From cfe16c22d7891a1f65ea8cd4c5352504a2afbddc Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 21 Apr 2016 10:24:23 +0200 Subject: [PATCH] openssl: builds with OpenSSL 1.1.0-pre5 The RSA, DSA and DH structs are now opaque and require use of new APIs Fixes #763 --- lib/vtls/openssl.c | 73 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 72 insertions(+), 1 deletion(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 54fbfad2a..e9acf9a03 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -114,6 +114,7 @@ #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */ #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */ +#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ #endif #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \ @@ -2231,12 +2232,18 @@ static void pubkey_show(struct SessionHandle *data, push_certinfo(namebuf, num); } +#ifdef HAVE_OPAQUE_RSA_DSA_DH +#define print_pubkey_BN(_type, _name, _num) \ + pubkey_show(data, mem, _num, #_type, #_name, _name) + +#else #define print_pubkey_BN(_type, _name, _num) \ do { \ if(_type->_name) { \ pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \ } \ } WHILE_FALSE +#endif static int X509V3_ext(struct SessionHandle *data, int certnum, @@ -2396,9 +2403,35 @@ static CURLcode get_cert_chain(struct connectdata *conn, #else rsa = pubkey->pkey.rsa; #endif + +#ifdef HAVE_OPAQUE_RSA_DSA_DH + { + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + + RSA_get0_key(rsa, &n, &e, &d); + RSA_get0_factors(rsa, &p, &q); + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); + BN_print(mem, n); + push_certinfo("RSA Public Key", i); + print_pubkey_BN(rsa, n, i); + print_pubkey_BN(rsa, e, i); + print_pubkey_BN(rsa, d, i); + print_pubkey_BN(rsa, p, i); + print_pubkey_BN(rsa, q, i); + print_pubkey_BN(rsa, dmp1, i); + print_pubkey_BN(rsa, dmq1, i); + print_pubkey_BN(rsa, iqmp, i); + } +#else BIO_printf(mem, "%d", BN_num_bits(rsa->n)); push_certinfo("RSA Public Key", i); - print_pubkey_BN(rsa, n, i); print_pubkey_BN(rsa, e, i); print_pubkey_BN(rsa, d, i); @@ -2407,6 +2440,8 @@ static CURLcode get_cert_chain(struct connectdata *conn, print_pubkey_BN(rsa, dmp1, i); print_pubkey_BN(rsa, dmq1, i); print_pubkey_BN(rsa, iqmp, i); +#endif + break; } case EVP_PKEY_DSA: @@ -2417,11 +2452,30 @@ static CURLcode get_cert_chain(struct connectdata *conn, #else dsa = pubkey->pkey.dsa; #endif +#ifdef HAVE_OPAQUE_RSA_DSA_DH + { + BIGNUM *p; + BIGNUM *q; + BIGNUM *g; + BIGNUM *priv_key; + BIGNUM *pub_key; + + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, &priv_key); + + print_pubkey_BN(dsa, p, i); + print_pubkey_BN(dsa, q, i); + print_pubkey_BN(dsa, g, i); + print_pubkey_BN(dsa, priv_key, i); + print_pubkey_BN(dsa, pub_key, i); + } +#else print_pubkey_BN(dsa, p, i); print_pubkey_BN(dsa, q, i); print_pubkey_BN(dsa, g, i); print_pubkey_BN(dsa, priv_key, i); print_pubkey_BN(dsa, pub_key, i); +#endif break; } case EVP_PKEY_DH: @@ -2432,10 +2486,27 @@ static CURLcode get_cert_chain(struct connectdata *conn, #else dh = pubkey->pkey.dh; #endif +#ifdef HAVE_OPAQUE_RSA_DSA_DH + { + BIGNUM *p; + BIGNUM *q; + BIGNUM *g; + BIGNUM *priv_key; + BIGNUM *pub_key; + DH_get0_pqg(dh, &p, &q, &g); + DH_get0_key(dh, &pub_key, &priv_key); + print_pubkey_BN(dh, p, i); + print_pubkey_BN(dh, q, i); + print_pubkey_BN(dh, g, i); + print_pubkey_BN(dh, priv_key, i); + print_pubkey_BN(dh, pub_key, i); + } +#else print_pubkey_BN(dh, p, i); print_pubkey_BN(dh, g, i); print_pubkey_BN(dh, priv_key, i); print_pubkey_BN(dh, pub_key, i); +#endif break; } #if 0