Browse code
OpenSSL: don't use direct access to the internal of EVP_PKEY
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including EVP_PKEY. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed-off-by: Emmanuel Deloget <logout@free.fr>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170612134330.20971-3-logout@free.fr>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14795.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Emmanuel Deloget authored on 2017/06/12 22:43:24Showing 3 changed files
| ... | ... |
@@ -925,6 +925,9 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
|
| 925 | 925 |
X509_STORE_get0_objects \ |
| 926 | 926 |
X509_OBJECT_free \ |
| 927 | 927 |
X509_OBJECT_get_type \ |
| 928 |
+ EVP_PKEY_id \ |
|
| 929 |
+ EVP_PKEY_get0_RSA \ |
|
| 930 |
+ EVP_PKEY_get0_DSA \ |
|
| 928 | 931 |
RSA_meth_new \ |
| 929 | 932 |
RSA_meth_free \ |
| 930 | 933 |
RSA_meth_set_pub_enc \ |
| ... | ... |
@@ -133,6 +133,48 @@ X509_OBJECT_get_type(const X509_OBJECT *obj) |
| 133 | 133 |
} |
| 134 | 134 |
#endif |
| 135 | 135 |
|
| 136 |
+#if !defined(HAVE_EVP_PKEY_GET0_RSA) |
|
| 137 |
+/** |
|
| 138 |
+ * Get the RSA object of a public key |
|
| 139 |
+ * |
|
| 140 |
+ * @param pkey Public key object |
|
| 141 |
+ * @return The underlying RSA object |
|
| 142 |
+ */ |
|
| 143 |
+static inline RSA * |
|
| 144 |
+EVP_PKEY_get0_RSA(EVP_PKEY *pkey) |
|
| 145 |
+{
|
|
| 146 |
+ return pkey ? pkey->pkey.rsa : NULL; |
|
| 147 |
+} |
|
| 148 |
+#endif |
|
| 149 |
+ |
|
| 150 |
+#if !defined(HAVE_EVP_PKEY_ID) |
|
| 151 |
+/** |
|
| 152 |
+ * Get the PKEY type |
|
| 153 |
+ * |
|
| 154 |
+ * @param pkey Public key object |
|
| 155 |
+ * @return The key type |
|
| 156 |
+ */ |
|
| 157 |
+static inline int |
|
| 158 |
+EVP_PKEY_id(const EVP_PKEY *pkey) |
|
| 159 |
+{
|
|
| 160 |
+ return pkey ? pkey->type : EVP_PKEY_NONE; |
|
| 161 |
+} |
|
| 162 |
+#endif |
|
| 163 |
+ |
|
| 164 |
+#if !defined(HAVE_EVP_PKEY_GET0_DSA) |
|
| 165 |
+/** |
|
| 166 |
+ * Get the DSA object of a public key |
|
| 167 |
+ * |
|
| 168 |
+ * @param pkey Public key object |
|
| 169 |
+ * @return The underlying DSA object |
|
| 170 |
+ */ |
|
| 171 |
+static inline DSA * |
|
| 172 |
+EVP_PKEY_get0_DSA(EVP_PKEY *pkey) |
|
| 173 |
+{
|
|
| 174 |
+ return pkey ? pkey->pkey.dsa : NULL; |
|
| 175 |
+} |
|
| 176 |
+#endif |
|
| 177 |
+ |
|
| 136 | 178 |
#if !defined(HAVE_RSA_METH_NEW) |
| 137 | 179 |
/** |
| 138 | 180 |
* Allocate a new RSA method object |
| ... | ... |
@@ -1072,7 +1072,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
| 1072 | 1072 |
/* get the public key */ |
| 1073 | 1073 |
EVP_PKEY *pkey = X509_get0_pubkey(cert); |
| 1074 | 1074 |
ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */ |
| 1075 |
- pub_rsa = cert->cert_info->key->pkey->pkey.rsa; |
|
| 1075 |
+ pub_rsa = EVP_PKEY_get0_RSA(pkey); |
|
| 1076 | 1076 |
|
| 1077 | 1077 |
/* initialize RSA object */ |
| 1078 | 1078 |
rsa->n = BN_dup(pub_rsa->n); |
| ... | ... |
@@ -1677,13 +1677,13 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix) |
| 1677 | 1677 |
EVP_PKEY *pkey = X509_get_pubkey(cert); |
| 1678 | 1678 |
if (pkey != NULL) |
| 1679 | 1679 |
{
|
| 1680 |
- if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL |
|
| 1680 |
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA && EVP_PKEY_get0_RSA(pkey) != NULL |
|
| 1681 | 1681 |
&& pkey->pkey.rsa->n != NULL) |
| 1682 | 1682 |
{
|
| 1683 | 1683 |
openvpn_snprintf(s2, sizeof(s2), ", %d bit RSA", |
| 1684 | 1684 |
BN_num_bits(pkey->pkey.rsa->n)); |
| 1685 | 1685 |
} |
| 1686 |
- else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL |
|
| 1686 |
+ else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA && EVP_PKEY_get0_DSA(pkey) != NULL |
|
| 1687 | 1687 |
&& pkey->pkey.dsa->p != NULL) |
| 1688 | 1688 |
{
|
| 1689 | 1689 |
openvpn_snprintf(s2, sizeof(s2), ", %d bit DSA", |