File xml-security-c-1.7.3_openssl1.1.patch of Package xml-security-c
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp 2012-07-23 19:56:11.000000000 +0300
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp 2017-02-19 20:37:10.000000000 +0200
@@ -44,6 +44,15 @@
XERCES_CPP_NAMESPACE_USE
+OpenSSLCryptoBase64::OpenSSLCryptoBase64() {
+ m_ectx = EVP_ENCODE_CTX_new();
+ m_dctx = EVP_ENCODE_CTX_new();
+}
+
+OpenSSLCryptoBase64::~OpenSSLCryptoBase64() {
+ EVP_ENCODE_CTX_free(m_ectx);
+ EVP_ENCODE_CTX_free(m_dctx);
+}
// --------------------------------------------------------------------------------
// Decoding
@@ -51,7 +60,7 @@
void OpenSSLCryptoBase64::decodeInit(void) {
- EVP_DecodeInit(&m_dctx);
+ EVP_DecodeInit(m_dctx);
}
@@ -70,7 +79,7 @@
}
- rc = EVP_DecodeUpdate(&m_dctx,
+ rc = EVP_DecodeUpdate(m_dctx,
outData,
&outLen,
(unsigned char *) inData,
@@ -99,7 +108,7 @@
int outLen;
outLen = outLength;
- EVP_DecodeFinal(&m_dctx, outData, &outLen);
+ EVP_DecodeFinal(m_dctx, outData, &outLen);
return outLen;
@@ -111,7 +120,7 @@
void OpenSSLCryptoBase64::encodeInit(void) {
- EVP_EncodeInit(&m_ectx);
+ EVP_EncodeInit(m_ectx);
}
@@ -130,7 +139,7 @@
}
- EVP_EncodeUpdate(&m_ectx,
+ EVP_EncodeUpdate(m_ectx,
outData,
&outLen,
(unsigned char *) inData,
@@ -153,7 +162,7 @@
int outLen;
outLen = outLength;
- EVP_EncodeFinal(&m_ectx, outData, &outLen);
+ EVP_EncodeFinal(m_ectx, outData, &outLen);
return outLen;
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp 2012-07-23 19:56:11.000000000 +0300
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp 2017-02-19 10:46:50.000000000 +0200
@@ -66,8 +66,8 @@
public :
- OpenSSLCryptoBase64() {};
- virtual ~OpenSSLCryptoBase64() {};
+ OpenSSLCryptoBase64();
+ virtual ~OpenSSLCryptoBase64();
/** @name Decoding Functions */
//@{
@@ -189,20 +189,20 @@
* \brief Get OpenSSL encode context structure
*/
- EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return &m_ectx;}
+ EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return m_ectx;}
/**
* \brief Get OpenSSL encode context structure
*/
- EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return &m_dctx;}
+ EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return m_dctx;}
//@}
private :
- EVP_ENCODE_CTX m_ectx; // Encode context
- EVP_ENCODE_CTX m_dctx; // Decode context
+ EVP_ENCODE_CTX *m_ectx; // Encode context
+ EVP_ENCODE_CTX *m_dctx; // Decode context
};
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp 2012-07-23 19:56:11.000000000 +0300
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp 2017-02-19 20:48:48.000000000 +0200
@@ -40,6 +40,7 @@
OpenSSLCryptoHash::OpenSSLCryptoHash(HashType alg) {
+ m_mdctx = EVP_MD_CTX_create();
switch (alg) {
case (XSECCryptoHash::HASH_SHA1) :
@@ -104,7 +105,7 @@
"OpenSSL:Hash - Error loading Message Digest");
}
- EVP_DigestInit(&m_mdctx, mp_md);
+ EVP_DigestInit(m_mdctx, mp_md);
m_hashType = alg;
}
@@ -112,7 +113,7 @@
OpenSSLCryptoHash::~OpenSSLCryptoHash() {
- EVP_MD_CTX_cleanup(&m_mdctx);
+ EVP_MD_CTX_free(m_mdctx);
}
@@ -121,16 +122,16 @@
// Hashing Activities
void OpenSSLCryptoHash::reset(void) {
- EVP_MD_CTX_cleanup(&m_mdctx);
-
- EVP_DigestInit(&m_mdctx, mp_md);
+ EVP_MD_CTX_free(m_mdctx);
+ m_mdctx = EVP_MD_CTX_new();
+ EVP_DigestInit(m_mdctx, mp_md);
}
void OpenSSLCryptoHash::hash(unsigned char * data,
unsigned int length) {
- EVP_DigestUpdate(&m_mdctx, data, length);
+ EVP_DigestUpdate(m_mdctx, data, length);
}
unsigned int OpenSSLCryptoHash::finish(unsigned char * hash,
@@ -140,7 +141,7 @@
// Finish up and copy out hash, returning the length
- EVP_DigestFinal(&m_mdctx, m_mdValue, &m_mdLen);
+ EVP_DigestFinal(m_mdctx, m_mdValue, &m_mdLen);
// Copy to output buffer
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp 2012-07-23 19:56:11.000000000 +0300
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp 2017-02-19 10:42:32.000000000 +0200
@@ -138,7 +138,7 @@
* \brief Get OpenSSL hash context structure
*/
- EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return &m_mdctx;}
+ EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return m_mdctx;}
//@}
@@ -148,7 +148,7 @@
// Not implemented constructors
OpenSSLCryptoHash();
- EVP_MD_CTX m_mdctx; // Context for digest
+ EVP_MD_CTX *m_mdctx; // Context for digest
const EVP_MD * mp_md; // Digest instance
unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output
unsigned int m_mdLen; // Length of digest
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp 2012-07-23 19:56:11.000000000 +0300
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp 2017-02-19 20:50:03.000000000 +0200
@@ -43,6 +43,7 @@
OpenSSLCryptoHashHMAC::OpenSSLCryptoHashHMAC(HashType alg) {
// Initialise the digest
+ m_hctx = HMAC_CTX_new();
switch (alg) {
@@ -127,7 +128,7 @@
m_keyLen = ((XSECCryptoKeyHMAC *) key)->getKey(m_keyBuf);
- HMAC_Init(&m_hctx,
+ HMAC_Init(m_hctx,
m_keyBuf.rawBuffer(),
m_keyLen,
mp_md);
@@ -139,7 +140,7 @@
OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() {
if (m_initialised)
- HMAC_CTX_cleanup(&m_hctx);
+ HMAC_CTX_free(m_hctx);
}
@@ -151,9 +152,9 @@
if (m_initialised) {
- HMAC_CTX_cleanup(&m_hctx);
-
- HMAC_Init(&m_hctx,
+ HMAC_CTX_free(m_hctx);
+ m_hctx = HMAC_CTX_new();
+ HMAC_Init(m_hctx,
m_keyBuf.rawBuffer(),
m_keyLen,
mp_md);
@@ -170,7 +171,7 @@
"OpenSSL:HashHMAC - hash called prior to setKey");
- HMAC_Update(&m_hctx, data, (int) length);
+ HMAC_Update(m_hctx, data, (int) length);
}
@@ -181,7 +182,7 @@
// Finish up and copy out hash, returning the length
- HMAC_Final(&m_hctx, m_mdValue, &m_mdLen);
+ HMAC_Final(m_hctx, m_mdValue, &m_mdLen);
// Copy to output buffer
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp 2012-07-23 19:56:11.000000000 +0300
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp 2017-02-19 10:50:19.000000000 +0200
@@ -162,7 +162,7 @@
* \brief Get OpenSSL Hash Context
*/
- HMAC_CTX * getOpenSSLHMAC_CTX(void) {return &m_hctx;}
+ HMAC_CTX * getOpenSSLHMAC_CTX(void) {return m_hctx;}
//@}
@@ -175,7 +175,7 @@
unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output
unsigned int m_mdLen; // Length of digest
HashType m_hashType; // What type of hash is this?
