Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/netpgp/dist/src centralize the conversio...
details: https://anonhg.NetBSD.org/src/rev/e09e124e4605
branches: trunk
changeset: 359258:e09e124e4605
user: christos <christos%NetBSD.org@localhost>
date: Mon Feb 05 23:56:01 2018 +0000
description:
centralize the conversion functions and make this work with both
openssl-1.0 and 1.1
diffstat:
crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c | 260 +++++++++-----
crypto/external/bsd/netpgp/dist/src/lib/signature.c | 13 +-
crypto/external/bsd/netpgp/dist/src/netpgp/Makefile | 100 ++---
3 files changed, 224 insertions(+), 149 deletions(-)
diffs (truncated from 658 to 300 lines):
diff -r 37fadc330b9f -r e09e124e4605 crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Mon Feb 05 22:14:26 2018 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Mon Feb 05 23:56:01 2018 +0000
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: openssl_crypto.c,v 1.33 2010/11/07 08:39:59 agc Exp $");
+__RCSID("$NetBSD: openssl_crypto.c,v 1.34 2018/02/05 23:56:01 christos Exp $");
#endif
#ifdef HAVE_OPENSSL_DSA_H
@@ -89,18 +89,144 @@
#include "netpgpdigest.h"
#include "packet.h"
+static void
+takeRSA(const RSA *orsa, pgp_rsa_pubkey_t *pk, pgp_rsa_seckey_t *sk)
+{
+ const BIGNUM *n, *e, *d, *q, *p;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ RSA_get0_key(orsa, &n, &e, &d);
+ RSA_get0_factors(orsa, &q, &p);
+#else
+ n = orsa->n;
+ e = orsa->e;
+ d = orsa->d;
+ p = orsa->p;
+ q = orsa->q;
+#endif
+ if (sk) {
+ sk->d = BN_dup(d);
+ sk->p = BN_dup(p);
+ sk->q = BN_dup(q);
+ }
+ if (pk) {
+ pk->n = BN_dup(n);
+ pk->e = BN_dup(e);
+ }
+}
+
+static RSA *
+makeRSA(const pgp_rsa_pubkey_t *pubkey, const pgp_rsa_seckey_t *seckey)
+{
+ BIGNUM *n, *e, *d, *p, *q;
+ RSA *orsa;
+
+ orsa = RSA_new();
+ n = BN_dup(pubkey->n);
+ e = BN_dup(pubkey->e);
+
+ if (seckey) {
+ d = BN_dup(seckey->d);
+ p = BN_dup(seckey->p);
+ q = BN_dup(seckey->q);
+ } else {
+ d = p = q = NULL;
+ }
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ RSA_set0_key(orsa, n, e, d);
+ RSA_set0_factors(orsa, p, q);
+#else
+ BN_free(orsa->n);
+ BN_free(orsa->e);
+ orsa->n = n;
+ orsa->e = e;
+ if (d) {
+ BN_free(orsa->d);
+ orsa->d = d;
+ }
+ if (p) {
+ BN_free(orsa->p);
+ orsa->p = p;
+ }
+ if (q) {
+ BN_free(orsa->q);
+ orsa->q = q;
+ }
+#endif
+ return orsa;
+}
+
+static DSA_SIG *
+makeDSA_SIG(const pgp_dsa_sig_t *sig)
+{
+ DSA_SIG *osig;
+ BIGNUM *r, *s;
+
+ osig = DSA_SIG_new();
+ r = BN_dup(sig->r);
+ s = BN_dup(sig->s);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ DSA_SIG_set0(osig, r, s);
+#else
+ BN_free(osig->r);
+ BN_free(osig->s);
+ osig->r = r;
+ osig->s = s;
+#endif
+
+ return osig;
+}
+
+static DSA *
+makeDSA(const pgp_dsa_pubkey_t *dsa, const pgp_dsa_seckey_t *secdsa)
+{
+ DSA *odsa;
+ BIGNUM *p, *q, *g, *y, *x;
+
+ odsa = DSA_new();
+
+ p = BN_dup(dsa->p);
+ q = BN_dup(dsa->q);
+ g = BN_dup(dsa->g);
+ y = BN_dup(dsa->y);
+ x = secdsa ? secdsa->x : NULL;
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ DSA_set0_key(odsa, y, x);
+#else
+ BN_free(odsa->p);
+ BN_free(odsa->q);
+ BN_free(odsa->g);
+ BN_free(odsa->pub_key);
+ odsa->p = p;
+ odsa->q = q;
+ odsa->g = g;
+ odsa->pub_key = y;
+ if (x) {
+ BN_free(odsa->priv_key);
+ odsa->priv_key = x;
+ }
+#endif
+ return odsa;
+}
+
+static void
+takeDSA(const DSA *odsa, pgp_dsa_seckey_t *sk)
+{
+ const BIGNUM *x;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ DSA_get0_key(odsa, NULL, &x);
+#else
+ x = odsa->priv_key;
+#endif
