]>
Commit | Line | Data |
---|---|---|
63715edb AG |
1 | From 72fe7011fe981f90a04a62a3fb6ad33037390dff Mon Sep 17 00:00:00 2001 |
2 | From: Michal Schmidt <mschmidt@redhat.com> | |
3 | Date: Mon, 20 Feb 2017 10:43:10 +0100 | |
4 | Subject: [PATCH 2/3] Fix build with OpenSSL 1.1 due to RSA being an opaque | |
5 | struct | |
6 | ||
7 | RSA is an opaque struct in OpenSSL 1.1. New getter functions must be | |
8 | used to access the key components. The functions were not present in | |
9 | OpenSSL 1.0, so add a compat header with the implementation of the | |
10 | needed functions as suggested by the OpenSSL wiki [1] in order to allow | |
11 | building tpm-tools with any version of OpenSSL. | |
12 | ||
13 | [1] https://wiki.openssl.org/index.php/1.1_API_Changes | |
14 | --- | |
15 | src/data_mgmt/Makefile.am | 3 ++- | |
16 | src/data_mgmt/data_import.c | 52 ++++++++++++++++++++++--------------- | |
17 | src/data_mgmt/openssl_compat.h | 58 ++++++++++++++++++++++++++++++++++++++++++ | |
18 | 3 files changed, 92 insertions(+), 21 deletions(-) | |
19 | create mode 100644 src/data_mgmt/openssl_compat.h | |
20 | ||
21 | diff --git a/src/data_mgmt/Makefile.am b/src/data_mgmt/Makefile.am | |
22 | index de505e48ef..9457618ab9 100644 | |
23 | --- a/src/data_mgmt/Makefile.am | |
24 | +++ b/src/data_mgmt/Makefile.am | |
25 | @@ -32,7 +32,8 @@ noinst_HEADERS = data_common.h \ | |
26 | data_init.h \ | |
27 | data_object.h \ | |
28 | data_passwd.h \ | |
29 | - data_protect.h | |
30 | + data_protect.h \ | |
31 | + openssl_compat.h | |
32 | ||
33 | # | |
34 | # Common build flags | |
35 | diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c | |
36 | index d4d2052bc6..532543f7d3 100644 | |
37 | --- a/src/data_mgmt/data_import.c | |
38 | +++ b/src/data_mgmt/data_import.c | |
39 | @@ -39,6 +39,7 @@ | |
40 | #include <openssl/evp.h> | |
41 | #include <openssl/err.h> | |
42 | ||
43 | +#include "openssl_compat.h" | |
44 | ||
45 | /* | |
46 | * Global variables | |
47 | @@ -691,8 +692,11 @@ createRsaPubKeyObject( RSA *a_pRsa, | |
48 | ||
49 | int rc = -1; | |
50 | ||
51 | - int nLen = BN_num_bytes( a_pRsa->n ); | |
52 | - int eLen = BN_num_bytes( a_pRsa->e ); | |
53 | + const BIGNUM *rsa_n, *rsa_e; | |
54 | + RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, NULL ); | |
55 | + | |
56 | + int nLen = BN_num_bytes( rsa_n ); | |
57 | + int eLen = BN_num_bytes( rsa_e ); | |
58 | ||
59 | CK_RV rv; | |
60 | ||
61 | @@ -732,8 +736,8 @@ createRsaPubKeyObject( RSA *a_pRsa, | |
62 | } | |
63 | ||
64 | // Get binary representations of the RSA key information | |
65 | - BN_bn2bin( a_pRsa->n, n ); | |
66 | - BN_bn2bin( a_pRsa->e, e ); | |
67 | + BN_bn2bin( rsa_n, n ); | |
68 | + BN_bn2bin( rsa_e, e ); | |
69 | ||
70 | // Create the RSA public key object | |
71 | rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); | |
72 | @@ -760,14 +764,22 @@ createRsaPrivKeyObject( RSA *a_pRsa, | |
73 | ||
74 | int rc = -1; | |
75 | ||
76 | - int nLen = BN_num_bytes( a_pRsa->n ); | |
77 | - int eLen = BN_num_bytes( a_pRsa->e ); | |
78 | - int dLen = BN_num_bytes( a_pRsa->d ); | |
79 | - int pLen = BN_num_bytes( a_pRsa->p ); | |
80 | - int qLen = BN_num_bytes( a_pRsa->q ); | |
81 | - int dmp1Len = BN_num_bytes( a_pRsa->dmp1 ); | |
82 | - int dmq1Len = BN_num_bytes( a_pRsa->dmq1 ); | |
83 | - int iqmpLen = BN_num_bytes( a_pRsa->iqmp ); | |
84 | + const BIGNUM *rsa_n, *rsa_e, *rsa_d; | |
85 | + const BIGNUM *rsa_p, *rsa_q; | |
86 | + const BIGNUM *rsa_dmp1, *rsa_dmq1, *rsa_iqmp; | |
87 | + | |
