions were not present in
	9	OpenSSL 1.0, so add a compat header with the implementation of the
	10	needed functions as suggested by the OpenSSL wiki [1] in order to allow
	11	building tpm-tools with any version of OpenSSL.
	12
	13	[1] https://wiki.openssl.org/index.php/1.1_API_Changes
	14	---
	15	src/data_mgmt/Makefile.am \| 3 ++-
	16	src/data_mgmt/data_import.c \| 52 ++++++++++++++++++++++---------------
	17	src/data_mgmt/openssl_compat.h \| 58 ++++++++++++++++++++++++++++++++++++++++++
	18	3 files changed, 92 insertions(+), 21 deletions(-)
	19	create mode 100644 src/data_mgmt/openssl_compat.h
	20
	21	diff --git a/src/data_mgmt/Makefile.am b/src/data_mgmt/Makefile.am
	22	index de505e48ef..9457618ab9 100644
	23	--- a/src/data_mgmt/Makefile.am
	24	+++ b/src/data_mgmt/Makefile.am
	25	@@ -32,7 +32,8 @@ noinst_HEADERS = data_common.h \
	26	data_init.h \
	27	data_object.h \
	28	data_passwd.h \
	29	- data_protect.h
	30	+ data_protect.h \
	31	+ openssl_compat.h
	32
	33	#
	34	# Common build flags
	35	diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c
	36	index d4d2052bc6..532543f7d3 100644
	37	--- a/src/data_mgmt/data_import.c
	38	+++ b/src/data_mgmt/data_import.c
	39	@@ -39,6 +39,7 @@
	40	#include <openssl/evp.h>
	41	#include <openssl/err.h>
	42
	43	+#include "openssl_compat.h"
	44
	45	/*
	46	* Global variables
	47	@@ -691,8 +692,11 @@ createRsaPubKeyObject( RSA *a_pRsa,
	48
	49	int rc = -1;
	50
	51	- int nLen = BN_num_bytes( a_pRsa->n );
	52	- int eLen = BN_num_bytes( a_pRsa->e );
	53	+ const BIGNUM rsa_n, rsa_e;
	54	+ RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, NULL );
	55	+
	56	+ int nLen = BN_num_bytes( rsa_n );
	57	+ int eLen = BN_num_bytes( rsa_e );
	58
	59	CK_RV rv;
	60
	61	@@ -732,8 +736,8 @@ createRsaPubKeyObject( RSA *a_pRsa,
	62	}
	63
	64	// Get binary representations of the RSA key information
65	- BN_bn2bin( a_pRsa->n, n );
66	- BN_bn2bin( a_pRsa->e, e );
67	+ BN_bn2bin( rsa_n, n );
68	+ BN_bn2bin( rsa_e, e );
69
70	// Create the RSA public key object
71	rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
72	@@ -760,14 +764,22 @@ createRsaPrivKeyObject( RSA *a_pRsa,
73
74	int rc = -1;
75
76	- int nLen = BN_num_bytes( a_pRsa->n );
77	- int eLen = BN_num_bytes( a_pRsa->e );
78	- int dLen = BN_num_bytes( a_pRsa->d );
79	- int pLen = BN_num_bytes( a_pRsa->p );
80	- int qLen = BN_num_bytes( a_pRsa->q );
81	- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
82	- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
83	- int iqmpLen = BN_num_bytes( a_pRsa->iqmp );
84	+ const BIGNUM rsa_n, rsa_e, *rsa_d;
85	+ const BIGNUM rsa_p, rsa_q;
86	+ const BIGNUM rsa_dmp1, rsa_dmq1, *rsa_iqmp;
87	+
88	+ RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, &rsa_d );
89	+ RSA_get0_factors( a_pRsa, &rsa_p, &rsa_q );