+ sk->x = BN_dup(x);
+}
static void
test_seckey(const pgp_seckey_t *seckey)
{
- RSA *test = RSA_new();
-
- test->n = BN_dup(seckey->pubkey.key.rsa.n);
- test->e = BN_dup(seckey->pubkey.key.rsa.e);
-
- test->d = BN_dup(seckey->key.rsa.d);
- test->p = BN_dup(seckey->key.rsa.p);
- test->q = BN_dup(seckey->key.rsa.q);
+ RSA *test = makeRSA(&seckey->pubkey.key.rsa, &seckey->key.rsa);
if (RSA_check_key(test) != 1) {
(void) fprintf(stderr,
@@ -435,25 +561,15 @@
const pgp_dsa_pubkey_t *dsa)
{
unsigned qlen;
- DSA_SIG *osig;
- DSA *odsa;
+ DSA_SIG *osig = makeDSA_SIG(sig);
+ DSA *odsa = makeDSA(dsa, NULL);
int ret;
- osig = DSA_SIG_new();
- osig->r = sig->r;
- osig->s = sig->s;
-
- odsa = DSA_new();
- odsa->p = dsa->p;
- odsa->q = dsa->q;
- odsa->g = dsa->g;
- odsa->pub_key = dsa->y;
-
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "input hash", hash, hash_length);
- (void) fprintf(stderr, "Q=%d\n", BN_num_bytes(odsa->q));
+ (void) fprintf(stderr, "Q=%d\n", BN_num_bytes(dsa->q));
}
- if ((qlen = (unsigned)BN_num_bytes(odsa->q)) < hash_length) {
+ if ((qlen = (unsigned)BN_num_bytes(dsa->q)) < hash_length) {
hash_length = qlen;
}
ret = DSA_do_verify(hash, (int)hash_length, osig, odsa);
@@ -465,10 +581,7 @@
return 0;
}
- odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL;
DSA_free(odsa);
-
- osig->r = osig->s = NULL;
DSA_SIG_free(osig);
return (unsigned)ret;
@@ -489,19 +602,14 @@
size_t length,
const pgp_rsa_pubkey_t *pubkey)
{
- RSA *orsa;
- int n;
+ RSA *orsa = makeRSA(pubkey, NULL);
+ int ret;
- orsa = RSA_new();
- orsa->n = pubkey->n;
- orsa->e = pubkey->e;
+ ret = RSA_public_decrypt((int)length, in, out, orsa, RSA_NO_PADDING);
- n = RSA_public_decrypt((int)length, in, out, orsa, RSA_NO_PADDING);
-
- orsa->n = orsa->e = NULL;
RSA_free(orsa);
- return n;
+ return ret;
}
/**
@@ -521,21 +629,10 @@
const pgp_rsa_seckey_t *seckey,
const pgp_rsa_pubkey_t *pubkey)
{
- RSA *orsa;
- int n;
+ RSA *orsa = makeRSA(pubkey, seckey);
+ int ret;
- orsa = RSA_new();
- orsa->n = BN_dup(pubkey->n);
- orsa->d = seckey->d;
- orsa->p = seckey->q; /* p and q are round the other way in openssl */
- orsa->q = seckey->p;
-
- /* debug */
- orsa->e = BN_dup(pubkey->e);
- /* If this isn't set, it's very likely that the programmer hasn't */
- /* decrypted the secret key. RSA_check_key segfaults in that case. */
- /* Use pgp_decrypt_seckey() to do that. */
- if (orsa->d == NULL) {
+ if (seckey->d == NULL) {
(void) fprintf(stderr, "orsa is not set\n");
return 0;
}
@@ -545,12 +642,11 @@
}
/* end debug */
- n = RSA_private_encrypt((int)length, in, out, orsa, RSA_NO_PADDING);
+ ret = RSA_private_encrypt((int)length, in, out, orsa, RSA_NO_PADDING);
- orsa->n = orsa->d = orsa->p = orsa->q = NULL;
RSA_free(orsa);
- return n;
+ return ret;
}
/**
@@ -570,18 +666,10 @@
const pgp_rsa_seckey_t *seckey,
const pgp_rsa_pubkey_t *pubkey)
{
- RSA *keypair;
+ RSA *keypair = makeRSA(pubkey, seckey);
int n;
char errbuf[1024];
- keypair = RSA_new();
- keypair->n = pubkey->n; /* XXX: do we need n? */
- keypair->d = seckey->d;
- keypair->p = seckey->q;
- keypair->q = seckey->p;
-
- /* debug */
- keypair->e = pubkey->e;
if (RSA_check_key(keypair) != 1) {
(void) fprintf(stderr, "RSA_check_key is not set\n");
return 0;
@@ -601,7 +689,6 @@
ERR_error_string(err, &errbuf[0]);
(void) fprintf(stderr, "openssl error : %s\n", errbuf);
}
- keypair->n = keypair->d = keypair->p = keypair->q = NULL;
RSA_free(keypair);
return n;
@@ -621,15 +708,11 @@
size_t length,
Home |
Main Index |
Thread Index |
Old Index