[rs-commit] r26 - in /redwax-tool/trunk: config.h.in configure.ac redwax_openssl.c

rs-commit at redwax.eu rs-commit at redwax.eu
Tue Nov 16 18:00:54 CET 2021 

Author: minfrin at redwax.eu
Date: Tue Nov 16 18:00:53 2021
New Revision: 26

Log:
Add support for EVP_PKEY_get_bn_param().

Modified:
    redwax-tool/trunk/config.h.in
    redwax-tool/trunk/configure.ac
    redwax-tool/trunk/redwax_openssl.c

Modified: redwax-tool/trunk/config.h.in
==============================================================================
--- redwax-tool/trunk/config.h.in	(original)
+++ redwax-tool/trunk/config.h.in	Tue Nov 16 18:00:53 2021
@@ -8,6 +8,9 @@
 
 /* Define to 1 if you have the `EVP_PKEY_get0_description' function. */
 #undef HAVE_EVP_PKEY_GET0_DESCRIPTION
+
+/* Define to 1 if you have the `EVP_PKEY_get_bn_param' function. */
+#undef HAVE_EVP_PKEY_GET_BN_PARAM
 
 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H

Modified: redwax-tool/trunk/configure.ac
==============================================================================
--- redwax-tool/trunk/configure.ac	(original)
+++ redwax-tool/trunk/configure.ac	Tue Nov 16 18:00:53 2021
@@ -96,7 +96,7 @@
 
 # Checks for library functions.
 AC_FUNC_MALLOC
-AC_CHECK_FUNCS([OPENSSL_init_crypto X509_STORE_get0_param X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_get_num_untrusted EVP_PKEY_get0_description RSA_get0_n RSA_get0_e RSA_get0_d RSA_get0_p RSA_get0_q RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_iqmp NSS_Initialize p11_kit_modules_load_and_initialize apr_crypto_clear])
+AC_CHECK_FUNCS([OPENSSL_init_crypto X509_STORE_get0_param X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_get_num_untrusted EVP_PKEY_get0_description EVP_PKEY_get_bn_param RSA_get0_n RSA_get0_e RSA_get0_d RSA_get0_p RSA_get0_q RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_iqmp NSS_Initialize p11_kit_modules_load_and_initialize apr_crypto_clear])
 
 AC_OUTPUT
 

Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c	(original)
+++ redwax-tool/trunk/redwax_openssl.c	Tue Nov 16 18:00:53 2021
@@ -93,6 +93,8 @@
 #define X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_trusted_stack
 #endif
 
+#if !HAVE_EVP_PKEY_GET_BN_PARAM
+
 #if !HAVE_RSA_GET0_N
 const BIGNUM *RSA_get0_n(const RSA *r)
 {
@@ -147,6 +149,8 @@
 {
     return r->iqmp;
 }
+#endif
+
 #endif
 
 static void redwax_openssl_print_errors(redwax_tool_t *r)
@@ -1881,53 +1885,82 @@
             /* id is the sha1 hash of the modulus */
             unsigned char digest[EVP_MAX_MD_SIZE];
 
+            unsigned int len;
+
+#if HAVE_EVP_PKEY_GET_BN_PARAM
+            BIGNUM *n = NULL;
+            BIGNUM *e = NULL;
+            BIGNUM *d = NULL;
+            BIGNUM *p = NULL;
+            BIGNUM *q = NULL;
+            BIGNUM *dmp1 = NULL;
+            BIGNUM *dmq1 = NULL;
+            BIGNUM *iqmp = NULL;
+
+            EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_RSA_N, &n);
+            EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_RSA_E, &e);
+            EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_RSA_D, &d);
+            EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_RSA_FACTOR1, &p);
+            EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_RSA_FACTOR2, &q);
+            EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_RSA_EXPONENT1, &dmp1);
+            EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_RSA_EXPONENT2, &dmq1);
+            EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_RSA_COEFFICIENT, &iqmp);
+#else
             RSA *rsa = EVP_PKEY_get0_RSA(pkey);
 
-            unsigned int len;
+            const BIGNUM *n = RSA_get0_n(rsa);
+            const BIGNUM *e = RSA_get0_e(rsa);
+            const BIGNUM *d = RSA_get0_d(rsa);
+            const BIGNUM *p = RSA_get0_p(rsa);
+            const BIGNUM *q = RSA_get0_q(rsa);
+            const BIGNUM *dmp1 = RSA_get0_dmp1(rsa);
+            const BIGNUM *dmq1 = RSA_get0_dmq1(rsa);
+            const BIGNUM *iqmp = RSA_get0_iqmp(rsa);
+#endif
 
             key->rsa = apr_pcalloc(key->pool, sizeof(redwax_key_rsa_t));
 