- HMAC_CTX m_hctx; // Context for HMAC
+ HMAC_CTX *m_hctx; // Context for HMAC
safeBuffer m_keyBuf; // The loaded key
unsigned int m_keyLen; // The loaded key length
bool m_initialised;
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp 2015-01-29 04:52:17.000000000 +0200
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp 2017-02-19 22:39:29.000000000 +0200
@@ -64,13 +64,15 @@
if (mp_dsaKey == NULL)
return KEY_NONE;
- if (mp_dsaKey->priv_key != NULL && mp_dsaKey->pub_key != NULL)
+ const BIGNUM *pub_key = 0, *priv_key = 0;
+ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key);
+ if (priv_key != NULL && pub_key != NULL)
return KEY_DSA_PAIR;
- if (mp_dsaKey->priv_key != NULL)
+ if (priv_key != NULL)
return KEY_DSA_PRIVATE;
- if (mp_dsaKey->pub_key != NULL)
+ if (pub_key != NULL)
return KEY_DSA_PUBLIC;
return KEY_NONE;
@@ -82,7 +84,7 @@
if (mp_dsaKey == NULL)
mp_dsaKey = DSA_new();
- mp_dsaKey->p = OpenSSLCryptoBase64::b642BN((char *) b64, len);
+ DSA_set0_pqg(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0);
}
@@ -91,7 +93,7 @@
if (mp_dsaKey == NULL)
mp_dsaKey = DSA_new();
- mp_dsaKey->q = OpenSSLCryptoBase64::b642BN((char *) b64, len);
+ DSA_set0_pqg(mp_dsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0);
}
@@ -100,7 +102,7 @@
if (mp_dsaKey == NULL)
mp_dsaKey = DSA_new();
- mp_dsaKey->g = OpenSSLCryptoBase64::b642BN((char *) b64, len);
+ DSA_set0_pqg(mp_dsaKey, 0, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len));
}
@@ -109,7 +111,7 @@
if (mp_dsaKey == NULL)
mp_dsaKey = DSA_new();
- mp_dsaKey->pub_key = OpenSSLCryptoBase64::b642BN((char *) b64, len);
+ DSA_set0_key(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0);
}
@@ -130,20 +132,15 @@
mp_dsaKey = DSA_new();
- if (k == NULL || k->type != EVP_PKEY_DSA)
+ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_DSA)
return; // Nothing to do with us
-
- if (k->pkey.dsa->p)
- mp_dsaKey->p = BN_dup(k->pkey.dsa->p);
- if (k->pkey.dsa->q)
- mp_dsaKey->q = BN_dup(k->pkey.dsa->q);
- if (k->pkey.dsa->g)
- mp_dsaKey->g = BN_dup(k->pkey.dsa->g);
- if (k->pkey.dsa->pub_key)
- mp_dsaKey->pub_key = BN_dup(k->pkey.dsa->pub_key);
- if (k->pkey.dsa->priv_key)
- mp_dsaKey->priv_key = BN_dup(k->pkey.dsa->priv_key);
+ DSA *dsa = EVP_PKEY_get0_DSA(k);
+ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0;
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, &priv_key);
+ DSA_set0_pqg(mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g));
+ DSA_set0_key(mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key));
}
@@ -175,9 +172,9 @@
unsigned char* sigVal = new unsigned char[sigLen + 1];
ArrayJanitor<unsigned char> j_sigVal(sigVal);
- EVP_ENCODE_CTX m_dctx;
- EVP_DecodeInit(&m_dctx);
- int rc = EVP_DecodeUpdate(&m_dctx,
+ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new();
+ EVP_DecodeInit(m_dctx);
+ int rc = EVP_DecodeUpdate(m_dctx,
sigVal,
&sigValLen,
(unsigned char *) cleanedBase64Signature,
@@ -190,7 +187,8 @@
}
int t = 0;
- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
+ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t);
+ EVP_ENCODE_CTX_free(m_dctx);
sigValLen += t;
@@ -223,12 +221,7 @@
}
DSA_SIG * dsa_sig = DSA_SIG_new();
-
- dsa_sig->r = BN_dup(R);
- dsa_sig->s = BN_dup(S);
-
- BN_free(R);
- BN_free(S);
+ DSA_SIG_set0(dsa_sig, R, S);
// Now we have a signature and a key - lets check
@@ -267,6 +260,8 @@
DSA_SIG * dsa_sig;
dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey);
+ const BIGNUM *r = 0, *s = 0;
+ DSA_SIG_get0(dsa_sig, &r, &s);
if (dsa_sig == NULL) {
@@ -277,10 +272,10 @@
// Now turn the signature into a base64 string
- unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(dsa_sig->r) + BN_num_bits(dsa_sig->s) + 7) / 8];
+ unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(r) + BN_num_bits(s) + 7) / 8];
ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf);
- unsigned int rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf);
+ unsigned int rawLen = BN_bn2bin(r, rawSigBuf);
if (rawLen <= 0) {
@@ -289,7 +284,7 @@
}
- unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]);
+ unsigned int rawLenS = BN_bn2bin(s, (unsigned char *) &rawSigBuf[rawLen]);
if (rawLenS <= 0) {
@@ -339,16 +334,11 @@
ret->mp_dsaKey = DSA_new();
// Duplicate parameters
- if (mp_dsaKey->p)
- ret->mp_dsaKey->p = BN_dup(mp_dsaKey->p);
- if (mp_dsaKey->q)
- ret->mp_dsaKey->q = BN_dup(mp_dsaKey->q);
- if (mp_dsaKey->g)
- ret->mp_dsaKey->g = BN_dup(mp_dsaKey->g);
- if (mp_dsaKey->pub_key)
- ret->mp_dsaKey->pub_key = BN_dup(mp_dsaKey->pub_key);
- if (mp_dsaKey->priv_key)
- ret->mp_dsaKey->priv_key = BN_dup(mp_dsaKey->priv_key);
+ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0;
+ DSA_get0_pqg(mp_dsaKey, &p, &q, &g);
+ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key);
+ DSA_set0_pqg(ret->mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g));
+ DSA_set0_key(ret->mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key));
