Browse code
OpenSSL: don't use direct access to the internal of RSA_METHOD
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including RSA_METHOD. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed-off-by: Emmanuel Deloget <logout@free.fr>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <79d89580db6fd92c059dabc4f5f4d83b72bb9d3d.1487859361.git.logout@free.fr>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14175.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Emmanuel Deloget authored on 2017/02/23 23:35:56Showing 3 changed files
| ... | ... |
@@ -905,6 +905,15 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
|
| 905 | 905 |
X509_STORE_get0_objects \ |
| 906 | 906 |
X509_OBJECT_free \ |
| 907 | 907 |
X509_OBJECT_get_type \ |
| 908 |
+ RSA_meth_new \ |
|
| 909 |
+ RSA_meth_free \ |
|
| 910 |
+ RSA_meth_set_pub_enc \ |
|
| 911 |
+ RSA_meth_set_pub_dec \ |
|
| 912 |
+ RSA_meth_set_priv_enc \ |
|
| 913 |
+ RSA_meth_set_priv_dec \ |
|
| 914 |
+ RSA_meth_set_init \ |
|
| 915 |
+ RSA_meth_set_finish \ |
|
| 916 |
+ RSA_meth_set0_app_data \ |
|
| 908 | 917 |
] |
| 909 | 918 |
) |
| 910 | 919 |
|
| ... | ... |
@@ -41,6 +41,8 @@ |
| 41 | 41 |
#include "config-msvc.h" |
| 42 | 42 |
#endif |
| 43 | 43 |
|
| 44 |
+#include "buffer.h" |
|
| 45 |
+ |
|
| 44 | 46 |
#include <openssl/ssl.h> |
| 45 | 47 |
#include <openssl/x509.h> |
| 46 | 48 |
|
| ... | ... |
@@ -117,4 +119,192 @@ X509_OBJECT_get_type(const X509_OBJECT *obj) |
| 117 | 117 |
} |
| 118 | 118 |
#endif |
| 119 | 119 |
|
| 120 |
+#if !defined(HAVE_RSA_METH_NEW) |
|
| 121 |
+/** |
|
| 122 |
+ * Allocate a new RSA method object |
|
| 123 |
+ * |
|
| 124 |
+ * @param name The object name |
|
| 125 |
+ * @param flags Configuration flags |
|
| 126 |
+ * @return A new RSA method object |
|
| 127 |
+ */ |
|
| 128 |
+static inline RSA_METHOD * |
|
| 129 |
+RSA_meth_new(const char *name, int flags) |
|
| 130 |
+{
|
|
| 131 |
+ RSA_METHOD *rsa_meth = NULL; |
|
| 132 |
+ ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD); |
|
| 133 |
+ rsa_meth->name = string_alloc(name, NULL); |
|
| 134 |
+ rsa_meth->flags = flags; |
|
| 135 |
+ return rsa_meth; |
|
| 136 |
+} |
|
| 137 |
+#endif |
|
| 138 |
+ |
|
| 139 |
+#if !defined(HAVE_RSA_METH_FREE) |
|
| 140 |
+/** |
|
| 141 |
+ * Free an existing RSA_METHOD object |
|
| 142 |
+ * |
|
| 143 |
+ * @param meth The RSA_METHOD object |
|
| 144 |
+ */ |
|
| 145 |
+static inline void |
|
| 146 |
+RSA_meth_free(RSA_METHOD *meth) |
|
| 147 |
+{
|
|
| 148 |
+ if (meth) |
|
| 149 |
+ {
|
|
| 150 |
+ free(meth->name); |
|
| 151 |
+ free(meth); |
|
| 152 |
+ } |
|
| 153 |
+} |
|
| 154 |
+#endif |
|
| 155 |
+ |
|
| 156 |
+#if !defined(HAVE_RSA_METH_SET_PUB_ENC) |
|
| 157 |
+/** |
|
| 158 |
+ * Set the public encoding function of an RSA_METHOD object |
|
| 159 |
+ * |
|
| 160 |
+ * @param meth The RSA_METHOD object |
|
| 161 |
+ * @param pub_enc the public encoding function |
|
| 162 |
+ * @return 1 on success, 0 on error |
|
| 163 |
+ */ |
|
| 164 |
+static inline int |
|
| 165 |
+RSA_meth_set_pub_enc(RSA_METHOD *meth, |
|
| 166 |
+ int (*pub_enc) (int flen, const unsigned char *from, |
|
