OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including RSA_METHOD. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed-off-by: Emmanuel Deloget <logout@free.fr>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <79d89580db6fd92c059dabc4f5f4d83b72bb9d3d.1487859361.git.logout@free.fr>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14175.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -905,6 +905,15 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then |
905 | 905 |
X509_STORE_get0_objects \ |
906 | 906 |
X509_OBJECT_free \ |
907 | 907 |
X509_OBJECT_get_type \ |
908 |
+ RSA_meth_new \ |
|
909 |
+ RSA_meth_free \ |
|
910 |
+ RSA_meth_set_pub_enc \ |
|
911 |
+ RSA_meth_set_pub_dec \ |
|
912 |
+ RSA_meth_set_priv_enc \ |
|
913 |
+ RSA_meth_set_priv_dec \ |
|
914 |
+ RSA_meth_set_init \ |
|
915 |
+ RSA_meth_set_finish \ |
|
916 |
+ RSA_meth_set0_app_data \ |
|
908 | 917 |
] |
909 | 918 |
) |
910 | 919 |
|
... | ... |
@@ -41,6 +41,8 @@ |
41 | 41 |
#include "config-msvc.h" |
42 | 42 |
#endif |
43 | 43 |
|
44 |
+#include "buffer.h" |
|
45 |
+ |
|
44 | 46 |
#include <openssl/ssl.h> |
45 | 47 |
#include <openssl/x509.h> |
46 | 48 |
|
... | ... |
@@ -117,4 +119,192 @@ X509_OBJECT_get_type(const X509_OBJECT *obj) |
117 | 117 |
} |
118 | 118 |
#endif |
119 | 119 |
|
120 |
+#if !defined(HAVE_RSA_METH_NEW) |
|
121 |
+/** |
|
122 |
+ * Allocate a new RSA method object |
|
123 |
+ * |
|
124 |
+ * @param name The object name |
|
125 |
+ * @param flags Configuration flags |
|
126 |
+ * @return A new RSA method object |
|
127 |
+ */ |
|
128 |
+static inline RSA_METHOD * |
|
129 |
+RSA_meth_new(const char *name, int flags) |
|
130 |
+{ |
|
131 |
+ RSA_METHOD *rsa_meth = NULL; |
|
132 |
+ ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD); |
|
133 |
+ rsa_meth->name = string_alloc(name, NULL); |
|
134 |
+ rsa_meth->flags = flags; |
|
135 |
+ return rsa_meth; |
|
136 |
+} |
|
137 |
+#endif |
|
138 |
+ |
|
139 |
+#if !defined(HAVE_RSA_METH_FREE) |
|
140 |
+/** |
|
141 |
+ * Free an existing RSA_METHOD object |
|
142 |
+ * |
|
143 |
+ * @param meth The RSA_METHOD object |
|
144 |
+ */ |
|
145 |
+static inline void |
|
146 |
+RSA_meth_free(RSA_METHOD *meth) |
|
147 |
+{ |
|
148 |
+ if (meth) |
|
149 |
+ { |
|
150 |
+ free(meth->name); |
|
151 |
+ free(meth); |
|
152 |
+ } |
|
153 |
+} |
|
154 |
+#endif |
|
155 |
+ |
|
156 |
+#if !defined(HAVE_RSA_METH_SET_PUB_ENC) |
|
157 |
+/** |
|
158 |
+ * Set the public encoding function of an RSA_METHOD object |
|
159 |
+ * |
|
160 |
+ * @param meth The RSA_METHOD object |
|
161 |
+ * @param pub_enc the public encoding function |
|
162 |
+ * @return 1 on success, 0 on error |
|
163 |
+ */ |
|
164 |
+static inline int |
|
165 |
+RSA_meth_set_pub_enc(RSA_METHOD *meth, |
|
166 |
+ int (*pub_enc) (int flen, const unsigned char *from, |
|
167 |
+ unsigned char *to, RSA *rsa, |
|
168 |
+ int padding)) |
|
169 |
+{ |
|
170 |