return ret;
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp 2015-02-03 02:57:48.000000000 +0200
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp 2017-02-19 21:57:57.000000000 +0200
@@ -128,10 +128,10 @@
// Create a new key to be loaded as we go
- if (k == NULL || k->type != EVP_PKEY_EC)
+ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_EC)
return; // Nothing to do with us
- mp_ecKey = EC_KEY_dup(k->pkey.ec);
+ mp_ecKey = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(k));
}
// --------------------------------------------------------------------------------
@@ -162,9 +162,9 @@
unsigned char* sigVal = new unsigned char[sigLen + 1];
ArrayJanitor<unsigned char> j_sigVal(sigVal);
- EVP_ENCODE_CTX m_dctx;
- EVP_DecodeInit(&m_dctx);
- int rc = EVP_DecodeUpdate(&m_dctx,
+ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new();
+ EVP_DecodeInit(m_dctx);
+ int rc = EVP_DecodeUpdate(m_dctx,
sigVal,
&sigValLen,
(unsigned char *) cleanedBase64Signature,
@@ -177,7 +177,8 @@
}
int t = 0;
- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
+ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t);
+ EVP_ENCODE_CTX_free(m_dctx);
sigValLen += t;
@@ -189,8 +190,9 @@
// Translate to BNs by splitting in half, and thence to ECDSA_SIG
ECDSA_SIG * dsa_sig = ECDSA_SIG_new();
- dsa_sig->r = BN_bin2bn(sigVal, sigValLen / 2, NULL);
- dsa_sig->s = BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL);
+ ECDSA_SIG_set0(dsa_sig,
+ BN_bin2bn(sigVal, sigValLen / 2, NULL),
+ BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL));
// Now we have a signature and a key - lets check
@@ -228,6 +230,8 @@
ECDSA_SIG * dsa_sig;
dsa_sig = ECDSA_do_sign(hashBuf, hashLen, mp_ecKey);
+ const BIGNUM *r, *s;
+ ECDSA_SIG_get0(dsa_sig, &r, &s);
if (dsa_sig == NULL) {
throw XSECCryptoException(XSECCryptoException::ECError,
@@ -263,14 +267,14 @@
memset(rawSigBuf, 0, keyLen * 2);
ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf);
- unsigned int rawLen = (BN_num_bits(dsa_sig->r) + 7) / 8;
- if (BN_bn2bin(dsa_sig->r, rawSigBuf + keyLen - rawLen) <= 0) {
+ unsigned int rawLen = (BN_num_bits(r) + 7) / 8;
+ if (BN_bn2bin(r, rawSigBuf + keyLen - rawLen) <= 0) {
throw XSECCryptoException(XSECCryptoException::ECError,
"OpenSSL:EC - Error copying signature 'r' value to buffer");
}
- rawLen = (BN_num_bits(dsa_sig->s) + 7) / 8;
- if (BN_bn2bin(dsa_sig->s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) {
+ rawLen = (BN_num_bits(s) + 7) / 8;
+ if (BN_bn2bin(s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) {
throw XSECCryptoException(XSECCryptoException::ECError,
"OpenSSL:EC - Error copying signature 's' value to buffer");
}
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp 2012-07-23 19:56:11.000000000 +0300
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp 2017-02-19 21:53:14.000000000 +0200
@@ -326,13 +326,15 @@
if (mp_rsaKey == NULL)
return KEY_NONE;
- if (mp_rsaKey->n != NULL && mp_rsaKey->d != NULL)
+ const BIGNUM *n = 0, *e = 0, *d = 0;
+ RSA_get0_key(mp_rsaKey, &n, &e, &d);
+ if (n != NULL && d != NULL)
return KEY_RSA_PAIR;
- if (mp_rsaKey->d != NULL)
+ if (d != NULL)
return KEY_RSA_PRIVATE;
- if (mp_rsaKey->n != NULL)
+ if (n != NULL)
return KEY_RSA_PUBLIC;
return KEY_NONE;
@@ -344,7 +346,7 @@
if (mp_rsaKey == NULL)
mp_rsaKey = RSA_new();
- mp_rsaKey->n = OpenSSLCryptoBase64::b642BN((char *) b64, len);
+ RSA_set0_key(mp_rsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0);
}
@@ -353,7 +355,7 @@
if (mp_rsaKey == NULL)
mp_rsaKey = RSA_new();
- mp_rsaKey->e = OpenSSLCryptoBase64::b642BN((char *) b64, len);
+ RSA_set0_key(mp_rsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0);
}
@@ -369,32 +371,17 @@
mp_rsaKey = RSA_new();
- if (k == NULL || k->type != EVP_PKEY_RSA)
+ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_RSA)
return; // Nothing to do with us
- if (k->pkey.rsa->n)
- mp_rsaKey->n = BN_dup(k->pkey.rsa->n);
-
- if (k->pkey.rsa->e)
- mp_rsaKey->e = BN_dup(k->pkey.rsa->e);
-
- if (k->pkey.rsa->d)
- mp_rsaKey->d = BN_dup(k->pkey.rsa->d);
-
- if (k->pkey.rsa->p)
- mp_rsaKey->p = BN_dup(k->pkey.rsa->p);
-
- if (k->pkey.rsa->q)
- mp_rsaKey->q = BN_dup(k->pkey.rsa->q);
-
- if (k->pkey.rsa->dmp1)
- mp_rsaKey->dmp1 = BN_dup(k->pkey.rsa->dmp1);
-
- if (k->pkey.rsa->dmq1)
- mp_rsaKey->dmq1 = BN_dup(k->pkey.rsa->dmq1);
-
- if (k->pkey.rsa->iqmp)
- mp_rsaKey->iqmp = BN_dup(k->pkey.rsa->iqmp);
+ RSA *rsa = EVP_PKEY_get0_RSA(k);
+ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0;
+ RSA_get0_key(rsa, &n, &e, &d);
+ RSA_get0_factors(rsa, &p, &q);
+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+ RSA_set0_key(mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d));
+ RSA_set0_factors(mp_rsaKey, BN_dup(p), BN_dup(q));
+ RSA_set0_crt_params(mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp));
}
@@ -427,9 +414,9 @@
unsigned char* sigVal = new unsigned char[sigLen + 1];
ArrayJanitor<unsigned char> j_sigVal(sigVal);
- EVP_ENCODE_CTX m_dctx;
- EVP_DecodeInit(&m_dctx);
- int rc = EVP_DecodeUpdate(&m_dctx,
+ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new();
+ EVP_DecodeInit(m_dctx);
+ int rc = EVP_DecodeUpdate(m_dctx,
sigVal,
&sigValLen,
(unsigned char *) cleanedBase64Signature,
@@ -442,7 +429,8 @@
}
int t = 0;
- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
+ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t);
+ EVP_ENCODE_CTX_free(m_dctx);
sigValLen += t;
@@ -979,29 +967,13 @@
// Duplicate parameters
- if (mp_rsaKey->n)
- ret->mp_rsaKey->n = BN_dup(mp_rsaKey->n);
-
- if (mp_rsaKey->e)
- ret->mp_rsaKey->e = BN_dup(mp_rsaKey->e);
-
- if (mp_rsaKey->d)
- ret->mp_rsaKey->d = BN_dup(mp_rsaKey->d);
-
- if (mp_rsaKey->p)
- ret->mp_rsaKey->p = BN_dup(mp_rsaKey->p);
-
- if (mp_rsaKey->q)
- ret->mp_rsaKey->q = BN_dup(mp_rsaKey->q);
-
- if (mp_rsaKey->dmp1)
- ret->mp_rsaKey->dmp1 = BN_dup(mp_rsaKey->dmp1);
-
- if (mp_rsaKey->dmq1)
- ret->mp_rsaKey->dmq1 = BN_dup(mp_rsaKey->dmq1);
-
- if (mp_rsaKey->iqmp)
- ret->mp_rsaKey->iqmp = BN_dup(mp_rsaKey->iqmp);
+ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0;
+ RSA_get0_key(mp_rsaKey, &n, &e, &d);
+ RSA_get0_factors(mp_rsaKey, &p, &q);
+ RSA_get0_crt_params(mp_rsaKey, &dmp1, &dmq1, &iqmp);
+ RSA_set0_key(ret->mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d));
+ RSA_set0_factors(ret->mp_rsaKey, BN_dup(p), BN_dup(q));
+ RSA_set0_crt_params(ret->mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp));
return ret;
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2012-07-23 19:56:11.000000000 +0300
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2017-02-19 21:28:15.000000000 +0200
@@ -343,7 +343,7 @@
if (pkey) {
XSECCryptoKey* ret = NULL;
try {
- switch (pkey->type) {
+ switch (EVP_PKEY_base_id(pkey)) {
case EVP_PKEY_RSA:
ret = new OpenSSLCryptoKeyRSA(pkey);
break;
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp 2015-01-29 04:52:17.000000000 +0200
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp 2017-02-19 21:24:51.000000000 +0200
@@ -56,7 +56,8 @@
m_keyLen(0),
m_initialised(false) {
- EVP_CIPHER_CTX_init(&m_ctx);
+ m_ctx = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(m_ctx);
m_keyBuf.isSensitive();
}
@@ -65,7 +66,7 @@
// Clean up the context
- EVP_CIPHER_CTX_cleanup(&m_ctx);
+ EVP_CIPHER_CTX_free(m_ctx);
}
// --------------------------------------------------------------------------------
@@ -149,17 +150,17 @@
with 0.9.6 */
#if defined(XSEC_OPENSSL_CONST_BUFFERS)
- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv);
+ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv);
#else
- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv);
+ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv);
#endif
m_ivSize = 8;
}
else if (m_keyMode == MODE_ECB) {
#if defined(XSEC_OPENSSL_CONST_BUFFERS)
- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL);
+ EVP_DecryptInit(m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL);
#else
- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
+ EVP_DecryptInit(m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
#endif
m_ivSize = 0;
}
@@ -184,7 +185,7 @@
return 0; // Cannot initialise without an IV
}
- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
+ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
}
#if defined (XSEC_OPENSSL_HAVE_GCM)
@@ -207,15 +208,15 @@
}
// We have everything, so we can fully init.
- EVP_CipherInit(&m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0);
- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
+ EVP_CipherInit(m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0);
+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
+ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
}
#endif
else if (m_keyMode == MODE_ECB) {
- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
}
else {
@@ -236,7 +237,7 @@
return 0; // Cannot initialise without an IV
}
- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
+ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
}
#if defined (XSEC_OPENSSL_HAVE_GCM)
@@ -259,16 +260,16 @@
}
// We have everything, so we can fully init.
- EVP_CipherInit(&m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0);
- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
+ EVP_CipherInit(m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0);
+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
+ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
}
#endif
else if (m_keyMode == MODE_ECB) {
- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
}
else {
@@ -289,7 +290,7 @@
return 0; // Cannot initialise without an IV
}
- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
+ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
}
#if defined (XSEC_OPENSSL_HAVE_GCM)
@@ -312,16 +313,16 @@
}
// We have everything, so we can fully init.