| 167 |
+ unsigned char *to, RSA *rsa, |
|
| 168 |
+ int padding)) |
|
| 169 |
+{
|
|
| 170 |
+ if (meth) |
|
| 171 |
+ {
|
|
| 172 |
+ meth->rsa_pub_enc = pub_enc; |
|
| 173 |
+ return 1; |
|
| 174 |
+ } |
|
| 175 |
+ return 0; |
|
| 176 |
+} |
|
| 177 |
+#endif |
|
| 178 |
+ |
|
| 179 |
+#if !defined(HAVE_RSA_METH_SET_PUB_DEC) |
|
| 180 |
+/** |
|
| 181 |
+ * Set the public decoding function of an RSA_METHOD object |
|
| 182 |
+ * |
|
| 183 |
+ * @param meth The RSA_METHOD object |
|
| 184 |
+ * @param pub_dec the public decoding function |
|
| 185 |
+ * @return 1 on success, 0 on error |
|
| 186 |
+ */ |
|
| 187 |
+static inline int |
|
| 188 |
+RSA_meth_set_pub_dec(RSA_METHOD *meth, |
|
| 189 |
+ int (*pub_dec) (int flen, const unsigned char *from, |
|
| 190 |
+ unsigned char *to, RSA *rsa, |
|
| 191 |
+ int padding)) |
|
| 192 |
+{
|
|
| 193 |
+ if (meth) |
|
| 194 |
+ {
|
|
| 195 |
+ meth->rsa_pub_dec = pub_dec; |
|
| 196 |
+ return 1; |
|
| 197 |
+ } |
|
| 198 |
+ return 0; |
|
| 199 |
+} |
|
| 200 |
+#endif |
|
| 201 |
+ |
|
| 202 |
+#if !defined(HAVE_RSA_METH_SET_PRIV_ENC) |
|
| 203 |
+/** |
|
| 204 |
+ * Set the private encoding function of an RSA_METHOD object |
|
| 205 |
+ * |
|
| 206 |
+ * @param meth The RSA_METHOD object |
|
| 207 |
+ * @param priv_enc the private encoding function |
|
| 208 |
+ * @return 1 on success, 0 on error |
|
| 209 |
+ */ |
|
| 210 |
+static inline int |
|
| 211 |
+RSA_meth_set_priv_enc(RSA_METHOD *meth, |
|
| 212 |
+ int (*priv_enc) (int flen, const unsigned char *from, |
|
| 213 |
+ unsigned char *to, RSA *rsa, |
|
| 214 |
+ int padding)) |
|
| 215 |
+{
|
|
| 216 |
+ if (meth) |
|
| 217 |
+ {
|
|
| 218 |
+ meth->rsa_priv_enc = priv_enc; |
|
| 219 |
+ return 1; |
|
| 220 |
+ } |
|
| 221 |
+ return 0; |
|
| 222 |
+} |
|
| 223 |
+#endif |
|
| 224 |
+ |
|
| 225 |
+#if !defined(HAVE_RSA_METH_SET_PRIV_DEC) |
|
| 226 |
+/** |
|
| 227 |
+ * Set the private decoding function of an RSA_METHOD object |
|
| 228 |
+ * |
|
| 229 |
+ * @param meth The RSA_METHOD object |
|
| 230 |
+ * @param priv_dec the private decoding function |
|
| 231 |
+ * @return 1 on success, 0 on error |
|
| 232 |
+ */ |
|
| 233 |
+static inline int |
|
| 234 |
+RSA_meth_set_priv_dec(RSA_METHOD *meth, |
|
| 235 |
+ int (*priv_dec) (int flen, const unsigned char *from, |
|
| 236 |
+ unsigned char *to, RSA *rsa, |
|
| 237 |
+ int padding)) |
|
| 238 |
+{
|
|
| 239 |
+ if (meth) |
|
| 240 |
+ {
|
|
| 241 |
+ meth->rsa_priv_dec = priv_dec; |
|
| 242 |
+ return 1; |
|
| 243 |
+ } |
|
| 244 |
+ return 0; |
|
| 245 |
+} |
|
| 246 |
+#endif |
|
| 247 |
+ |
|
| 248 |
+#if !defined(HAVE_RSA_METH_SET_INIT) |
|
| 249 |
+/** |
|
| 250 |
+ * Set the init function of an RSA_METHOD object |
|
| 251 |
+ * |
|
| 252 |
+ * @param meth The RSA_METHOD object |
|
| 253 |
+ * @param init the init function |
|
| 254 |
+ * @return 1 on success, 0 on error |
|
| 255 |
+ */ |
|
| 256 |
+static inline int |
|
| 257 |
+RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa)) |
|
| 258 |
+{
|
|
| 259 |
+ if (meth) |
|
| 260 |
+ {
|
|
| 261 |
+ meth->init = init; |
|
| 262 |
+ return 1; |
|
| 263 |
+ } |
|
