OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including EVP_PKEY. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed-off-by: Emmanuel Deloget <logout@free.fr>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170612134330.20971-3-logout@free.fr>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14795.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -925,6 +925,9 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then |
925 | 925 |
X509_STORE_get0_objects \ |
926 | 926 |
X509_OBJECT_free \ |
927 | 927 |
X509_OBJECT_get_type \ |
928 |
+ EVP_PKEY_id \ |
|
929 |
+ EVP_PKEY_get0_RSA \ |
|
930 |
+ EVP_PKEY_get0_DSA \ |
|
928 | 931 |
RSA_meth_new \ |
929 | 932 |
RSA_meth_free \ |
930 | 933 |
RSA_meth_set_pub_enc \ |
... | ... |
@@ -133,6 +133,48 @@ X509_OBJECT_get_type(const X509_OBJECT *obj) |
133 | 133 |
} |
134 | 134 |
#endif |
135 | 135 |
|
136 |
+#if !defined(HAVE_EVP_PKEY_GET0_RSA) |
|
137 |
+/** |
|
138 |
+ * Get the RSA object of a public key |
|
139 |
+ * |
|
140 |
+ * @param pkey Public key object |
|
141 |
+ * @return The underlying RSA object |
|
142 |
+ */ |
|
143 |
+static inline RSA * |
|
144 |
+EVP_PKEY_get0_RSA(EVP_PKEY *pkey) |
|
145 |
+{ |
|
146 |
+ return pkey ? pkey->pkey.rsa : NULL; |
|
147 |
+} |
|
148 |
+#endif |
|
149 |
+ |
|
150 |
+#if !defined(HAVE_EVP_PKEY_ID) |
|
151 |
+/** |
|
152 |
+ * Get the PKEY type |
|
153 |
+ * |
|
154 |
+ * @param pkey Public key object |
|
155 |
+ * @return The key type |
|
156 |
+ */ |
|
157 |
+static inline int |
|
158 |
+EVP_PKEY_id(const EVP_PKEY *pkey) |
|
159 |
+{ |
|
160 |
+ return pkey ? pkey->type : EVP_PKEY_NONE; |
|
161 |
+} |
|
162 |
+#endif |
|
163 |
+ |
|
164 |
+#if !defined(HAVE_EVP_PKEY_GET0_DSA) |
|
165 |
+/** |
|
166 |
+ * Get the DSA object of a public key |
|
167 |
+ * |
|
168 |
+ * @param pkey Public key object |
|
169 |
+ * @return The underlying DSA object |
|
170 |
+ */ |
|
171 |
+static inline DSA * |
|
172 |
+EVP_PKEY_get0_DSA(EVP_PKEY *pkey) |
|
173 |
+{ |
|
174 |
+ return pkey ? pkey->pkey.dsa : NULL; |
|
175 |
+} |
|
176 |
+#endif |
|
177 |
+ |
|
136 | 178 |
#if !defined(HAVE_RSA_METH_NEW) |
137 | 179 |
/** |
138 | 180 |
* Allocate a new RSA method object |
... | ... |
@@ -1072,7 +1072,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
1072 | 1072 |
/* get the public key */ |
1073 | 1073 |
EVP_PKEY *pkey = X509_get0_pubkey(cert); |
1074 | 1074 |
ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */ |
1075 |
- pub_rsa = cert->cert_info->key->pkey->pkey.rsa; |
|
1075 |
+ pub_rsa = EVP_PKEY_get0_RSA(pkey); |
|
1076 | 1076 |
|
1077 | 1077 |
/* initialize RSA object */ |
1078 | 1078 |
rsa->n = BN_dup(pub_rsa->n); |
... | ... |
@@ -1677,13 +1677,13 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix) |
1677 | 1677 |
EVP_PKEY *pkey = X509_get_pubkey(cert); |
1678 | 1678 |
if (pkey != NULL) |
1679 | 1679 |
{ |
1680 |
- if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL |
|
1680 |
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA && EVP_PKEY_get0_RSA(pkey) != NULL |
|
1681 | 1681 |
&& pkey->pkey.rsa->n != NULL) |
1682 | 1682 |
{ |
1683 | 1683 |
openvpn_snprintf(s2, sizeof(s2), ", %d bit RSA", |
1684 | 1684 |
BN_num_bits(pkey->pkey.rsa->n)); |
1685 | 1685 |
} |
1686 |
- else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL |
|
1686 |
+ else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA && EVP_PKEY_get0_DSA(pkey) != NULL |
|
1687 | 1687 |
&& pkey->pkey.dsa->p != NULL) |
1688 | 1688 |
{ |
1689 | 1689 |
openvpn_snprintf(s2, sizeof(s2), ", %d bit DSA", |