- EVP_CipherInit(&m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
+ EVP_CipherInit(m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
+ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
}
#endif
else if (m_keyMode == MODE_ECB) {
- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
}
else {
@@ -371,7 +372,7 @@
// Disable OpenSSL padding - The interop samples have broken PKCS padding - AARGHH
#if defined (XSEC_OPENSSL_CANSET_PADDING)
- EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
+ EVP_CIPHER_CTX_set_padding(m_ctx, 0);
#endif
// Return number of bytes chewed up by IV
@@ -439,9 +440,9 @@
}
#if defined (XSEC_OPENSSL_CONST_BUFFERS)
- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) {
+ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) {
#else
- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) {
+ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) {
#endif
throw XSECCryptoException(XSECCryptoException::SymmetricError,
"OpenSSL:SymmetricKey - Error during OpenSSL decrypt");
@@ -476,7 +477,7 @@
#if defined (XSEC_OPENSSL_CANSET_PADDING)
- if (EVP_DecryptFinal(&m_ctx, plainBuf, &outl) == 0) {
+ if (EVP_DecryptFinal(m_ctx, plainBuf, &outl) == 0) {
throw XSECCryptoException(XSECCryptoException::SymmetricError,
"OpenSSL:SymmetricKey - Error during OpenSSL decrypt finalisation");
@@ -544,7 +545,7 @@
We can then clean that up ourselves
*/
- if (EVP_DecryptUpdate(&m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) {
+ if (EVP_DecryptUpdate(m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) {
throw XSECCryptoException(XSECCryptoException::SymmetricError,
"OpenSSL:SymmetricKey - Error cecrypting final block during OpenSSL");
}
@@ -641,16 +642,16 @@
}
#if defined (XSEC_OPENSSL_CONST_BUFFERS)
- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV);
+ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV);
#else
- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV);
+ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV);
#endif
}
else if (m_keyMode == MODE_ECB) {
#if defined (XSEC_OPENSSL_CONST_BUFFERS)
- EVP_EncryptInit(&m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL);
+ EVP_EncryptInit(m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL);
#else
- EVP_EncryptInit(&m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
+ EVP_EncryptInit(m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
#endif
}
else {
@@ -684,11 +685,11 @@
else
usedIV = iv;
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
+ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
}
else if (m_keyMode == MODE_ECB) {
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
}
#ifdef XSEC_OPENSSL_HAVE_GCM
@@ -708,7 +709,7 @@
else
usedIV = iv;
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
+ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
}
#endif
else {
@@ -739,7 +740,7 @@
else
usedIV = iv;
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
+ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
}
#ifdef XSEC_OPENSSL_HAVE_GCM
@@ -759,12 +760,12 @@
else
usedIV = iv;
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
+ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
}
#endif
else if (m_keyMode == MODE_ECB) {
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
}
else {
throw XSECCryptoException(XSECCryptoException::SymmetricError,
@@ -793,7 +794,7 @@
else
usedIV = iv;
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
+ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
}
#ifdef XSEC_OPENSSL_HAVE_GCM
@@ -813,12 +814,12 @@
else
usedIV = iv;
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
+ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
}
#endif
else if (m_keyMode == MODE_ECB) {
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
}
else {
@@ -864,10 +865,10 @@
#if defined (XSEC_OPENSSL_CANSET_PADDING)
// Setup padding
if (m_doPad) {
- EVP_CIPHER_CTX_set_padding(&m_ctx, 1);
+ EVP_CIPHER_CTX_set_padding(m_ctx, 1);
}
else {
- EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
+ EVP_CIPHER_CTX_set_padding(m_ctx, 0);
}
#endif
@@ -908,9 +909,9 @@
}
#if defined (XSEC_OPENSSL_CONST_BUFFERS)
- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) {
+ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) {
#else
- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) {
+ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) {
#endif
throw XSECCryptoException(XSECCryptoException::SymmetricError,
@@ -929,7 +930,7 @@
int outl = maxOutLength;
m_initialised = false;
- if (EVP_EncryptFinal(&m_ctx, cipherBuf, &outl) == 0) {
+ if (EVP_EncryptFinal(m_ctx, cipherBuf, &outl) == 0) {
throw XSECCryptoException(XSECCryptoException::SymmetricError,
"OpenSSLSymmetricKey::encryptFinish - Error during OpenSSL decrypt finalisation");
@@ -962,7 +963,7 @@
}
if (m_keyMode == MODE_GCM) {
#ifdef XSEC_OPENSSL_HAVE_GCM
- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl);
+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl);
outl += taglen;
#else
throw XSECCryptoException(XSECCryptoException::SymmetricError,
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp 2012-07-23 19:56:11.000000000 +0300
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp 2017-02-19 21:25:39.000000000 +0200
@@ -283,13 +283,13 @@
* \brief Get OpenSSL cipher context structure
*/
- EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return &m_ctx;}
+ EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return m_ctx;}
/**
* \brief Get OpenSSL cipher context structure
*/
- const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return &m_ctx;}
+ const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return m_ctx;}
//@}
@@ -307,7 +307,7 @@
// Private variables
SymmetricKeyType m_keyType;
SymmetricKeyMode m_keyMode;
- EVP_CIPHER_CTX m_ctx; // OpenSSL Cipher Context structure
+ EVP_CIPHER_CTX *m_ctx; // OpenSSL Cipher Context structure
safeBuffer m_keyBuf; // Holder of the key
safeBuffer m_tagBuf; // Holder of authentication tag
unsigned int m_keyLen;
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp
--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp 2012-07-23 19:56:11.000000000 +0300
+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp 2017-02-19 21:09:40.000000000 +0200
@@ -191,7 +191,7 @@
XSECCryptoKey::KeyType ret;
- switch (pkey->type) {
+ switch (EVP_PKEY_base_id(pkey)) {
case EVP_PKEY_DSA :
@@ -241,7 +241,7 @@
"OpenSSL:X509 - cannot retrieve public key from cert");
}
- switch (pkey->type) {
+ switch (EVP_PKEY_base_id(pkey)) {
case EVP_PKEY_DSA :
diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/checksig/InteropResolver.cpp xml-security-c-1.7.3/xsec/tools/checksig/InteropResolver.cpp
--- xml-security-c-1.7.3.orig/xsec/tools/checksig/InteropResolver.cpp 2012-07-23 19:56:10.000000000 +0300
+++ xml-security-c-1.7.3/xsec/tools/checksig/InteropResolver.cpp 2017-02-19 22:33:50.000000000 +0200
@@ -318,7 +318,7 @@
char * cserial = XMLString::transcode(serial);
char * xserial;
- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x->cert_info->serialNumber, NULL);
+ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL);
xserial = BN_bn2dec(bnserial);
BN_free(bnserial);
@@ -360,8 +360,7 @@
if (xlen != 0) {
// Have a buffer with a number in it
- STACK_OF(X509_EXTENSION) *exts;
- exts = x->cert_info->extensions;
+ const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(x);
if (exts != NULL) {
@@ -379,8 +378,8 @@
memcpy(&octxski[2], xski, xlen);
ext = sk_X509_EXTENSION_value(exts,extn);
- ASN1_OCTET_STRING *skid = ext->value;
- ASN1_OCTET_STRING * xskid = M_ASN1_OCTET_STRING_new();
+ ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext);
+ ASN1_OCTET_STRING * xskid = ASN1_OCTET_STRING_new();
ASN1_STRING_set(xskid, octxski, xlen+2);
if (ASN1_OCTET_STRING_cmp(xskid, skid) == 0) {
@@ -602,12 +601,12 @@
// Now check if the cert is in the CRL (code lifted from OpenSSL x509_vfy.c
int idx;
- X509_REVOKED rtmp;
+ X509_REVOKED *rtmp = X509_REVOKED_new();
/* Look for serial number of certificate in CRL */
- rtmp.serialNumber = X509_get_serialNumber(x);
- idx = sk_X509_REVOKED_find(c->crl->revoked, &rtmp);
+ X509_REVOKED_set_serialNumber(rtmp, X509_get_serialNumber(x));
+ idx = sk_X509_REVOKED_find(X509_CRL_get_REVOKED(c), rtmp);
/* Not found: OK */
diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/cipher/XencInteropResolver.cpp xml-security-c-1.7.3/xsec/tools/cipher/XencInteropResolver.cpp
--- xml-security-c-1.7.3.orig/xsec/tools/cipher/XencInteropResolver.cpp 2012-07-23 19:56:10.000000000 +0300
+++ xml-security-c-1.7.3/xsec/tools/cipher/XencInteropResolver.cpp 2017-02-19 22:34:57.000000000 +0200
@@ -521,7 +521,7 @@
X509 * x509 = OSSLX509->getOpenSSLX509();
// Check the serial number
- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x509->cert_info->serialNumber, NULL);
+ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL);
BN_free(bnserial);
BIO * rsaFile = createFileBIO(mp_baseURI, "rsa.p8");
diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/cipher/cipher.cpp xml-security-c-1.7.3/xsec/tools/cipher/cipher.cpp
--- xml-security-c-1.7.3.orig/xsec/tools/cipher/cipher.cpp 2015-01-30 05:55:09.000000000 +0200
+++ xml-security-c-1.7.3/xsec/tools/cipher/cipher.cpp 2017-02-19 22:37:17.000000000 +0200
@@ -517,7 +517,7 @@
pkey = X509_get_pubkey(x);
- if (pkey == NULL || pkey->type != EVP_PKEY_RSA) {
+ if (pkey == NULL || EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
cerr << "Error extracting RSA key from certificate" << endl;
}
diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/templatesign/templatesign.cpp xml-security-c-1.7.3/xsec/tools/templatesign/templatesign.cpp
--- xml-security-c-1.7.3.orig/xsec/tools/templatesign/templatesign.cpp 2015-01-30 05:55:09.000000000 +0200
+++ xml-security-c-1.7.3/xsec/tools/templatesign/templatesign.cpp 2017-02-19 21:31:14.000000000 +0200
@@ -726,7 +726,7 @@
// Check type is correct
- if (pkey->type != EVP_PKEY_DSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
cerr << "DSA Key requested, but OpenSSL loaded something else\n";
exit (1);
}
@@ -739,7 +739,7 @@
// Check type is correct
- if (pkey->type != EVP_PKEY_EC) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
cerr << "EC Key requested, but OpenSSL loaded something else\n";
exit (1);
}
@@ -749,7 +749,7 @@
}
# endif
else {
- if (pkey->type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
cerr << "RSA Key requested, but OpenSSL loaded something else\n";
exit (1);
}
diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/xklient/xklient.cpp xml-security-c-1.7.3/xsec/tools/xklient/xklient.cpp
--- xml-security-c-1.7.3.orig/xsec/tools/xklient/xklient.cpp 2012-07-23 19:56:10.000000000 +0300
+++ xml-security-c-1.7.3/xsec/tools/xklient/xklient.cpp 2017-02-19 22:58:32.000000000 +0200
@@ -284,7 +284,7 @@
#if defined (XSEC_HAVE_OPENSSL)
-XMLCh * BN2b64(BIGNUM * bn) {
+XMLCh * BN2b64(const BIGNUM * bn) {
int bytes = BN_num_bytes(bn);
unsigned char * binbuf = new unsigned char[bytes + 1];
@@ -606,7 +606,7 @@
// Check type is correct
- if (pkey->type != EVP_PKEY_DSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
cerr << "DSA Key requested, but OpenSSL loaded something else\n";
return NULL;
}
@@ -615,10 +615,14 @@
// Create the XSEC OpenSSL interface
key = new OpenSSLCryptoKeyDSA(pkey);
- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ const BIGNUM *p, *q, *g, *pub_key;
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, 0);
+ XMLCh * P = BN2b64(p);
+ XMLCh * Q = BN2b64(q);
+ XMLCh * G = BN2b64(g);
+ XMLCh * Y = BN2b64(pub_key);
sig->appendDSAKeyValue(P,Q,G,Y);
@@ -628,15 +632,18 @@
XSEC_RELEASE_XMLCH(Y);
}
else {
- if (pkey->type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
cerr << "RSA Key requested, but OpenSSL loaded something else\n";
exit (1);
}
sig = lr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
key = new OpenSSLCryptoKeyRSA(pkey);
- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ const BIGNUM *n, *e;
+ RSA_get0_key(rsa, &n, &e, 0);
+ XMLCh * mod = BN2b64(n);
+ XMLCh * exp = BN2b64(e);
sig->appendRSAKeyValue(mod, exp);
XSEC_RELEASE_XMLCH(mod);
XSEC_RELEASE_XMLCH(exp);
@@ -878,7 +885,7 @@
// Check type is correct