             /* public */
-            key->rsa->modulus_len = BN_num_bytes(RSA_get0_n(rsa));
+            key->rsa->modulus_len = BN_num_bytes(n);
             key->rsa->modulus = apr_palloc(key->pool,
                     key->rsa->modulus_len);
-            BN_bn2bin(RSA_get0_n(rsa), key->rsa->modulus);
-
-            key->rsa->public_exponent_len = BN_num_bytes(RSA_get0_e(rsa));
+            BN_bn2bin(n, key->rsa->modulus);
+
+            key->rsa->public_exponent_len = BN_num_bytes(e);
             key->rsa->public_exponent = apr_palloc(key->pool,
                     key->rsa->public_exponent_len);
-            BN_bn2bin(RSA_get0_e(rsa), key->rsa->public_exponent);
+            BN_bn2bin(e, key->rsa->public_exponent);
 
             /* private */
-            key->rsa->private_exponent_len = BN_num_bytes(RSA_get0_d(rsa));
+            key->rsa->private_exponent_len = BN_num_bytes(d);
             key->rsa->private_exponent = apr_palloc(key->pool,
                     key->rsa->private_exponent_len);
-            BN_bn2bin(RSA_get0_d(rsa), key->rsa->private_exponent);
-
-            key->rsa->prime_1_len = BN_num_bytes(RSA_get0_p(rsa));
+            BN_bn2bin(d, key->rsa->private_exponent);
+
+            key->rsa->prime_1_len = BN_num_bytes(p);
             key->rsa->prime_1 = apr_palloc(key->pool,
                     key->rsa->prime_1_len);
-            BN_bn2bin(RSA_get0_p(rsa), key->rsa->prime_1);
-
-            key->rsa->prime_2_len = BN_num_bytes(RSA_get0_q(rsa));
+            BN_bn2bin(p, key->rsa->prime_1);
+
+            key->rsa->prime_2_len = BN_num_bytes(q);
             key->rsa->prime_2 = apr_palloc(key->pool,
                     key->rsa->prime_2_len);
-            BN_bn2bin(RSA_get0_q(rsa), key->rsa->prime_2);
-
-            key->rsa->exponent_1_len = BN_num_bytes(RSA_get0_dmp1(rsa));
+            BN_bn2bin(q, key->rsa->prime_2);
+
+            key->rsa->exponent_1_len = BN_num_bytes(dmp1);
             key->rsa->exponent_1 = apr_palloc(key->pool,
                     key->rsa->exponent_1_len);
-            BN_bn2bin(RSA_get0_dmp1(rsa), key->rsa->exponent_1);
-
-            key->rsa->exponent_2_len = BN_num_bytes(RSA_get0_dmq1(rsa));
+            BN_bn2bin(dmp1, key->rsa->exponent_1);
+
+            key->rsa->exponent_2_len = BN_num_bytes(dmq1);
             key->rsa->exponent_2 = apr_palloc(key->pool,
                     key->rsa->exponent_2_len);
-            BN_bn2bin(RSA_get0_dmq1(rsa), key->rsa->exponent_2);
-
-            key->rsa->coefficient_len = BN_num_bytes(RSA_get0_iqmp(rsa));
+            BN_bn2bin(dmq1, key->rsa->exponent_2);
+
+            key->rsa->coefficient_len = BN_num_bytes(iqmp);
             key->rsa->coefficient = apr_palloc(key->pool,
                     key->rsa->coefficient_len);
-            BN_bn2bin(RSA_get0_iqmp(rsa), key->rsa->coefficient);
+            BN_bn2bin(iqmp, key->rsa->coefficient);
 
 
 
@@ -1937,6 +1970,17 @@
 
             key->common.id_der = apr_pmemdup(key->pool, digest, len);
             key->common.id_len = len;
+
+#if HAVE_EVP_PKEY_GET_BN_PARAM
+            BN_clear_free(n);
+            BN_clear_free(e);
+            BN_clear_free(d);
+            BN_clear_free(p);
+            BN_clear_free(q);
+            BN_clear_free(dmp1);
+            BN_clear_free(dmq1);
+            BN_clear_free(iqmp);
+#endif
 
             break;
         }

More information about the rs-commit mailing list