| 264 |
+ return 0; |
|
| 265 |
+} |
|
| 266 |
+#endif |
|
| 267 |
+ |
|
| 268 |
+#if !defined(HAVE_RSA_METH_SET_FINISH) |
|
| 269 |
+/** |
|
| 270 |
+ * Set the finish function of an RSA_METHOD object |
|
| 271 |
+ * |
|
| 272 |
+ * @param meth The RSA_METHOD object |
|
| 273 |
+ * @param finish the finish function |
|
| 274 |
+ * @return 1 on success, 0 on error |
|
| 275 |
+ */ |
|
| 276 |
+static inline int |
|
| 277 |
+RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) |
|
| 278 |
+{
|
|
| 279 |
+ if (meth) |
|
| 280 |
+ {
|
|
| 281 |
+ meth->finish = finish; |
|
| 282 |
+ return 1; |
|
| 283 |
+ } |
|
| 284 |
+ return 0; |
|
| 285 |
+} |
|
| 286 |
+#endif |
|
| 287 |
+ |
|
| 288 |
+#if !defined(HAVE_RSA_METH_SET0_APP_DATA) |
|
| 289 |
+/** |
|
| 290 |
+ * Set the application data of an RSA_METHOD object |
|
| 291 |
+ * |
|
| 292 |
+ * @param meth The RSA_METHOD object |
|
| 293 |
+ * @param app_data Application data |
|
| 294 |
+ * @return 1 on success, 0 on error |
|
| 295 |
+ */ |
|
| 296 |
+static inline int |
|
| 297 |
+RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data) |
|
| 298 |
+{
|
|
| 299 |
+ if (meth) |
|
| 300 |
+ {
|
|
| 301 |
+ meth->app_data = app_data; |
|
| 302 |
+ return 1; |
|
| 303 |
+ } |
|
| 304 |
+ return 0; |
|
| 305 |
+} |
|
| 306 |
+#endif |
|
| 307 |
+ |
|
| 120 | 308 |
#endif /* OPENSSL_COMPAT_H_ */ |
| ... | ... |
@@ -978,7 +978,7 @@ rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, i |
| 978 | 978 |
static int |
| 979 | 979 |
rsa_finish(RSA *rsa) |
| 980 | 980 |
{
|
| 981 |
- free((void *)rsa->meth); |
|
| 981 |
+ RSA_meth_free(rsa->meth); |
|
| 982 | 982 |
rsa->meth = NULL; |
| 983 | 983 |
return 1; |
| 984 | 984 |
} |
| ... | ... |
@@ -1053,16 +1053,16 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
| 1053 | 1053 |
ASSERT(NULL != cert); |
| 1054 | 1054 |
|
| 1055 | 1055 |
/* allocate custom RSA method object */ |
| 1056 |
- ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD); |
|
| 1057 |
- rsa_meth->name = "OpenVPN external private key RSA Method"; |
|
| 1058 |
- rsa_meth->rsa_pub_enc = rsa_pub_enc; |
|
| 1059 |
- rsa_meth->rsa_pub_dec = rsa_pub_dec; |
|
| 1060 |
- rsa_meth->rsa_priv_enc = rsa_priv_enc; |
|
| 1061 |
- rsa_meth->rsa_priv_dec = rsa_priv_dec; |
|
| 1062 |
- rsa_meth->init = NULL; |
|
| 1063 |
- rsa_meth->finish = rsa_finish; |
|
| 1064 |
- rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK; |
|
| 1065 |
- rsa_meth->app_data = NULL; |
|
| 1056 |
+ rsa_meth = RSA_meth_new("OpenVPN external private key RSA Method",
|
|
| 1057 |
+ RSA_METHOD_FLAG_NO_CHECK); |
|
| 1058 |
+ check_malloc_return(rsa_meth); |
|
| 1059 |
+ RSA_meth_set_pub_enc(rsa_meth, rsa_pub_enc); |
|
| 1060 |
+ RSA_meth_set_pub_dec(rsa_meth, rsa_pub_dec); |
|
| 1061 |
+ RSA_meth_set_priv_enc(rsa_meth, rsa_priv_enc); |
|
| 1062 |
+ RSA_meth_set_priv_dec(rsa_meth, rsa_priv_dec); |
|
| 1063 |
+ RSA_meth_set_init(rsa_meth, NULL); |
|
| 1064 |
+ RSA_meth_set_finish(rsa_meth, rsa_finish); |
|
| 1065 |
+ RSA_meth_set0_app_data(rsa_meth, NULL); |
|
| 1066 | 1066 |
|
| 1067 | 1067 |
/* allocate RSA object */ |
| 1068 | 1068 |
rsa = RSA_new(); |