Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
xmltooling.29631
0022-CPPXT-110-OpenSSL-1.1-makes-EVP_PKEY-opaqu...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0022-CPPXT-110-OpenSSL-1.1-makes-EVP_PKEY-opaque.patch of Package xmltooling.29631
From e4e09e450ace3072b3bf442ca9e6120672c751a7 Mon Sep 17 00:00:00 2001 From: Rod Widdowson <rdw@steadingsoftware.com> Date: Fri, 15 Jul 2016 17:18:25 +0100 Subject: [PATCH 22/31] CPPXT-110 OpenSSL 1.1 makes EVP_PKEY opaque https://issues.shibboleth.net/jira/browse/CPPXT-110 The type field is available as EVP_PKEY_id() since 1.0 The RSA and DSA fields are availble as EVP_PKEY_get0_[RD]SA from 1.1 Add support macros to make that happen. (reapplied - previously backed out in bae0dd53) --- .../security/impl/ExplicitKeyTrustEngine.cpp | 6 ++-- xmltooling/security/impl/OpenSSLSupport.cpp | 33 ++++++++++++++++++++++ xmltooling/security/impl/OpenSSLSupport.h | 15 ++++++++-- xmltooling/security/impl/SecurityHelper.cpp | 8 +++--- 4 files changed, 53 insertions(+), 9 deletions(-) diff --git a/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp b/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp index 785d912..a4a5dd2 100644 --- a/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp +++ b/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp @@ -263,8 +263,8 @@ bool ExplicitKeyTrustEngine::validate( { RSA* rsa = static_cast<OpenSSLCryptoKeyRSA*>(key)->getOpenSSLRSA(); EVP_PKEY* evp = X509_PUBKEY_get(X509_get_X509_PUBKEY(certEE)); - if (rsa && evp && evp->type == EVP_PKEY_RSA && - BN_cmp(rsa->n,evp->pkey.rsa->n) == 0 && BN_cmp(rsa->e,evp->pkey.rsa->e) == 0) { + if (rsa && evp && EVP_PKEY_id(evp) == EVP_PKEY_RSA && + BN_cmp(RSA_get0_n(rsa),RSA_get0_n(EVP_PKEY_get0_RSA(evp))) == 0 && BN_cmp(RSA_get0_e(rsa), RSA_get0_e(EVP_PKEY_get0_RSA(evp))) == 0) { if (evp) EVP_PKEY_free(evp); log.debug("end-entity certificate matches peer RSA key information"); @@ -279,7 +279,7 @@ bool ExplicitKeyTrustEngine::validate( { DSA* dsa = static_cast<OpenSSLCryptoKeyDSA*>(key)->getOpenSSLDSA(); EVP_PKEY* evp = X509_PUBKEY_get(X509_get_X509_PUBKEY(certEE)); - if (dsa && evp && evp->type == EVP_PKEY_DSA && BN_cmp(DSA_get0_pubkey(dsa),DSA_get0_pubkey(evp->pkey.dsa)) == 0) { + if (dsa && evp && EVP_PKEY_id(evp) == EVP_PKEY_DSA && BN_cmp(DSA_get0_pubkey(dsa),DSA_get0_pubkey(EVP_PKEY_get0_DSA(evp))) == 0) { if (evp) EVP_PKEY_free(evp); log.debug("end-entity certificate matches peer DSA key information"); diff --git a/xmltooling/security/impl/OpenSSLSupport.cpp b/xmltooling/security/impl/OpenSSLSupport.cpp index e5d79a7..28dd378 100644 --- a/xmltooling/security/impl/OpenSSLSupport.cpp +++ b/xmltooling/security/impl/OpenSSLSupport.cpp @@ -90,3 +90,36 @@ BIGNUM *DSA_get0_privkey(const DSA *dsa) return result; #endif } + +BIGNUM *RSA_get0_n(const RSA *rsa) +{ +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + return rsa->n; +#else + BIGNUM *result; + RSA_get0_key(rsa, &result, NULL, NULL); + return result; +#endif +} + +BIGNUM *RSA_get0_e(const RSA *rsa) +{ +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + return rsa->e; +#else + BIGNUM *result; + RSA_get0_key(rsa, NULL, &result, NULL); + return result; +#endif +} + +BIGNUM *RSA_get0_d(const RSA *rsa) +{ +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + return rsa->d; +#else + BIGNUM *result; + RSA_get0_key(rsa, NULL, NULL, &result); + return result; +#endif +} diff --git a/xmltooling/security/impl/OpenSSLSupport.h b/xmltooling/security/impl/OpenSSLSupport.h index 74bd710..7519091 100644 --- a/xmltooling/security/impl/OpenSSLSupport.h +++ b/xmltooling/security/impl/OpenSSLSupport.h @@ -29,8 +29,15 @@ // X509_STORE_CTX becomes opaque #if (OPENSSL_VERSION_NUMBER < 0x10100000L) -# define X509_STORE_CTX_get0_cert(ctx) (ctx->cert) -# define X509_STORE_CTX_get0_untrusted(ctx) (ctx->untrusted) +# define X509_STORE_CTX_get0_cert(_ctx_) ((_ctx_)->cert) +# define X509_STORE_CTX_get0_untrusted(_ctx_) ((_ctx_)->untrusted) + +# define EVP_PKEY_get0_DSA(_pkey_) ((_pkey_)->pkey.dsa) +# define EVP_PKEY_get0_RSA(_pkey_) ((_pkey_)->pkey.rsa) +#endif + +#if (OPENSSL_VERSION_NUMBER < 0x10000000L) +# define EVP_PKEY_id(_evp_) ((_evp_)->type) #endif namespace xmltooling { @@ -57,4 +64,8 @@ namespace xmltooling { BIGNUM *DSA_get0_pubkey(const DSA *dsa); BIGNUM *DSA_get0_privkey(const DSA *dsa); + BIGNUM *RSA_get0_n(const RSA *rsa); + BIGNUM *RSA_get0_d(const RSA *rsa); + BIGNUM *RSA_get0_e(const RSA *rsa); + } diff --git a/xmltooling/security/impl/SecurityHelper.cpp b/xmltooling/security/impl/SecurityHelper.cpp index bb2f016..e53ed8d 100644 --- a/xmltooling/security/impl/SecurityHelper.cpp +++ b/xmltooling/security/impl/SecurityHelper.cpp @@ -206,7 +206,7 @@ XSECCryptoKey* SecurityHelper::loadKeyFromFile(const char* pathname, const char* // Now map it to an XSEC wrapper. if (pkey) { XSECCryptoKey* ret=nullptr; - switch (pkey->type) { + switch (EVP_PKEY_id(pkey)) { case EVP_PKEY_RSA: ret=new OpenSSLCryptoKeyRSA(pkey); break; @@ -487,7 +487,7 @@ bool SecurityHelper::matches(const XSECCryptoKey& key1, const XSECCryptoKey& key return false; const RSA* rsa1 = static_cast<const OpenSSLCryptoKeyRSA&>(key1).getOpenSSLRSA(); const RSA* rsa2 = static_cast<const OpenSSLCryptoKeyRSA&>(key2).getOpenSSLRSA(); - return (rsa1 && rsa2 && BN_cmp(rsa1->n,rsa2->n) == 0 && BN_cmp(rsa1->e,rsa2->e) == 0); + return (rsa1 && rsa2 && BN_cmp(RSA_get0_n(rsa1),RSA_get0_n(rsa2)) == 0 && BN_cmp(RSA_get0_e(rsa1),RSA_get0_e(rsa2)) == 0); } // For a private key, compare the private half. @@ -496,7 +496,7 @@ bool SecurityHelper::matches(const XSECCryptoKey& key1, const XSECCryptoKey& key return false; const RSA* rsa1 = static_cast<const OpenSSLCryptoKeyRSA&>(key1).getOpenSSLRSA(); const RSA* rsa2 = static_cast<const OpenSSLCryptoKeyRSA&>(key2).getOpenSSLRSA(); - return (rsa1 && rsa2 && BN_cmp(rsa1->n,rsa2->n) == 0 && BN_cmp(rsa1->d,rsa2->d) == 0); + return (rsa1 && rsa2 && BN_cmp(RSA_get0_n(rsa1),RSA_get0_n(rsa2)) == 0 && BN_cmp(RSA_get0_d(rsa1),RSA_get0_d(rsa2)) == 0); } // If one key is public or both, just compare the public key half. @@ -790,7 +790,7 @@ XSECCryptoKey* SecurityHelper::fromDEREncoding(const char* buf, unsigned long bu // Now map it to an XSEC wrapper. XSECCryptoKey* ret = nullptr; try { - switch (pkey->type) { + switch (EVP_PKEY_id(pkey)) { case EVP_PKEY_RSA: ret = new OpenSSLCryptoKeyRSA(pkey); break; -- 2.13.6
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor