[rs-commit] r109 - in /redwax-tool/trunk: config.h.in configure.ac redwax_openssl.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Fri Dec 3 23:00:49 CET 2021
Author: minfrin at redwax.eu
Date: Fri Dec 3 23:00:47 2021
New Revision: 109
Log:
Use non-deprecated functions on openssl 3.
Modified:
redwax-tool/trunk/config.h.in
redwax-tool/trunk/configure.ac
redwax-tool/trunk/redwax_openssl.c
Modified: redwax-tool/trunk/config.h.in
==============================================================================
--- redwax-tool/trunk/config.h.in (original)
+++ redwax-tool/trunk/config.h.in Fri Dec 3 23:00:47 2021
@@ -11,6 +11,9 @@
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the `EVP_PKEY_CTX_new_from_name' function. */
+#undef HAVE_EVP_PKEY_CTX_NEW_FROM_NAME
/* Define to 1 if you have the `EVP_PKEY_get0_description' function. */
#undef HAVE_EVP_PKEY_GET0_DESCRIPTION
Modified: redwax-tool/trunk/configure.ac
==============================================================================
--- redwax-tool/trunk/configure.ac (original)
+++ redwax-tool/trunk/configure.ac Fri Dec 3 23:00:47 2021
@@ -96,7 +96,7 @@
# Checks for library functions.
AC_FUNC_MALLOC
-AC_CHECK_FUNCS([OPENSSL_init_crypto PKCS12_SAFEBAG_get0_safes PKCS12_SAFEBAG_get_bag_nid PKCS12_SAFEBAG_get_nid PKCS12_SAFEBAG_get0_attr PKCS12_SAFEBAG_get0_p8inf PKCS12_SAFEBAG_get1_cert PKCS12_SAFEBAG_get1_crl OPENSSL_uni2utf8 ASN1_TIME_diff ASN1_TIME_print_ex X509_STORE_get0_param X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_get_num_untrusted X509_get0_notBefore X509_get0_notAfter X509_get0_tbs_sigalg X509_get0_uids X509_get0_extensions X509_get0_signature X509_get_extension_flags X509_up_ref EVP_PKEY_get0_description EVP_PKEY_get_bn_param RSA_get0_n RSA_get0_e RSA_get0_d RSA_get0_p RSA_get0_q RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_iqmp RSA_set0_key RSA_set0_factors RSA_set0_crt_params NSS_Initialize p11_kit_modules_load_and_initialize apr_crypto_clear])
+AC_CHECK_FUNCS([OPENSSL_init_crypto PKCS12_SAFEBAG_get0_safes PKCS12_SAFEBAG_get_bag_nid PKCS12_SAFEBAG_get_nid PKCS12_SAFEBAG_get0_attr PKCS12_SAFEBAG_get0_p8inf PKCS12_SAFEBAG_get1_cert PKCS12_SAFEBAG_get1_crl OPENSSL_uni2utf8 ASN1_TIME_diff ASN1_TIME_print_ex X509_STORE_get0_param X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_get_num_untrusted X509_get0_notBefore X509_get0_notAfter X509_get0_tbs_sigalg X509_get0_uids X509_get0_extensions X509_get0_signature X509_get_extension_flags X509_up_ref EVP_PKEY_get0_description EVP_PKEY_CTX_new_from_name EVP_PKEY_get_bn_param RSA_get0_n RSA_get0_e RSA_get0_d RSA_get0_p RSA_get0_q RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_iqmp RSA_set0_key RSA_set0_factors RSA_set0_crt_params NSS_Initialize p11_kit_modules_load_and_initialize apr_crypto_clear])
AC_OUTPUT
Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c (original)
+++ redwax-tool/trunk/redwax_openssl.c Fri Dec 3 23:00:47 2021
@@ -4457,9 +4457,51 @@
BIO *kbio;
PKCS8_PRIV_KEY_INFO *p8inf;
+ X509_PUBKEY *pub = NULL;
+
+#if HAVE_EVP_PKEY_CTX_NEW_FROM_NAME
+
+ BIGNUM *n = BN_bin2bn(key->rsa->modulus, key->rsa->modulus_len,
+ NULL);
+ BIGNUM *e = BN_bin2bn(key->rsa->public_exponent,
+ key->rsa->public_exponent_len, NULL);
+ BIGNUM *d = BN_bin2bn(key->rsa->private_exponent,
+ key->rsa->private_exponent_len, NULL);
+ BIGNUM *p = BN_bin2bn(key->rsa->prime_1, key->rsa->prime_1_len,
+ NULL);
+ BIGNUM *q = BN_bin2bn(key->rsa->prime_2, key->rsa->prime_2_len,
+ NULL);
+ BIGNUM *dmp1 = BN_bin2bn(key->rsa->exponent_1, key->rsa->exponent_1_len,
+ NULL);
+ BIGNUM *dmq1 = BN_bin2bn(key->rsa->exponent_2, key->rsa->exponent_2_len,
+ NULL);
+ BIGNUM *iqmp = BN_bin2bn(key->rsa->coefficient, key->rsa->coefficient_len,
+ NULL);
+
+ OSSL_PARAM params[] = {
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, n, BN_num_bytes(n)),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, e, BN_num_bytes(e)),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, d, BN_num_bytes(d)),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, p, BN_num_bytes(p)),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, q, BN_num_bytes(q)),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, dmp1, BN_num_bytes(dmp1)),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, dmq1, BN_num_bytes(dmq1)),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, iqmp, BN_num_bytes(iqmp)),
+ OSSL_PARAM_END
+ };
+
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
+
+ if (ctx == NULL
+ || EVP_PKEY_fromdata_init(ctx) <= 0
+ || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) {
+ return APR_EGENERAL;
+ }
+#else
+
+ RSA *rsa = RSA_new();
EVP_PKEY *pkey = EVP_PKEY_new();
- X509_PUBKEY *pub = NULL;
- RSA *rsa = RSA_new();
#if HAVE_RSA_SET0_KEY
RSA_set0_key(rsa,
@@ -4507,6 +4549,8 @@
#endif
EVP_PKEY_set1_RSA(pkey, rsa);
+#endif
+
p8inf = EVP_PKEY2PKCS8(pkey);
/* handle public key */
@@ -4556,7 +4600,21 @@
}
EVP_PKEY_free(pkey);
+
+#if HAVE_EVP_PKEY_CTX_NEW_FROM_NAME
+ EVP_PKEY_CTX_free(ctx);
+
+ BN_clear_free(n);
+ BN_clear_free(e);
+ BN_clear_free(d);
+ BN_clear_free(p);
+ BN_clear_free(q);
+ BN_clear_free(dmp1);
+ BN_clear_free(dmq1);
+ BN_clear_free(iqmp);
+#else
RSA_free(rsa);
+#endif
}
return APR_SUCCESS;
More information about the rs-commit
mailing list