+ if (meth) |
|
171 |
+ { |
|
172 |
+ meth->rsa_pub_enc = pub_enc; |
|
173 |
+ return 1; |
|
174 |
+ } |
|
175 |
+ return 0; |
|
176 |
+} |
|
177 |
+#endif |
|
178 |
+ |
|
179 |
+#if !defined(HAVE_RSA_METH_SET_PUB_DEC) |
|
180 |
+/** |
|
181 |
+ * Set the public decoding function of an RSA_METHOD object |
|
182 |
+ * |
|
183 |
+ * @param meth The RSA_METHOD object |
|
184 |
+ * @param pub_dec the public decoding function |
|
185 |
+ * @return 1 on success, 0 on error |
|
186 |
+ */ |
|
187 |
+static inline int |
|
188 |
+RSA_meth_set_pub_dec(RSA_METHOD *meth, |
|
189 |
+ int (*pub_dec) (int flen, const unsigned char *from, |
|
190 |
+ unsigned char *to, RSA *rsa, |
|
191 |
+ int padding)) |
|
192 |
+{ |
|
193 |
+ if (meth) |
|
194 |
+ { |
|
195 |
+ meth->rsa_pub_dec = pub_dec; |
|
196 |
+ return 1; |
|
197 |
+ } |
|
198 |
+ return 0; |
|
199 |
+} |
|
200 |
+#endif |
|
201 |
+ |
|
202 |
+#if !defined(HAVE_RSA_METH_SET_PRIV_ENC) |
|
203 |
+/** |
|
204 |
+ * Set the private encoding function of an RSA_METHOD object |
|
205 |
+ * |
|
206 |
+ * @param meth The RSA_METHOD object |
|
207 |
+ * @param priv_enc the private encoding function |
|
208 |
+ * @return 1 on success, 0 on error |
|
209 |
+ */ |
|
210 |
+static inline int |
|
211 |
+RSA_meth_set_priv_enc(RSA_METHOD *meth, |
|
212 |
+ int (*priv_enc) (int flen, const unsigned char *from, |
|
213 |
+ unsigned char *to, RSA *rsa, |
|
214 |
+ int padding)) |
|
215 |
+{ |
|
216 |
+ if (meth) |
|
217 |
+ { |
|
218 |
+ meth->rsa_priv_enc = priv_enc; |
|
219 |
+ return 1; |
|
220 |
+ } |
|
221 |
+ return 0; |
|
222 |
+} |
|
223 |
+#endif |
|
224 |
+ |
|
225 |
+#if !defined(HAVE_RSA_METH_SET_PRIV_DEC) |
|
226 |
+/** |
|
227 |
+ * Set the private decoding function of an RSA_METHOD object |
|
228 |
+ * |
|
229 |
+ * @param meth The RSA_METHOD object |
|
230 |
+ * @param priv_dec the private decoding function |
|
231 |
+ * @return 1 on success, 0 on error |
|
232 |
+ */ |
|
233 |
+static inline int |
|
234 |
+RSA_meth_set_priv_dec(RSA_METHOD *meth, |
|
235 |
+ int (*priv_dec) (int flen, const unsigned char *from, |
|
236 |
+ unsigned char *to, RSA *rsa, |
|
237 |
+ int padding)) |
|
238 |
+{ |
|
239 |
+ if (meth) |
|
240 |
+ { |
|
241 |
+ meth->rsa_priv_dec = priv_dec; |
|
242 |
+ return 1; |
|
243 |
+ } |
|
244 |
+ return 0; |
|
245 |
+} |
|
246 |
+#endif |
|
247 |
+ |
|
248 |
+#if !defined(HAVE_RSA_METH_SET_INIT) |
|
249 |
+/** |
|
250 |
+ * Set the init function of an RSA_METHOD object |
|
251 |
+ * |
|
252 |
+ * @param meth The RSA_METHOD object |
|
253 |
+ * @param init the init function |
|
254 |
+ * @return 1 on success, 0 on error |
|
255 |
+ */ |
|
256 |
+static inline int |
|
257 |
+RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa)) |
|
258 |
+{ |
|
259 |
+ if (meth) |
|
260 |
+ { |
|
261 |
+ meth->init = init; |
|
262 |
+ return 1; |
|
263 |
+ } |
|
264 |
+ return 0; |
|
265 |
+} |
|
266 |
+#endif |
|
267 |
+ |