- if (pkey->type != EVP_PKEY_DSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
cerr << "DSA Key requested, but OpenSSL loaded something else\n";
return NULL;
}
@@ -887,10 +894,14 @@
// Create the XSEC OpenSSL interface
key = new OpenSSLCryptoKeyDSA(pkey);
- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ const BIGNUM *p, *q, *g, *pub_key;
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, 0);
+ XMLCh * P = BN2b64(p);
+ XMLCh * Q = BN2b64(q);
+ XMLCh * G = BN2b64(g);
+ XMLCh * Y = BN2b64(pub_key);
sig->appendDSAKeyValue(P,Q,G,Y);
@@ -900,15 +911,18 @@
XSEC_RELEASE_XMLCH(Y);
}
else {
- if (pkey->type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
cerr << "RSA Key requested, but OpenSSL loaded something else\n";
exit (1);
}
sig = vr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
key = new OpenSSLCryptoKeyRSA(pkey);
- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ const BIGNUM *n, *e;
+ RSA_get0_key(rsa, &n, &e, 0);
+ XMLCh * mod = BN2b64(n);
+ XMLCh * exp = BN2b64(e);
sig->appendRSAKeyValue(mod, exp);
XSEC_RELEASE_XMLCH(mod);
XSEC_RELEASE_XMLCH(exp);
@@ -1229,7 +1243,7 @@
// Check type is correct
- if (pkey->type != EVP_PKEY_DSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
cerr << "DSA Key requested, but OpenSSL loaded something else\n";
return NULL;
}
@@ -1238,10 +1252,14 @@
// Create the XSEC OpenSSL interface
key = new OpenSSLCryptoKeyDSA(pkey);
- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ const BIGNUM *p, *q, *g, *pub_key;
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, 0);
+ XMLCh * P = BN2b64(p);
+ XMLCh * Q = BN2b64(q);
+ XMLCh * G = BN2b64(g);
+ XMLCh * Y = BN2b64(pub_key);
sig->appendDSAKeyValue(P,Q,G,Y);
@@ -1251,15 +1269,18 @@
XSEC_RELEASE_XMLCH(Y);
}
else {
- if (pkey->type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
cerr << "RSA Key requested, but OpenSSL loaded something else\n";
exit (1);
}
sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
key = new OpenSSLCryptoKeyRSA(pkey);
- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ const BIGNUM *n, *e;
+ RSA_get0_key(rsa, &n, &e, 0);
+ XMLCh * mod = BN2b64(n);
+ XMLCh * exp = BN2b64(e);
sig->appendRSAKeyValue(mod, exp);
XSEC_RELEASE_XMLCH(mod);
XSEC_RELEASE_XMLCH(exp);
@@ -1326,7 +1347,7 @@
// Check type is correct
- if (pkey->type != EVP_PKEY_DSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
cerr << "DSA Key requested, but OpenSSL loaded something else\n";
return NULL;
}
@@ -1334,10 +1355,14 @@
proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey);
proofOfPossessionSm = SIGNATURE_DSA;
- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ const BIGNUM *p, *q, *g, *pub_key;
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, 0);
+ XMLCh * P = BN2b64(p);
+ XMLCh * Q = BN2b64(q);
+ XMLCh * G = BN2b64(g);
+ XMLCh * Y = BN2b64(pub_key);
pkb->appendDSAKeyValue(P,Q,G,Y);
@@ -1347,7 +1372,7 @@
XSEC_RELEASE_XMLCH(Y);
}
else {
- if (pkey->type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
cerr << "RSA Key requested, but OpenSSL loaded something else\n";
exit (1);
}
@@ -1355,8 +1380,11 @@
proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey);
proofOfPossessionSm = SIGNATURE_RSA;
- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ const BIGNUM *n, *e;
+ RSA_get0_key(rsa, &n, &e, 0);
+ XMLCh * mod = BN2b64(n);
+ XMLCh * exp = BN2b64(e);
pkb->appendRSAKeyValue(mod, exp);
XSEC_RELEASE_XMLCH(mod);
XSEC_RELEASE_XMLCH(exp);
@@ -1622,7 +1650,7 @@
// Check type is correct
- if (pkey->type != EVP_PKEY_DSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
cerr << "DSA Key requested, but OpenSSL loaded something else\n";
return NULL;
}
@@ -1631,10 +1659,14 @@
// Create the XSEC OpenSSL interface
key = new OpenSSLCryptoKeyDSA(pkey);
- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ const BIGNUM *p, *q, *g, *pub_key;
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, 0);
+ XMLCh * P = BN2b64(p);
+ XMLCh * Q = BN2b64(q);
+ XMLCh * G = BN2b64(g);
+ XMLCh * Y = BN2b64(pub_key);
sig->appendDSAKeyValue(P,Q,G,Y);
@@ -1644,15 +1676,18 @@
XSEC_RELEASE_XMLCH(Y);
}
else {
- if (pkey->type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
cerr << "RSA Key requested, but OpenSSL loaded something else\n";
exit (1);
}
sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
key = new OpenSSLCryptoKeyRSA(pkey);
- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ const BIGNUM *n, *e;
+ RSA_get0_key(rsa, &n, &e, 0);
+ XMLCh * mod = BN2b64(n);
+ XMLCh * exp = BN2b64(e);
sig->appendRSAKeyValue(mod, exp);
XSEC_RELEASE_XMLCH(mod);
XSEC_RELEASE_XMLCH(exp);
@@ -1719,15 +1754,19 @@
// Check type is correct
- if (pkey->type != EVP_PKEY_DSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
cerr << "DSA Key requested, but OpenSSL loaded something else\n";
return NULL;
}
- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ const BIGNUM *p, *q, *g, *pub_key;
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, 0);
+ XMLCh * P = BN2b64(p);
+ XMLCh * Q = BN2b64(q);
+ XMLCh * G = BN2b64(g);
+ XMLCh * Y = BN2b64(pub_key);
rkb->appendDSAKeyValue(P,Q,G,Y);
@@ -1737,13 +1776,16 @@
XSEC_RELEASE_XMLCH(Y);
}
else {
- if (pkey->type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
cerr << "RSA Key requested, but OpenSSL loaded something else\n";
exit (1);
}
- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ const BIGNUM *n, *e;
+ RSA_get0_key(rsa, &n, &e, 0);
+ XMLCh * mod = BN2b64(n);
+ XMLCh * exp = BN2b64(e);
rkb->appendRSAKeyValue(mod, exp);
XSEC_RELEASE_XMLCH(mod);
XSEC_RELEASE_XMLCH(exp);
@@ -1977,7 +2019,7 @@
// Check type is correct
- if (pkey->type != EVP_PKEY_DSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
cerr << "DSA Key requested, but OpenSSL loaded something else\n";
return NULL;
}
@@ -1986,10 +2028,14 @@
// Create the XSEC OpenSSL interface
key = new OpenSSLCryptoKeyDSA(pkey);
- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ const BIGNUM *p, *q, *g, *pub_key;
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, 0);
+ XMLCh * P = BN2b64(p);
+ XMLCh * Q = BN2b64(q);
+ XMLCh * G = BN2b64(g);
+ XMLCh * Y = BN2b64(pub_key);
sig->appendDSAKeyValue(P,Q,G,Y);
