packages/rpm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rpm/backport-No-longer-use-the-low-level-API-in-openssl-3.patch

139 lines
3.6 KiB
Diff
Raw Normal View History

Support sm2p256v1 of ECDSA and sm3 of hash
2024-10-29 14:18:24 +08:00
From 408f2053da61fa80c5a306b8f87cdd70a7c57a62 Mon Sep 17 00:00:00 2001
From: Michael Schroeder <mls@suse.de>
Date: Wed, 17 Apr 2024 13:05:28 +0200
Subject: [PATCH] No longer use the low level API in openssl-3
Conflict:modify digest_openssl.c in rpmio; adapt context
Reference:https://github.com/rpm-software-management/rpmpgp_legacy/commit/de96811994b28d8fb43dfb101a9cbca263eb1ce5
Instead, construct the key with EVP_PKEY_fromdata()
---
rpmio/digest_openssl.c | 73 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 72 insertions(+), 1 deletion(-)
diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
index 41d77d0..4d930c9 100644
--- a/rpmio/digest_openssl.c
+++ b/rpmio/digest_openssl.c
@@ -1,10 +1,13 @@
#include "system.h"
#include <openssl/evp.h>
+#if OPENSSL_VERSION_MAJOR >= 3
+# include <openssl/params.h>
+#endif
#include <openssl/rsa.h>
#include <openssl/dsa.h>
-#include <rpm/rpmcrypto.h>
+#include <rpm/rpmcrypto.h>
#include "rpmio/rpmpgp_internal.h"
@@ -283,6 +286,46 @@ done:
}
+/*********************** pkey construction *******************************/
+
+#if OPENSSL_VERSION_MAJOR >= 3
+
+static EVP_PKEY *
+construct_pkey_from_param(int id, OSSL_PARAM *params)
+{
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(id, NULL);
+ if (!ctx || EVP_PKEY_fromdata_init(ctx) <= 0 || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, params) <= 0)
+ pkey = NULL;
+ if (ctx)
+ EVP_PKEY_CTX_free(ctx);
+ return pkey;
+}
+
+static OSSL_PARAM
+create_bn_param(char *key, BIGNUM *bn)
+{
+ int sz = bn ? BN_num_bytes(bn) : -1;
+ if (sz < 0 || BN_is_negative(bn)) {
+ OSSL_PARAM param = OSSL_PARAM_END;
+ return param;
+ }
+ if (sz == 0)
+ sz = 1;
+ unsigned char *buf = xmalloc(sz);
+ BN_bn2nativepad(bn, buf, sz);
+ OSSL_PARAM param = OSSL_PARAM_BN(key, buf, sz);
+ return param;
+}
+
+static void
+free_bn_param(OSSL_PARAM *param)
+{
+ free(param->data);
+}
+
+#endif
+
/****************************** RSA **************************************/
/* Key */
@@ -300,6 +343,17 @@ static int constructRSASigningKey(struct pgpDigKeyRSA_s *key)
if (key->evp_pkey)
return 1; /* We've already constructed it, so just reuse it */
+#if OPENSSL_VERSION_MAJOR >= 3
+ OSSL_PARAM params[] = {
+ create_bn_param("n", key->n),
+ create_bn_param("e", key->e),
+ OSSL_PARAM_END
+ };
+ key->evp_pkey = construct_pkey_from_param(EVP_PKEY_RSA, params);
+ free_bn_param(params + 0);
+ free_bn_param(params + 1);
+ return key->evp_pkey ? 1 : 0;
+#else
/* Create the RSA key */
RSA *rsa = RSA_new();
if (!rsa) return 0;
@@ -324,6 +378,7 @@ static int constructRSASigningKey(struct pgpDigKeyRSA_s *key)
exit:
RSA_free(rsa);
return 0;
+#endif
}
static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
@@ -506,6 +561,21 @@ static int constructDSASigningKey(struct pgpDigKeyDSA_s *key)
if (key->evp_pkey)
return 1; /* We've already constructed it, so just reuse it */
+#if OPENSSL_VERSION_MAJOR >= 3
+ OSSL_PARAM params[] = {
+ create_bn_param("p", key->p),
+ create_bn_param("q", key->q),
+ create_bn_param("g", key->g),
+ create_bn_param("pub", key->y),
+ OSSL_PARAM_END
+ };
+ key->evp_pkey = construct_pkey_from_param(EVP_PKEY_DSA, params);
+ free_bn_param(params + 0);
+ free_bn_param(params + 1);
+ free_bn_param(params + 2);
+ free_bn_param(params + 3);
+ return key->evp_pkey ? 1 : 0;
+#else
/* Create the DSA key */
DSA *dsa = DSA_new();
if (!dsa) return 0;
@@ -533,6 +603,7 @@ static int constructDSASigningKey(struct pgpDigKeyDSA_s *key)
exit:
DSA_free(dsa);
return 0;
+#endif
}
--
2.23.0
Reference in New Issue Copy Permalink