Browse code
OpenSSL: don't use direct access to the internal of DSA
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including DSA. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed-off-by: Emmanuel Deloget <logout@free.fr>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170612134330.20971-5-logout@free.fr>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14791.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Emmanuel Deloget authored on 2017/06/12 22:43:26Showing 3 changed files
| ... | ... |
@@ -275,6 +275,50 @@ RSA_bits(const RSA *rsa) |
| 275 | 275 |
} |
| 276 | 276 |
#endif |
| 277 | 277 |
|
| 278 |
+#if !defined(HAVE_DSA_GET0_PQG) |
|
| 279 |
+/** |
|
| 280 |
+ * Get the DSA parameters |
|
| 281 |
+ * |
|
| 282 |
+ * @param dsa The DSA object |
|
| 283 |
+ * @param p The @c p parameter |
|
| 284 |
+ * @param q The @c q parameter |
|
| 285 |
+ * @param g The @c g parameter |
|
| 286 |
+ */ |
|
| 287 |
+static inline void |
|
| 288 |
+DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, |
|
| 289 |
+ const BIGNUM **q, const BIGNUM **g) |
|
| 290 |
+{
|
|
| 291 |
+ if (p != NULL) |
|
| 292 |
+ {
|
|
| 293 |
+ *p = dsa ? dsa->p : NULL; |
|
| 294 |
+ } |
|
| 295 |
+ if (q != NULL) |
|
| 296 |
+ {
|
|
| 297 |
+ *q = dsa ? dsa->q : NULL; |
|
| 298 |
+ } |
|
| 299 |
+ if (g != NULL) |
|
| 300 |
+ {
|
|
| 301 |
+ *g = dsa ? dsa->g : NULL; |
|
| 302 |
+ } |
|
| 303 |
+} |
|
| 304 |
+#endif |
|
| 305 |
+ |
|
| 306 |
+#if !defined(HAVE_DSA_BITS) |
|
| 307 |
+/** |
|
| 308 |
+ * Number of significant DSA bits |
|
| 309 |
+ * |
|
| 310 |
+ * @param rsa The DSA object ; shall not be NULL |
|
| 311 |
+ * @return The number of DSA bits or 0 on error |
|
| 312 |
+ */ |
|
| 313 |
+static inline int |
|
| 314 |
+DSA_bits(const DSA *dsa) |
|
| 315 |
+{
|
|
| 316 |
+ const BIGNUM *p = NULL; |
|
| 317 |
+ DSA_get0_pqg(dsa, &p, NULL, NULL); |
|
| 318 |
+ return p ? BN_num_bits(p) : 0; |
|
| 319 |
+} |
|
| 320 |
+#endif |
|
| 321 |
+ |
|
| 278 | 322 |
#if !defined(HAVE_RSA_METH_NEW) |
| 279 | 323 |
/** |
| 280 | 324 |
* Allocate a new RSA method object |
| ... | ... |
@@ -1689,11 +1689,11 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix) |
| 1689 | 1689 |
openvpn_snprintf(s2, sizeof(s2), ", %d bit RSA", |
| 1690 | 1690 |
RSA_bits(rsa)); |
| 1691 | 1691 |
} |
| 1692 |
- else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA && EVP_PKEY_get0_DSA(pkey) != NULL |
|
| 1693 |
- && pkey->pkey.dsa->p != NULL) |
|
| 1692 |
+ else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA && EVP_PKEY_get0_DSA(pkey) != NULL) |
|
| 1694 | 1693 |
{
|
| 1694 |
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); |
|
| 1695 | 1695 |
openvpn_snprintf(s2, sizeof(s2), ", %d bit DSA", |
| 1696 |
- BN_num_bits(pkey->pkey.dsa->p)); |
|
| 1696 |
+ DSA_bits(dsa)); |
|
| 1697 | 1697 |
} |
| 1698 | 1698 |
EVP_PKEY_free(pkey); |
| 1699 | 1699 |
} |