openssl: Update ECDSA API to OpenSSL 1.1.0
authorTobias Brunner <tobias@strongswan.org>
Mon, 27 Jun 2016 10:36:32 +0000 (12:36 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 29 Jun 2016 09:09:37 +0000 (11:09 +0200)
src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
src/libstrongswan/plugins/openssl/openssl_ec_public_key.c

index bc7884c..24fe623 100644 (file)
 #include <openssl/ecdsa.h>
 #include <openssl/x509.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s)
+#endif
+
 typedef struct private_openssl_ec_private_key_t private_openssl_ec_private_key_t;
 
 /**
@@ -59,15 +63,17 @@ bool openssl_ec_fingerprint(EC_KEY *ec, cred_encoding_type_t type, chunk_t *fp);
 static bool build_signature(private_openssl_ec_private_key_t *this,
                                                        chunk_t hash, chunk_t *signature)
 {
-       bool built = FALSE;
+       const BIGNUM *r, *s;
        ECDSA_SIG *sig;
+       bool built = FALSE;
 
        sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec);
        if (sig)
        {
+               ECDSA_SIG_get0(sig, &r, &s);
                /* concatenate BNs r/s to a signature chunk */
                built = openssl_bn_cat(EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)),
-                                                          sig->r, sig->s, signature);
+                                                          r, s, signature);
                ECDSA_SIG_free(sig);
        }
        return built;
index 21dcb01..a1e56fc 100644 (file)
 #include <openssl/ecdsa.h>
 #include <openssl/x509.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s)
+#endif
+
 typedef struct private_openssl_ec_public_key_t private_openssl_ec_public_key_t;
 
 /**
@@ -55,14 +59,23 @@ struct private_openssl_ec_public_key_t {
 static bool verify_signature(private_openssl_ec_public_key_t *this,
                                                         chunk_t hash, chunk_t signature)
 {
-       bool valid = FALSE;
+       BIGNUM *r, *s;
        ECDSA_SIG *sig;
+       bool valid = FALSE;
 
        sig = ECDSA_SIG_new();
        if (sig)
        {
-               /* split the signature chunk in r and s */
-               if (openssl_bn_split(signature, sig->r, sig->s))
+               r = BN_new();
+               s = BN_new();
+               if (!openssl_bn_split(signature, r, s))
+               {
+                       BN_free(r);
+                       BN_free(s);
+                       ECDSA_SIG_free(sig);
+                       return FALSE;
+               }
+               if (ECDSA_SIG_set0(sig, r, s))
                {
                        valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1);
                }