88 | + RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, &rsa_d ); | |
89 | + RSA_get0_factors( a_pRsa, &rsa_p, &rsa_q ); | |
90 | + RSA_get0_crt_params( a_pRsa, &rsa_dmp1, &rsa_dmq1, &rsa_iqmp ); | |
91 | + | |
92 | + int nLen = BN_num_bytes( rsa_n ); | |
93 | + int eLen = BN_num_bytes( rsa_e ); | |
94 | + int dLen = BN_num_bytes( rsa_d ); | |
95 | + int pLen = BN_num_bytes( rsa_p ); | |
96 | + int qLen = BN_num_bytes( rsa_q ); | |
97 | + int dmp1Len = BN_num_bytes( rsa_dmp1 ); | |
98 | + int dmq1Len = BN_num_bytes( rsa_dmq1 ); | |
99 | + int iqmpLen = BN_num_bytes( rsa_iqmp ); | |
100 | ||
101 | CK_RV rv; | |
102 | ||
103 | @@ -821,14 +833,14 @@ createRsaPrivKeyObject( RSA *a_pRsa, | |
104 | } | |
105 | ||
106 | // Get binary representations of the RSA key information | |
107 | - BN_bn2bin( a_pRsa->n, n ); | |
108 | - BN_bn2bin( a_pRsa->e, e ); | |
109 | - BN_bn2bin( a_pRsa->d, d ); | |
110 | - BN_bn2bin( a_pRsa->p, p ); | |
111 | - BN_bn2bin( a_pRsa->q, q ); | |
112 | - BN_bn2bin( a_pRsa->dmp1, dmp1 ); | |
113 | - BN_bn2bin( a_pRsa->dmq1, dmq1 ); | |
114 | - BN_bn2bin( a_pRsa->iqmp, iqmp ); | |
115 | + BN_bn2bin( rsa_n, n ); | |
116 | + BN_bn2bin( rsa_e, e ); | |
117 | + BN_bn2bin( rsa_d, d ); | |
118 | + BN_bn2bin( rsa_p, p ); | |
119 | + BN_bn2bin( rsa_q, q ); | |
120 | + BN_bn2bin( rsa_dmp1, dmp1 ); | |
121 | + BN_bn2bin( rsa_dmq1, dmq1 ); | |
122 | + BN_bn2bin( rsa_iqmp, iqmp ); | |
123 | ||
124 | // Create the RSA private key object | |
125 | rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); | |
126 | diff --git a/src/data_mgmt/openssl_compat.h b/src/data_mgmt/openssl_compat.h | |
127 | new file mode 100644 | |
128 | index 0000000000..2a60fdf492 | |
129 | --- /dev/null | |
130 | +++ b/src/data_mgmt/openssl_compat.h | |
131 | @@ -0,0 +1,58 @@ | |
132 | +/* | |
133 | + * Getter functions for OpenSSL < 1.1 compatibility. Based on code from: | |
134 | + * https://wiki.openssl.org/index.php/1.1_API_Changes#Adding_forward-compatible_code_to_older_versions | |
135 | + * and therefore: | |
136 | + * Copyright OpenSSL 2016 | |
137 | + * Contents licensed under the terms of the OpenSSL license | |
138 | + * See http://www.openssl.org/source/license.html for details | |
139 | + */ | |
140 | + | |
141 | +#ifndef __OPENSSL_COMPAT_H | |
142 | +#define __OPENSSL_COMPAT_H | |
143 | + | |
144 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | |
145 | + | |
146 | +#include <openssl/engine.h> | |
147 | + | |
148 | +static inline void | |
149 | +RSA_get0_key( const RSA *r, | |
150 | + const BIGNUM **n, | |
151 | + const BIGNUM **e, | |
152 | + const BIGNUM **d ) { | |
153 | + | |
154 | + if ( n ) | |
155 | + *n = r->n; | |
156 | + if ( e ) | |
157 | + *e = r->e; | |
158 | + if ( d ) | |
159 | + *d = r->d; | |
160 | +} | |
161 | + | |
162 | +static inline void | |
163 | +RSA_get0_factors( const RSA *r, | |
164 | + const BIGNUM **p, | |
165 | + const BIGNUM **q ) { | |
166 | + | |
167 | + if ( p ) | |
168 | + *p = r->p; | |
169 | + if ( q ) | |
170 | + *q = r->q; | |
171 | +} | |
172 | + | |
173 | +static inline void | |
174 | +RSA_get0_crt_params( const RSA *r, | |
175 | + const BIGNUM **dmp1, | |
176 | + const BIGNUM **dmq1, | |
177 | + const BIGNUM **iqmp ) { | |
178 | + | |
179 | + if ( dmp1 ) | |
180 | + *dmp1 = r->dmp1; | |
181 | + if ( dmq1 ) | |
182 | + *dmq1 = r->dmq1; | |
183 | + if ( iqmp ) | |
184 | + *iqmp = r->iqmp; | |
185 | +} | |
186 | + | |
187 | +#endif /* OPENSSL_VERSION_NUMBER */ | |
188 | + | |
189 | +#endif /* __OPENSSL_COMPAT_H */ | |
190 | -- | |
191 | 2.9.3 | |
192 |