90	+ RSA_get0_crt_params( a_pRsa, &rsa_dmp1, &rsa_dmq1, &rsa_iqmp );
91	+
92	+ int nLen = BN_num_bytes( rsa_n );
93	+ int eLen = BN_num_bytes( rsa_e );
94	+ int dLen = BN_num_bytes( rsa_d );
95	+ int pLen = BN_num_bytes( rsa_p );
96	+ int qLen = BN_num_bytes( rsa_q );
97	+ int dmp1Len = BN_num_bytes( rsa_dmp1 );
98	+ int dmq1Len = BN_num_bytes( rsa_dmq1 );
99	+ int iqmpLen = BN_num_bytes( rsa_iqmp );
100
101	CK_RV rv;
102
103	@@ -821,14 +833,14 @@ createRsaPrivKeyObject( RSA *a_pRsa,
104	}
105
106	// Get binary representations of the RSA key information
107	- BN_bn2bin( a_pRsa->n, n );
108	- BN_bn2bin( a_pRsa->e, e );
109	- BN_bn2bin( a_pRsa->d, d );
110	- BN_bn2bin( a_pRsa->p, p );
111	- BN_bn2bin( a_pRsa->q, q );
112	- BN_bn2bin( a_pRsa->dmp1, dmp1 );
113	- BN_bn2bin( a_pRsa->dmq1, dmq1 );
114	- BN_bn2bin( a_pRsa->iqmp, iqmp );
115	+ BN_bn2bin( rsa_n, n );
116	+ BN_bn2bin( rsa_e, e );
117	+ BN_bn2bin( rsa_d, d );
118	+ BN_bn2bin( rsa_p, p );
119	+ BN_bn2bin( rsa_q, q );
120	+ BN_bn2bin( rsa_dmp1, dmp1 );
121	+ BN_bn2bin( rsa_dmq1, dmq1 );
122	+ BN_bn2bin( rsa_iqmp, iqmp );
123
124	// Create the RSA private key object
125	rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
126	diff --git a/src/data_mgmt/openssl_compat.h b/src/data_mgmt/openssl_compat.h
127	new file mode 100644
128	index 0000000000..2a60fdf492
129	--- /dev/null
130	+++ b/src/data_mgmt/openssl_compat.h
131	@@ -0,0 +1,58 @@
132	+/*
133	+ * Getter functions for OpenSSL < 1.1 compatibility. Based on code from:
134	+ * https://wiki.openssl.org/index.php/1.1_API_Changes#Adding_forward-compatible_code_to_older_versions
135	+ * and therefore:
136	+ * Copyright OpenSSL 2016
137	+ * Contents licensed under the terms of the OpenSSL license
138	+ * See http://www.openssl.org/source/license.html for details
139	+ */
140	+
141	+#ifndef __OPENSSL_COMPAT_H
142	+#define __OPENSSL_COMPAT_H
143	+
144	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
145	+
146	+#include <openssl/engine.h>
147	+
148	+static inline void
149	+RSA_get0_key( const RSA *r,
150	+ const BIGNUM **n,
151	+ const BIGNUM **e,
152	+ const BIGNUM **d ) {
153	+
154	+ if ( n )
155	+ *n = r->n;
156	+ if ( e )
157	+ *e = r->e;
158	+ if ( d )
159	+ *d = r->d;
160	+}
161	+
162	+static inline void
163	+RSA_get0_factors( const RSA *r,
164	+ const BIGNUM **p,
165	+ const BIGNUM **q ) {
166	+
167	+ if ( p )
168	+ *p = r->p;
169	+ if ( q )
170	+ *q = r->q;
171	+}
172	+
173	+static inline void
174	+RSA_get0_crt_params( const RSA *r,
175	+ const BIGNUM **dmp1,
176	+ const BIGNUM **dmq1,
177	+ const BIGNUM **iqmp ) {
178	+
179	+ if ( dmp1 )
180	+ *dmp1 = r->dmp1;
181	+ if ( dmq1 )
182	+ *dmq1 = r->dmq1;
183	+ if ( iqmp )
184	+ *iqmp = r->iqmp;
185	+}
186	+
187	+#endif /* OPENSSL_VERSION_NUMBER */
188	+
189	+#endif /* __OPENSSL_COMPAT_H */
190	--
191	2.9.3
192