#include <openssl/err.h>
#include <openssl/evp.h>
+#ifdef HAVE_OPENSSL_PARAM_BUILD_H
#include <openssl/param_build.h>
+#endif
#include <openssl/pem.h>
#include <openssl/rand.h>
bool read_rsa_public_key(connection_t *c) {
FILE *fp;
char *pubname;
- char *hcfname;
char *key;
- if(!c->rsa_key) {
+ if(c->rsa_key) {
EVP_PKEY_free(c->rsa_key);
c->rsa_key = NULL;
}
if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) {
BIGNUM *n = NULL;
BIGNUM *e = NULL;
- OSSL_PARAM_BLD *bld = NULL;
- OSSL_PARAM *param = NULL;
- EVP_PKEY_CTX *ctx = NULL;
- int result;
logger(LOG_WARNING, "Obsolete PublicKey statement for %s!", c->name);
free(key);
BN_hex2bn(&e, "FFFF");
+#ifdef HAVE_OPENSSL_PARAM_BUILD_H
+ OSSL_PARAM_BLD *bld = NULL;
+ OSSL_PARAM *param = NULL;
+ EVP_PKEY_CTX *ctx = NULL;
+ int result;
+
bld = OSSL_PARAM_BLD_new();
if(!bld) {
return false;
}
+#else
+ c->rsa_key = EVP_PKEY_new();
+ RSA *rsa_key = RSA_new();
+
+ if(!c->rsa_key || !rsa_key || !n || !e || RSA_set0_key(rsa_key, n, e, NULL) != 1) {
+ RSA_free(rsa_key);
+ BN_free(e);
+ BN_free(n);
+ logger(LOG_ERR, "RSA_set0_key() failed with PublicKey for %s!", c->name);
+ return false;
+ }
+
+ EVP_PKEY_set1_RSA(c->rsa_key, rsa_key);
+#endif
+
return true;
}
- /* Else, check for PublicKeyFile statement and read it */
+ /* Else, check for PublicKeyFile statement, or else check the host config file */
+
+ if(!get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &pubname)) {
+ xasprintf(&pubname, "%s/hosts/%s", confbase, c->name);
+ }
+
- if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &pubname)) {
+ fp = fopen(pubname, "r");
+
+ if(!fp) {
+ logger(LOG_ERR, "Error reading RSA public key file `%s': %s", pubname, strerror(errno));
+ free(pubname);
+ return false;
+ }
+
+#ifndef LIBRESSL_VERSION_NUMBER
+ c->rsa_key = PEM_read_PUBKEY(fp, &c->rsa_key, NULL, NULL);
+#else
+ RSA *rsa_key = RSA_new();
+
+ if(!rsa_key) {
+ abort();
+ }
+
+ if(!PEM_read_RSAPublicKey(fp, &rsa_key, NULL, NULL)) {
+ fclose(fp);
fp = fopen(pubname, "r");
if(!fp) {
return false;
}
- c->rsa_key = PEM_read_PUBKEY(fp, &c->rsa_key, NULL, NULL);
- fclose(fp);
-
- if(c->rsa_key) {
- free(pubname);
- return true; /* Woohoo. */
- }
-
- logger(LOG_ERR, "Reading RSA public key file `%s' failed: %s", pubname, strerror(errno));
- free(pubname);
- return false;
+ PEM_read_RSA_PUBKEY(fp, &rsa_key, NULL, NULL);
}
- /* Else, check if a harnessed public key is in the config file */
-
- xasprintf(&hcfname, "%s/hosts/%s", confbase, c->name);
- fp = fopen(hcfname, "r");
-
- if(!fp) {
- logger(LOG_ERR, "Error reading RSA public key file `%s': %s", hcfname, strerror(errno));
- free(hcfname);
- return false;
+ if(rsa_key) {
+ c->rsa_key = EVP_PKEY_new();
+ EVP_PKEY_set1_RSA(c->rsa_key, rsa_key);
}
- c->rsa_key = PEM_read_PUBKEY(fp, &c->rsa_key, NULL, NULL);
+#endif
+
fclose(fp);
if(c->rsa_key) {
- free(hcfname);
+ free(pubname);
return true;
}
- logger(LOG_ERR, "No public key for %s specified!", c->name);
-
+ logger(LOG_ERR, "Reading RSA public key from `%s' failed: %s", pubname, strerror(errno));
+ free(pubname);
return false;
}
BIGNUM *n = NULL;
BIGNUM *e = NULL;
BIGNUM *d = NULL;
- OSSL_PARAM_BLD *bld = NULL;
- OSSL_PARAM *param = NULL;
- EVP_PKEY_CTX *ctx = NULL;
- int result;
logger(LOG_WARNING, "Obsolete PrivateKey statement for myself!");
free(key);
BN_hex2bn(&e, "FFFF");
+#ifdef HAVE_OPENSSL_PARAM_BUILD_H
+ OSSL_PARAM_BLD *bld = NULL;
+ OSSL_PARAM *param = NULL;
+ EVP_PKEY_CTX *ctx = NULL;
+ int result;
+
bld = OSSL_PARAM_BLD_new();
if(!bld) {
return false;
}
+#else
+ myself->connection->rsa_key = EVP_PKEY_new();
+ RSA *rsa_key = RSA_new();
+
+ if(!myself->connection->rsa_key || !rsa_key || !n || !e || !d || RSA_set0_key(rsa_key, n, e, d) != 1) {
+ RSA_free(rsa_key);
+ BN_free(d);
+ BN_free(e);
+ BN_free(n);
+ logger(LOG_ERR, "RSA_set0_key() failed with PrivateKey for myself!");
+ }
+
+ EVP_PKEY_set1_RSA(myself->connection->rsa_key, rsa_key);
+#endif
+
return true;
}
bool x;
int result;
- int len = EVP_PKEY_get_size(c->rsa_key);
+ int len = EVP_PKEY_size(c->rsa_key);
size_t outlen = len;
/* Allocate buffers for the meta key */
return false;
}
- len = EVP_PKEY_get_size(myself->connection->rsa_key);
+ len = EVP_PKEY_size(myself->connection->rsa_key);
outlen = len;
/* Check if the length of the meta key is all right */
bool send_challenge(connection_t *c) {
/* CHECKME: what is most reasonable value for len? */
- int len = EVP_PKEY_get_size(c->rsa_key);
+ int len = EVP_PKEY_size(c->rsa_key);
/* Allocate buffers for the challenge */
return false;
}
- len = EVP_PKEY_get_size(myself->connection->rsa_key);
+ len = EVP_PKEY_size(myself->connection->rsa_key);
/* Check if the length of the challenge is all right */
}
if(!EVP_DigestInit(ctx, c->indigest)
- || !EVP_DigestUpdate(ctx, c->mychallenge, EVP_PKEY_get_size(myself->connection->rsa_key))
+ || !EVP_DigestUpdate(ctx, c->mychallenge, EVP_PKEY_size(myself->connection->rsa_key))
|| !EVP_DigestFinal(ctx, (unsigned char *)hash, NULL)) {
EVP_MD_CTX_destroy(ctx);
logger(LOG_ERR, "Error during calculation of response for %s (%s): %s",
}
if(!EVP_DigestInit(ctx, c->outdigest)
- || !EVP_DigestUpdate(ctx, c->hischallenge, EVP_PKEY_get_size(c->rsa_key))
+ || !EVP_DigestUpdate(ctx, c->hischallenge, EVP_PKEY_size(c->rsa_key))
|| !EVP_DigestFinal(ctx, (unsigned char *)myhash, NULL)) {
EVP_MD_CTX_destroy(ctx);
logger(LOG_ERR, "Error during calculation of response from %s (%s): %s",
projects / tinc / commitdiff