openssl: Update RSA API to OpenSSL 1.1.0
authorTobias Brunner <tobias@strongswan.org>
Mon, 27 Jun 2016 10:08:29 +0000 (12:08 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 29 Jun 2016 09:09:37 +0000 (11:09 +0200)
src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c

index de02f30..485e0bb 100644 (file)
@@ -20,6 +20,7 @@
 
 #include "openssl_rsa_private_key.h"
 #include "openssl_rsa_public_key.h"
+#include "openssl_util.h"
 
 #include <utils/debug.h>
 
  */
 #define PUBLIC_EXPONENT 0x10001
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
+OPENSSL_KEY_FALLBACK(RSA, factors, p, q)
+OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp)
+#endif
+
 typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t;
 
 /**
@@ -436,22 +443,38 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
        }
        else if (n.ptr && e.ptr && d.ptr && p.ptr && q.ptr && coeff.ptr)
        {
+               BIGNUM *bn_n, *bn_e, *bn_d, *bn_p, *bn_q;
+               BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
+
                this->rsa = RSA_new();
-               this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
-               this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
-               this->rsa->d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL);
-               this->rsa->p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL);
-               this->rsa->q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL);
+
+               bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
+               bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
+               bn_d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL);
+               if (!RSA_set0_key(this->rsa, bn_n, bn_e, bn_d))
+               {
+                       destroy(this);
+                       return NULL;
+
+               }
+               bn_p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL);
+               bn_q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL);
+               if (!RSA_set0_factors(this->rsa, bn_p, bn_q))
+               {
+                       destroy(this);
+                       return NULL;
+               }
                if (exp1.ptr)
                {
-                       this->rsa->dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL);
+                       dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL);
                }
                if (exp2.ptr)
                {
-                       this->rsa->dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL);
+                       dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL);
                }
-               this->rsa->iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL);
-               if (RSA_check_key(this->rsa) == 1)
+               iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL);
+               if (RSA_set0_crt_params(this->rsa, dmp1, dmq1, iqmp) &&
+                       RSA_check_key(this->rsa) == 1)
                {
                        return &this->public;
                }
index db92856..d66d501 100644 (file)
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
+#endif
+
 typedef struct private_openssl_rsa_public_key_t private_openssl_rsa_public_key_t;
 
 /**
@@ -224,11 +228,13 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp)
                        break;
                default:
                {
+                       const BIGNUM *bn_n, *bn_e;
                        chunk_t n = chunk_empty, e = chunk_empty;
                        bool success = FALSE;
 
-                       if (openssl_bn2chunk(rsa->n, &n) &&
-                               openssl_bn2chunk(rsa->e, &e))
+                       RSA_get0_key(rsa, &bn_n, &bn_e, NULL);
+                       if (openssl_bn2chunk(bn_n, &n) &&
+                               openssl_bn2chunk(bn_e, &e))
                        {
                                success = lib->encoding->encode(lib->encoding, type, rsa, fp,
                                                                        CRED_PART_RSA_MODULUS, n,
@@ -297,10 +303,12 @@ METHOD(public_key_t, get_encoding, bool,
                }
                default:
                {
+                       const BIGNUM *bn_n, *bn_e;
                        chunk_t n = chunk_empty, e = chunk_empty;
 
-                       if (openssl_bn2chunk(this->rsa->n, &n) &&
-                               openssl_bn2chunk(this->rsa->e, &e))
+                       RSA_get0_key(this->rsa, &bn_n, &bn_e, NULL);
+                       if (openssl_bn2chunk(bn_n, &n) &&
+                               openssl_bn2chunk(bn_e, &e))
                        {
                                success = lib->encoding->encode(lib->encoding, type, NULL,
                                                                        encoding, CRED_PART_RSA_MODULUS, n,
@@ -416,10 +424,15 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type,
        }
        else if (n.ptr && e.ptr && type == KEY_RSA)
        {
+               BIGNUM *bn_n, *bn_e;
+
                this->rsa = RSA_new();
-               this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
-               this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
-               return &this->public;
+               bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
+               bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
+               if (RSA_set0_key(this->rsa, bn_n, bn_e, NULL))
+               {
+                       return &this->public;
+               }
        }
        destroy(this);
        return NULL;