From 0746be43a260b8be8d8d26a810cd3b039b84815c Mon Sep 17 00:00:00 2001 From: Quantum Date: Sat, 29 Jul 2017 22:25:37 -0400 Subject: [PATCH] OpenSSL 1.1 Port. Some potential problems with Ssl_Init_Async_SendAlert. --- src/Mayaqua/Encrypt.c | 189 +++++++++++++++++++++++++++++------------- src/Mayaqua/Encrypt.h | 13 ++- src/Mayaqua/Network.c | 20 +++-- src/Mayaqua/Secure.c | 35 ++++++-- 4 files changed, 183 insertions(+), 74 deletions(-) diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c index 9914646b..8683abf3 100644 --- a/src/Mayaqua/Encrypt.c +++ b/src/Mayaqua/Encrypt.c @@ -165,52 +165,64 @@ typedef struct CB_PARAM } CB_PARAM; // Copied from t1_enc.c of OpenSSL -#define HMAC_Init_ex(ctx,sec,len,md,impl) HMAC_Init(ctx, sec, len, md) -#define HMAC_CTX_cleanup(ctx) HMAC_cleanup(ctx) void Enc_tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, const unsigned char *seed, int seed_len, unsigned char *out, int olen) { int chunk,n; unsigned int j; - HMAC_CTX ctx; - HMAC_CTX ctx_tmp; + HMAC_CTX *ctx; + HMAC_CTX *ctx_tmp; unsigned char A1[EVP_MAX_MD_SIZE]; unsigned int A1_len; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ctx = HMAC_CTX_new(); + ctx_tmp = HMAC_CTX_new(); +#else + HMAC_CTX ctx_; + HMAC_CTX ctx_tmp_; + ctx = &ctx_; + ctx_tmp = &ctx_tmp_; + Zero(ctx, sizeof(ctx)); + Zero(ctx_tmp, sizeof(ctx_tmp)); +#endif chunk=EVP_MD_size(md); - Zero(&ctx, sizeof(ctx)); - Zero(&ctx_tmp, sizeof(ctx_tmp)); - HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); - HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); - HMAC_Update(&ctx,seed,seed_len); - HMAC_Final(&ctx,A1,&A1_len); + HMAC_Init_ex(ctx,sec,sec_len,md, NULL); + HMAC_Init_ex(ctx_tmp,sec,sec_len,md, NULL); + HMAC_Update(ctx,seed,seed_len); + HMAC_Final(ctx,A1,&A1_len); n=0; for (;;) { - HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ - HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */ - HMAC_Update(&ctx,A1,A1_len); - HMAC_Update(&ctx_tmp,A1,A1_len); - HMAC_Update(&ctx,seed,seed_len); + HMAC_Init_ex(ctx,NULL,0,NULL,NULL); /* re-init */ + HMAC_Init_ex(ctx_tmp,NULL,0,NULL,NULL); /* re-init */ + HMAC_Update(ctx,A1,A1_len); + HMAC_Update(ctx_tmp,A1,A1_len); + HMAC_Update(ctx,seed,seed_len); if (olen > chunk) { - HMAC_Final(&ctx,out,&j); + HMAC_Final(ctx,out,&j); out+=j; olen-=j; - HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */ + HMAC_Final(ctx_tmp,A1,&A1_len); /* calc the next A1 value */ } else /* last one */ { - HMAC_Final(&ctx,A1,&A1_len); + HMAC_Final(ctx,A1,&A1_len); memcpy(out,A1,olen); break; } } - HMAC_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&ctx_tmp); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_free(ctx); + HMAC_CTX_free(ctx_tmp); +#else + HMAC_CTX_cleanup(ctx); + HMAC_CTX_cleanup(ctx_tmp); +#endif Zero (A1, sizeof(A1)); } @@ -457,7 +469,7 @@ void MdProcess(MD *md, void *dest, void *src, UINT size) return; } - HMAC_Init(md->Ctx, NULL, 0, NULL); + HMAC_Init_ex(md->Ctx, NULL, 0, NULL, NULL); HMAC_Update(md->Ctx, src, size); r = 0; @@ -473,7 +485,7 @@ void SetMdKey(MD *md, void *key, UINT key_size) return; } - HMAC_Init(md->Ctx, key, key_size, md->Md); + HMAC_Init_ex(md->Ctx, key, key_size, md->Md, NULL); } // Creating a message digest object @@ -496,8 +508,12 @@ MD *NewMd(char *name) return NULL; } +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + m->Ctx = HMAC_CTX_new(); +#else m->Ctx = ZeroMalloc(sizeof(struct hmac_ctx_st)); HMAC_CTX_init(m->Ctx); +#endif m->Size = EVP_MD_size(m->Md); @@ -515,8 +531,12 @@ void FreeMd(MD *md) if (md->Ctx != NULL) { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_free(md->Ctx); +#else HMAC_CTX_cleanup(md->Ctx); Free(md->Ctx); +#endif } Free(md); @@ -551,8 +571,12 @@ CIPHER *NewCipher(char *name) return NULL; } +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + c->Ctx = EVP_CIPHER_CTX_new(); +#else c->Ctx = ZeroMalloc(sizeof(struct evp_cipher_ctx_st)); EVP_CIPHER_CTX_init(c->Ctx); +#endif c->BlockSize = EVP_CIPHER_block_size(c->Cipher); c->KeySize = EVP_CIPHER_key_length(c->Cipher); @@ -629,8 +653,12 @@ void FreeCipher(CIPHER *c) if (c->Ctx != NULL) { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + EVP_CIPHER_CTX_free(c->Ctx); +#else EVP_CIPHER_CTX_cleanup(c->Ctx); Free(c->Ctx); +#endif } Free(c); @@ -811,6 +839,9 @@ K *RsaBinToPublic(void *data, UINT size) RSA *rsa; K *k; BIO *bio; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + BIGNUM *e, *n; +#endif // Validate arguments if (data == NULL || size < 4) { @@ -819,6 +850,14 @@ K *RsaBinToPublic(void *data, UINT size) rsa = RSA_new(); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + e = BN_new(); + BN_set_word(e, RSA_F4); + + n = BinToBigNum(data, size); + + RSA_set0_key(rsa, n, e, NULL); +#else if (rsa->e != NULL) { BN_free(rsa->e); @@ -833,6 +872,7 @@ K *RsaBinToPublic(void *data, UINT size) } rsa->n = BinToBigNum(data, size); +#endif bio = NewBio(); Lock(openssl_lock); @@ -853,14 +893,39 @@ K *RsaBinToPublic(void *data, UINT size) BUF *RsaPublicToBuf(K *k) { BUF *b; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + RSA *rsa; + const BIGNUM *n; +#endif // Validate arguments - if (k == NULL || k->pkey == NULL || k->pkey->pkey.rsa == NULL - || k->pkey->pkey.rsa->n == NULL) + if (k == NULL || k->pkey == NULL) + { + return NULL; + } + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + rsa = EVP_PKEY_get0_RSA(k->pkey); + if (rsa == NULL) + { + return NULL; + } + + RSA_get0_key(rsa, &n, NULL, NULL); + if (n == NULL) + { + return NULL; + } + + b = BigNumToBuf(n); +#else + if (k->pkey->pkey.rsa == NULL || k->pkey->pkey.rsa->n == NULL) { return NULL; } b = BigNumToBuf(k->pkey->pkey.rsa->n); +#endif + if (b == NULL) { return NULL; @@ -874,13 +939,12 @@ void RsaPublicToBin(K *k, void *data) { BUF *b; // Validate arguments - if (k == NULL || k->pkey == NULL || k->pkey->pkey.rsa == NULL - || k->pkey->pkey.rsa->n == NULL || data == NULL) + if (data == NULL) { return; } - b = BigNumToBuf(k->pkey->pkey.rsa->n); + b = RsaPublicToBuf(k); if (b == NULL) { return; @@ -896,14 +960,8 @@ UINT RsaPublicSize(K *k) { BUF *b; UINT ret; - // Validate arguments - if (k == NULL || k->pkey == NULL || k->pkey->pkey.rsa == NULL - || k->pkey->pkey.rsa->n == NULL) - { - return 0; - } - b = BigNumToBuf(k->pkey->pkey.rsa->n); + b = RsaPublicToBuf(k); if (b == NULL) { return 0; @@ -1017,7 +1075,7 @@ BIGNUM *BufToBigNum(BUF *b) } // Convert a BIGNUM to a buffer -BUF *BigNumToBuf(BIGNUM *bn) +BUF *BigNumToBuf(const BIGNUM *bn) { UINT size; UCHAR *tmp; @@ -1990,6 +2048,7 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial) X509_EXTENSION *ex = NULL; X509_EXTENSION *eku = NULL; X509_EXTENSION *busage = NULL; + ASN1_INTEGER *s; // Validate arguments if (pub == NULL || name == NULL || ca == NULL) { @@ -2052,19 +2111,17 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial) FreeX509Name(subject_name); // Set the Serial Number + s = X509_get_serialNumber(x509); + OPENSSL_free(s->data); if (serial == NULL) { char zero = 0; - ASN1_INTEGER *s = x509->cert_info->serialNumber; - OPENSSL_free(s->data); s->data = OPENSSL_malloc(sizeof(char)); Copy(s->data, &zero, sizeof(char)); s->length = sizeof(char); } else { - ASN1_INTEGER *s = x509->cert_info->serialNumber; - OPENSSL_free(s->data); s->data = OPENSSL_malloc(serial->size); Copy(s->data, serial->data, serial->size); s->length = serial->size; @@ -2117,6 +2174,7 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial) X509_EXTENSION *ex = NULL; X509_EXTENSION *eku = NULL; X509_EXTENSION *busage = NULL; + ASN1_INTEGER *s; // Validate arguments if (pub == NULL || name == NULL || priv == NULL) { @@ -2184,19 +2242,17 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial) FreeX509Name(issuer_name); // Set a Serial Number + s = X509_get_serialNumber(x509); + OPENSSL_free(s->data); if (serial == NULL) { char zero = 0; - ASN1_INTEGER *s = x509->cert_info->serialNumber; - OPENSSL_free(s->data); s->data = OPENSSL_malloc(sizeof(char)); Copy(s->data, &zero, sizeof(char)); s->length = sizeof(char); } else { - ASN1_INTEGER *s = x509->cert_info->serialNumber; - OPENSSL_free(s->data); s->data = OPENSSL_malloc(serial->size); Copy(s->data, serial->data, serial->size); s->length = serial->size; @@ -2394,8 +2450,8 @@ void LoadXDates(X *x) return; } - x->notBefore = Asn1TimeToUINT64(x->x509->cert_info->validity->notBefore); - x->notAfter = Asn1TimeToUINT64(x->x509->cert_info->validity->notAfter); + x->notBefore = Asn1TimeToUINT64(X509_get0_notBefore(x->x509)); + x->notAfter = Asn1TimeToUINT64(X509_get0_notAfter(x->x509)); } // Convert the 64bit system time to ASN1 time @@ -2547,6 +2603,7 @@ bool RsaVerify(void *data, UINT data_size, void *sign, K *k) { return RsaVerifyEx(data, data_size, sign, k, 0); } + bool RsaVerifyEx(void *data, UINT data_size, void *sign, K *k, UINT bits) { UCHAR hash_data[SIGN_HASH_SIZE]; @@ -2568,7 +2625,7 @@ bool RsaVerifyEx(void *data, UINT data_size, void *sign, K *k, UINT bits) } // Decode the signature - if (RSA_public_decrypt(bits / 8, sign, decrypt_data, k->pkey->pkey.rsa, RSA_PKCS1_PADDING) <= 0) + if (RSA_public_decrypt(bits / 8, sign, decrypt_data, EVP_PKEY_get0_RSA(k->pkey), RSA_PKCS1_PADDING) <= 0) { return false; } @@ -2591,7 +2648,7 @@ bool RsaSignEx(void *dst, void *src, UINT size, K *k, UINT bits) { UCHAR hash[SIGN_HASH_SIZE]; // Validate arguments - if (dst == NULL || src == NULL || k == NULL || k->pkey->type != EVP_PKEY_RSA) + if (dst == NULL || src == NULL || k == NULL || EVP_PKEY_base_id(k->pkey) != EVP_PKEY_RSA) { return false; } @@ -2609,7 +2666,7 @@ bool RsaSignEx(void *dst, void *src, UINT size, K *k, UINT bits) } // Signature - if (RSA_private_encrypt(sizeof(hash), hash, dst, k->pkey->pkey.rsa, RSA_PKCS1_PADDING) <= 0) + if (RSA_private_encrypt(sizeof(hash), hash, dst, EVP_PKEY_get0_RSA(k->pkey), RSA_PKCS1_PADDING) <= 0) { return false; } @@ -2655,7 +2712,7 @@ bool RsaPublicDecrypt(void *dst, void *src, UINT size, K *k) tmp = ZeroMalloc(size); Lock(openssl_lock); { - ret = RSA_public_decrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING); + ret = RSA_public_decrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING); } Unlock(openssl_lock); if (ret <= 0) @@ -2686,7 +2743,7 @@ bool RsaPrivateEncrypt(void *dst, void *src, UINT size, K *k) tmp = ZeroMalloc(size); Lock(openssl_lock); { - ret = RSA_private_encrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING); + ret = RSA_private_encrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING); } Unlock(openssl_lock); if (ret <= 0) @@ -2717,7 +2774,7 @@ bool RsaPrivateDecrypt(void *dst, void *src, UINT size, K *k) tmp = ZeroMalloc(size); Lock(openssl_lock); { - ret = RSA_private_decrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING); + ret = RSA_private_decrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING); } Unlock(openssl_lock); if (ret <= 0) @@ -2745,7 +2802,7 @@ bool RsaPublicEncrypt(void *dst, void *src, UINT size, K *k) tmp = ZeroMalloc(size); Lock(openssl_lock); { - ret = RSA_public_encrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING); + ret = RSA_public_encrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING); } Unlock(openssl_lock); if (ret <= 0) @@ -3923,6 +3980,7 @@ X *X509ToX(X509 *x509) BUF *b; UINT size; UINT type; + ASN1_INTEGER *s; // Validate arguments if (x509 == NULL) { @@ -3990,8 +4048,8 @@ X *X509ToX(X509 *x509) } // Get the Serial Number - x->serial = NewXSerial(x509->cert_info->serialNumber->data, - x509->cert_info->serialNumber->length); + s = X509_get_serialNumber(x509); + x->serial = NewXSerial(s->data, s->length); if (x->serial == NULL) { char zero = 0; @@ -4008,7 +4066,7 @@ X *X509ToX(X509 *x509) b = KToBuf(k, false, NULL); size = b->Size; - type = k->pkey->type; + type = EVP_PKEY_base_id(k->pkey); FreeBuf(b); @@ -4080,7 +4138,7 @@ BUF *BioToBuf(BIO *bio) } BIO_seek(bio, 0); - size = bio->num_write; + size = BIO_number_written(bio); tmp = Malloc(size); BIO_read(bio, tmp, size); @@ -4200,7 +4258,7 @@ void InitCryptLibrary() SSL_library_init(); //OpenSSL_add_all_algorithms(); OpenSSL_add_all_ciphers(); - SSLeay_add_all_digests(); + OpenSSL_add_all_digests(); ERR_load_crypto_strings(); SSL_load_error_strings(); @@ -4989,6 +5047,10 @@ DH_CTX *DhNew(char *prime, UINT g) { DH_CTX *dh; BUF *buf; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + BIGNUM *dhp, *dhg; + const BIGNUM *pub, *priv; +#endif // Validate arguments if (prime == NULL || g == 0) { @@ -5000,14 +5062,27 @@ DH_CTX *DhNew(char *prime, UINT g) dh = ZeroMalloc(sizeof(DH_CTX)); dh->dh = DH_new(); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + dhp = BinToBigNum(buf->Buf, buf->Size); + dhg = BN_new(); + BN_set_word(dhg, g); + DH_set0_pqg(dh->dh, dhp, NULL, dhg); +#else dh->dh->p = BinToBigNum(buf->Buf, buf->Size); dh->dh->g = BN_new(); BN_set_word(dh->dh->g, g); +#endif DH_generate_key(dh->dh); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + DH_get0_key(dh->dh, &pub, &priv); + dh->MyPublicKey = BigNumToBuf(pub); + dh->MyPrivateKey = BigNumToBuf(priv); +#else dh->MyPublicKey = BigNumToBuf(dh->dh->pub_key); dh->MyPrivateKey = BigNumToBuf(dh->dh->priv_key); +#endif dh->Size = buf->Size; diff --git a/src/Mayaqua/Encrypt.h b/src/Mayaqua/Encrypt.h index 46720fb5..ab1bf4b2 100644 --- a/src/Mayaqua/Encrypt.h +++ b/src/Mayaqua/Encrypt.h @@ -228,7 +228,14 @@ void RAND_Free_For_SoftEther(); // Macro #define HASHED_DATA(p) (((UCHAR *)p) + 15) - +// OpenSSL <1.1 Shims +#if OPENSSL_VERSION_NUMBER < 0x10100000L +# define EVP_PKEY_get0_RSA(obj) ((obj)->pkey.rsa) +# define EVP_PKEY_base_id(pkey) ((pkey)->type) +# define X509_get0_notBefore(x509) ((x509)->cert_info->validity->notBefore) +# define X509_get0_notAfter(x509) ((x509)->cert_info->validity->notAfter) +# define X509_get_serialNumber(x509) ((x509)->cert_info->serialNumber) +#endif // Crypt context struct CRYPT @@ -341,7 +348,7 @@ struct CIPHER struct MD { char Name[MAX_PATH]; - const struct env_md_st *Md; + const struct evp_md_st *Md; struct hmac_ctx_st *Ctx; UINT Size; }; @@ -461,7 +468,7 @@ void GetAllNameFromName(wchar_t *str, UINT size, NAME *name); void GetAllNameFromNameEx(wchar_t *str, UINT size, NAME *name); void GetAllNameFromXEx(wchar_t *str, UINT size, X *x); void GetAllNameFromXExA(char *str, UINT size, X *x); -BUF *BigNumToBuf(BIGNUM *bn); +BUF *BigNumToBuf(const BIGNUM *bn); BIGNUM *BinToBigNum(void *data, UINT size); BIGNUM *BufToBigNum(BUF *b); char *BigNumToStr(BIGNUM *bn); diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c index 41d69cce..288a4ceb 100644 --- a/src/Mayaqua/Network.c +++ b/src/Mayaqua/Network.c @@ -9429,11 +9429,13 @@ void UnixInitAsyncSocket(SOCK *sock) UnixSetSocketNonBlockingMode(sock->socket, true); } +#if OPENSSL_VERSION_NUMBER < 0x10100000L if (sock->ssl != NULL && sock->ssl->s3 != NULL) { sock->Ssl_Init_Async_SendAlert[0] = sock->ssl->s3->send_alert[0]; sock->Ssl_Init_Async_SendAlert[1] = sock->ssl->s3->send_alert[1]; } +#endif } // Initializing the socket library @@ -13015,7 +13017,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch { if (client_tls == false) { - SSL_CTX_set_ssl_version(ssl_ctx, SSLv3_method()); + SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method()); } else { @@ -13381,10 +13383,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size) e = SSL_get_error(ssl, ret); if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL) { - if (e == SSL_ERROR_SSL && + if (e == SSL_ERROR_SSL +#if OPENSSL_VERSION_NUMBER < 0x10100000L + && sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL && sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] && - sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]) + sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1] +#endif + ) { Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__); Disconnect(sock); @@ -13467,10 +13473,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size) { if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL) { - if (e == SSL_ERROR_SSL && + if (e == SSL_ERROR_SSL +#if OPENSSL_VERSION_NUMBER < 0x10100000L + && sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL && sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] && - sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]) + sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1] +#endif + ) { Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__); Disconnect(sock); diff --git a/src/Mayaqua/Secure.c b/src/Mayaqua/Secure.c index 2dcf776b..2df75ca7 100644 --- a/src/Mayaqua/Secure.c +++ b/src/Mayaqua/Secure.c @@ -488,6 +488,7 @@ bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k) RSA *rsa; UCHAR modules[MAX_SIZE], pub[MAX_SIZE], pri[MAX_SIZE], prime1[MAX_SIZE], prime2[MAX_SIZE]; UCHAR exp1[MAX_SIZE], exp2[MAX_SIZE], coeff[MAX_SIZE]; + const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; CK_ATTRIBUTE a[] = { {CKA_MODULUS, modules, 0}, // 0 @@ -536,48 +537,64 @@ bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k) } // Numeric data generation - rsa = k->pkey->pkey.rsa; + rsa = EVP_PKEY_get0_RSA(k->pkey); if (rsa == NULL) { sec->Error = SEC_ERROR_BAD_PARAMETER; return false; } - b = BigNumToBuf(rsa->n); + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + RSA_get0_key(rsa, &n, &e, &d); + RSA_get0_factors(rsa, &p, &q); + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); +#else + rsa->n = n; + rsa->e = e; + rsa->d = d; + rsa->p = p; + rsa->q = q; + rsa->dmp1 = dmp1; + rsa->dmq1 = dmq1; + rsa->iqmp = iqmp; +#endif + + b = BigNumToBuf(n); ReadBuf(b, modules, sizeof(modules)); A_SIZE(a, 0) = b->Size; FreeBuf(b); - b = BigNumToBuf(rsa->e); + b = BigNumToBuf(e); ReadBuf(b, pub, sizeof(pub)); A_SIZE(a, 1) = b->Size; FreeBuf(b); - b = BigNumToBuf(rsa->d); + b = BigNumToBuf(d); ReadBuf(b, pri, sizeof(pri)); A_SIZE(a, 2) = b->Size; FreeBuf(b); - b = BigNumToBuf(rsa->p); + b = BigNumToBuf(p); ReadBuf(b, prime1, sizeof(prime1)); A_SIZE(a, 3) = b->Size; FreeBuf(b); - b = BigNumToBuf(rsa->q); + b = BigNumToBuf(q); ReadBuf(b, prime2, sizeof(prime2)); A_SIZE(a, 4) = b->Size; FreeBuf(b); - b = BigNumToBuf(rsa->dmp1); + b = BigNumToBuf(dmp1); ReadBuf(b, exp1, sizeof(exp1)); A_SIZE(a, 5) = b->Size; FreeBuf(b); - b = BigNumToBuf(rsa->dmq1); + b = BigNumToBuf(dmq1); ReadBuf(b, exp2, sizeof(exp2)); A_SIZE(a, 6) = b->Size; FreeBuf(b); - b = BigNumToBuf(rsa->iqmp); + b = BigNumToBuf(iqmp); ReadBuf(b, coeff, sizeof(coeff)); A_SIZE(a, 7) = b->Size; FreeBuf(b);