|
268 |
+#if !defined(HAVE_RSA_METH_SET_FINISH) |
|
269 |
+/** |
|
270 |
+ * Set the finish function of an RSA_METHOD object |
|
271 |
+ * |
|
272 |
+ * @param meth The RSA_METHOD object |
|
273 |
+ * @param finish the finish function |
|
274 |
+ * @return 1 on success, 0 on error |
|
275 |
+ */ |
|
276 |
+static inline int |
|
277 |
+RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) |
|
278 |
+{ |
|
279 |
+ if (meth) |
|
280 |
+ { |
|
281 |
+ meth->finish = finish; |
|
282 |
+ return 1; |
|
283 |
+ } |
|
284 |
+ return 0; |
|
285 |
+} |
|
286 |
+#endif |
|
287 |
+ |
|
288 |
+#if !defined(HAVE_RSA_METH_SET0_APP_DATA) |
|
289 |
+/** |
|
290 |
+ * Set the application data of an RSA_METHOD object |
|
291 |
+ * |
|
292 |
+ * @param meth The RSA_METHOD object |
|
293 |
+ * @param app_data Application data |
|
294 |
+ * @return 1 on success, 0 on error |
|
295 |
+ */ |
|
296 |
+static inline int |
|
297 |
+RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data) |
|
298 |
+{ |
|
299 |
+ if (meth) |
|
300 |
+ { |
|
301 |
+ meth->app_data = app_data; |
|
302 |
+ return 1; |
|
303 |
+ } |
|
304 |
+ return 0; |
|
305 |
+} |
|
306 |
+#endif |
|
307 |
+ |
|
120 | 308 |
#endif /* OPENSSL_COMPAT_H_ */ |
... | ... |
@@ -978,7 +978,7 @@ rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, i |
978 | 978 |
static int |
979 | 979 |
rsa_finish(RSA *rsa) |
980 | 980 |
{ |
981 |
- free((void *)rsa->meth); |
|
981 |
+ RSA_meth_free(rsa->meth); |
|
982 | 982 |
rsa->meth = NULL; |
983 | 983 |
return 1; |
984 | 984 |
} |
... | ... |
@@ -1053,16 +1053,16 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
1053 | 1053 |
ASSERT(NULL != cert); |
1054 | 1054 |
|
1055 | 1055 |
/* allocate custom RSA method object */ |
1056 |
- ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD); |
|
1057 |
- rsa_meth->name = "OpenVPN external private key RSA Method"; |
|
1058 |
- rsa_meth->rsa_pub_enc = rsa_pub_enc; |
|
1059 |
- rsa_meth->rsa_pub_dec = rsa_pub_dec; |
|
1060 |
- rsa_meth->rsa_priv_enc = rsa_priv_enc; |
|
1061 |
- rsa_meth->rsa_priv_dec = rsa_priv_dec; |
|
1062 |
- rsa_meth->init = NULL; |
|
1063 |
- rsa_meth->finish = rsa_finish; |
|
1064 |
- rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK; |
|
1065 |
- rsa_meth->app_data = NULL; |
|
1056 |
+ rsa_meth = RSA_meth_new("OpenVPN external private key RSA Method", |
|
1057 |
+ RSA_METHOD_FLAG_NO_CHECK); |
|
1058 |
+ check_malloc_return(rsa_meth); |
|
1059 |
+ RSA_meth_set_pub_enc(rsa_meth, rsa_pub_enc); |
|
1060 |
+ RSA_meth_set_pub_dec(rsa_meth, rsa_pub_dec); |
|
1061 |
+ RSA_meth_set_priv_enc(rsa_meth, rsa_priv_enc); |
|
1062 |
+ RSA_meth_set_priv_dec(rsa_meth, rsa_priv_dec); |
|
1063 |
+ RSA_meth_set_init(rsa_meth, NULL); |
|
1064 |
+ RSA_meth_set_finish(rsa_meth, rsa_finish); |
|
1065 |
+ RSA_meth_set0_app_data(rsa_meth, NULL); |
|
1066 | 1066 |
|
1067 | 1067 |
/* allocate RSA object */ |
1068 | 1068 |
rsa = RSA_new(); |