@@ -1999,15 +2045,18 @@
XSEC_RELEASE_XMLCH(Y);
}
else {
- if (pkey->type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
cerr << "RSA Key requested, but OpenSSL loaded something else\n";
exit (1);
}
sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
key = new OpenSSLCryptoKeyRSA(pkey);
- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ const BIGNUM *n, *e;
+ RSA_get0_key(rsa, &n, &e, 0);
+ XMLCh * mod = BN2b64(n);
+ XMLCh * exp = BN2b64(e);
sig->appendRSAKeyValue(mod, exp);
XSEC_RELEASE_XMLCH(mod);
XSEC_RELEASE_XMLCH(exp);
@@ -2074,7 +2123,7 @@
// Check type is correct
- if (pkey->type != EVP_PKEY_DSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
cerr << "DSA Key requested, but OpenSSL loaded something else\n";
return NULL;
}
@@ -2082,10 +2131,14 @@
proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey);
proofOfPossessionSm = SIGNATURE_DSA;
- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ const BIGNUM *p, *q, *g, *pub_key;
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, 0);
+ XMLCh * P = BN2b64(p);
+ XMLCh * Q = BN2b64(q);
+ XMLCh * G = BN2b64(g);
+ XMLCh * Y = BN2b64(pub_key);
pkb->appendDSAKeyValue(P,Q,G,Y);
@@ -2095,7 +2148,7 @@
XSEC_RELEASE_XMLCH(Y);
}
else {
- if (pkey->type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
cerr << "RSA Key requested, but OpenSSL loaded something else\n";
exit (1);
}
@@ -2103,8 +2156,11 @@
proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey);
proofOfPossessionSm = SIGNATURE_RSA;
- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ const BIGNUM *n, *e;
+ RSA_get0_key(rsa, &n, &e, 0);
+ XMLCh * mod = BN2b64(n);
+ XMLCh * exp = BN2b64(e);
pkb->appendRSAKeyValue(mod, exp);
XSEC_RELEASE_XMLCH(mod);
XSEC_RELEASE_XMLCH(exp);
@@ -2371,7 +2427,7 @@
// Check type is correct
- if (pkey->type != EVP_PKEY_DSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
cerr << "DSA Key requested, but OpenSSL loaded something else\n";
return NULL;
}
@@ -2380,10 +2436,14 @@
// Create the XSEC OpenSSL interface
key = new OpenSSLCryptoKeyDSA(pkey);
- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ const BIGNUM *p, *q, *g, *pub_key;
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, 0);
+ XMLCh * P = BN2b64(p);
+ XMLCh * Q = BN2b64(q);
+ XMLCh * G = BN2b64(g);
+ XMLCh * Y = BN2b64(pub_key);
sig->appendDSAKeyValue(P,Q,G,Y);
@@ -2393,15 +2453,18 @@
XSEC_RELEASE_XMLCH(Y);
}
else {
- if (pkey->type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
cerr << "RSA Key requested, but OpenSSL loaded something else\n";
exit (1);
}
sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
key = new OpenSSLCryptoKeyRSA(pkey);
- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ const BIGNUM *n, *e;
+ RSA_get0_key(rsa, &n, &e, 0);
+ XMLCh * mod = BN2b64(n);
+ XMLCh * exp = BN2b64(e);
sig->appendRSAKeyValue(mod, exp);
XSEC_RELEASE_XMLCH(mod);
XSEC_RELEASE_XMLCH(exp);
@@ -2468,15 +2531,19 @@
// Check type is correct
- if (pkey->type != EVP_PKEY_DSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
cerr << "DSA Key requested, but OpenSSL loaded something else\n";
return NULL;
}
- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ const BIGNUM *p, *q, *g, *pub_key;
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, 0);
+ XMLCh * P = BN2b64(p);
+ XMLCh * Q = BN2b64(q);
+ XMLCh * G = BN2b64(g);
+ XMLCh * Y = BN2b64(pub_key);
rkb->appendDSAKeyValue(P,Q,G,Y);
@@ -2486,13 +2553,16 @@
XSEC_RELEASE_XMLCH(Y);
}
else {
- if (pkey->type != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
cerr << "RSA Key requested, but OpenSSL loaded something else\n";
exit (1);
}
- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ const BIGNUM *n, *e;
+ RSA_get0_key(rsa, &n, &e, 0);
+ XMLCh * mod = BN2b64(n);
+ XMLCh * exp = BN2b64(e);
rkb->appendRSAKeyValue(mod, exp);
XSEC_RELEASE_XMLCH(mod);
XSEC_RELEASE_XMLCH(exp);
@@ -3251,14 +3321,17 @@
// Create the RSA key file
RSA * rsa = RSA_new();
- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus));
- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent));
- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD));
- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP));
- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ));
- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP));
- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ));
- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ));
+ RSA_set0_key(rsa,
+ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)),
+ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)),
+ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)));
+ RSA_set0_factors(rsa,
+ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)),
+ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)));
+ RSA_set0_crt_params(rsa,
+ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)),
+ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)),
+ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)));
// Write it to disk
BIO *out;
@@ -3367,14 +3440,17 @@
// Create the RSA key file
RSA * rsa = RSA_new();
- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus));
- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent));
- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD));
- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP));
- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ));
- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP));
- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ));
- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ));
+ RSA_set0_key(rsa,
+ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)),
+ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)),
+ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)));
+ RSA_set0_factors(rsa,
+ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)),
+ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)));
+ RSA_set0_crt_params(rsa,
+ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)),
+ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)),
+ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)));
// Write it to disk
BIO *out;
