Mercurial > dovecot > core-2.2
changeset 20223:55f039c7ce82
lib-dcrypt: Fix various OpenSSL API usage issues
| author | Aki Tuomi <aki.tuomi@dovecot.fi> |
|---|---|
| date | Mon, 30 May 2016 22:30:31 +0300 |
| parents | f20e271a7ff4 |
| children | b5f3dc5f5fb2 |
| files | src/lib-dcrypt/dcrypt-openssl.c |
| diffstat | 1 files changed, 26 insertions(+), 21 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-dcrypt/dcrypt-openssl.c Mon May 30 22:05:22 2016 +0300 +++ b/src/lib-dcrypt/dcrypt-openssl.c Mon May 30 22:30:31 2016 +0300 @@ -66,6 +66,11 @@ 2<tab>key algo oid<tab>1<tab>symmetric algo name<tab>salt<tab>hash algo<tab>rounds<tab>E(RSA = i2d_PrivateKey, EC=Private Point)<tab>key id **/ +#if SSLEAY_VERSION_NUMBER < 0x1010000fL +#define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec +#define EVP_PKEY_get0_RSA(x) x->pkey.rsa +#endif + struct dcrypt_context_symmetric { pool_t pool; const EVP_CIPHER *cipher; @@ -522,8 +527,8 @@ EVP_PKEY_free(params); EVP_PKEY_CTX_free(pctx); EVP_PKEY_CTX_free(ctx); - EC_KEY_set_asn1_flag((*key)->pkey.ec, OPENSSL_EC_NAMED_CURVE); - EC_KEY_set_conv_form((*key)->pkey.ec, POINT_CONVERSION_COMPRESSED); + EC_KEY_set_asn1_flag(EVP_PKEY_get0_EC_KEY((*key)), OPENSSL_EC_NAMED_CURVE); + EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY((*key)), POINT_CONVERSION_COMPRESSED); return TRUE; } @@ -551,7 +556,7 @@ { EVP_PKEY *local = (EVP_PKEY*)local_key; BN_CTX *bn_ctx = BN_CTX_new(); - const EC_GROUP *grp = EC_KEY_get0_group(local->pkey.ec); + const EC_GROUP *grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(local)); EC_POINT *pub = EC_POINT_new(grp); /* convert ephemeral key data EC point */ if (EC_POINT_oct2point(grp, pub, R->data, R->used, bn_ctx) != 1) @@ -621,7 +626,7 @@ } /* generate another key from same group */ - int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(peer->pkey.ec)); + int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(peer))); if (!dcrypt_openssl_generate_ec_key(nid, &local, error_r)) return FALSE; /* initialize */ @@ -650,8 +655,8 @@ /* get ephemeral key (=R) */ BN_CTX *bn_ctx = BN_CTX_new(); - const EC_POINT *pub = EC_KEY_get0_public_key(local->pkey.ec); - const EC_GROUP *grp = EC_KEY_get0_group(local->pkey.ec); + const EC_POINT *pub = EC_KEY_get0_public_key(EVP_PKEY_get0_EC_KEY(local)); + const EC_GROUP *grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(local)); len = EC_POINT_point2oct(grp, pub, POINT_CONVERSION_COMPRESSED, NULL, 0, bn_ctx); unsigned char R_buf[len]; EC_POINT_point2oct(grp, pub, POINT_CONVERSION_COMPRESSED, R_buf, len, bn_ctx); @@ -1350,7 +1355,7 @@ ASN1_OBJECT *obj; if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) { /* because otherwise we get wrong nid */ - obj = OBJ_nid2obj(EC_GROUP_get_curve_name(EC_KEY_get0_group(pkey->pkey.ec))); + obj = OBJ_nid2obj(EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey)))); } else { obj = OBJ_nid2obj(EVP_PKEY_id(pkey)); @@ -1371,14 +1376,14 @@ /* convert key to private key value */ if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) { unsigned char *ptr; - RSA *rsa = pkey->pkey.rsa; + RSA *rsa = EVP_PKEY_get0_RSA(pkey); int ln = i2d_RSAPrivateKey(rsa, &ptr); if (ln < 1) return dcrypt_openssl_error(error_r); buffer_append(buf, ptr, ln); } else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) { unsigned char *ptr; - EC_KEY *eckey = pkey->pkey.ec; + EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey); const BIGNUM *pk = EC_KEY_get0_private_key(eckey); /* serialize to MPI which is portable */ int len = BN_bn2mpi(pk, NULL); @@ -1480,7 +1485,7 @@ } if (EVP_PKEY_base_id(key) == EVP_PKEY_EC) { - EC_KEY_set_conv_form(key->pkey.ec, POINT_CONVERSION_COMPRESSED); + EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(key), POINT_CONVERSION_COMPRESSED); } *key_r = (struct dcrypt_private_key *)key; @@ -1499,7 +1504,7 @@ BIO *key_in = BIO_new_mem_buf((void*)data, strlen(data)); key = PEM_read_bio_PUBKEY(key_in, &key, NULL, NULL); - BIO_reset(key_in); + (void)BIO_reset(key_in); if (key == NULL) { /* ec keys are bother */ /* read the header */ char buf[27]; /* begin public key */ @@ -1560,7 +1565,7 @@ ec = PEM_write_bio_PrivateKey(key_out, pkey, algo, NULL, 0, NULL, (void*)password); - BIO_flush(key_out); + (void)BIO_flush(key_out); if (ec != 1) { BIO_vfree(key_out); @@ -1590,13 +1595,13 @@ ec = PEM_write_bio_PUBKEY(key_out, pkey); else { BIO *b64 = BIO_new(BIO_f_base64()); - BIO_puts(key_out, "-----BEGIN PUBLIC KEY-----\n"); - BIO_push(b64, key_out); - ec = i2d_EC_PUBKEY_bio(b64, pkey->pkey.ec); - BIO_flush(b64); - BIO_pop(b64); + (void)BIO_puts(key_out, "-----BEGIN PUBLIC KEY-----\n"); + (void)BIO_push(b64, key_out); + ec = i2d_EC_PUBKEY_bio(b64, EVP_PKEY_get0_EC_KEY(pkey)); + (void)BIO_flush(b64); + (void)BIO_pop(b64); BIO_vfree(b64); - BIO_puts(key_out, "-----END PUBLIC KEY-----"); + (void)BIO_puts(key_out, "-----END PUBLIC KEY-----"); } if (ec != 1) { @@ -1626,7 +1631,7 @@ if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) { - EVP_PKEY_set1_RSA(pk, RSAPublicKey_dup(pkey->pkey.rsa)); + EVP_PKEY_set1_RSA(pk, RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey))); } else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) { EC_KEY* eck = EVP_PKEY_get1_EC_KEY(pkey); EC_KEY_set_asn1_flag(eck, OPENSSL_EC_NAMED_CURVE); @@ -1891,7 +1896,7 @@ return FALSE; } - char *pub_pt_hex = ec_key_get_pub_point_hex(pub->pkey.ec); + char *pub_pt_hex = ec_key_get_pub_point_hex(EVP_PKEY_get0_EC_KEY(pub)); /* digest this */ SHA256((const unsigned char*)pub_pt_hex, strlen(pub_pt_hex), buf); buffer_append(result, buf, SHA256_DIGEST_LENGTH); @@ -1919,7 +1924,7 @@ return FALSE; } if (EVP_PKEY_base_id(pub) == EVP_PKEY_EC) { - EC_KEY_set_conv_form(pub->pkey.ec, POINT_CONVERSION_COMPRESSED); + EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(pub), POINT_CONVERSION_COMPRESSED); } BIO *b = BIO_new(BIO_s_mem()); if (i2d_PUBKEY_bio(b, pub) < 1) {