[crypto,cert] fix update_x509_from_info for OpenSSL3
loading a RSA public key from the parameters was broken, fix with this commit.
This commit is contained in:
parent
105f0d2366
commit
d684acb0a3
@ -43,6 +43,8 @@
|
|||||||
|
|
||||||
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||||
#include <openssl/core_names.h>
|
#include <openssl/core_names.h>
|
||||||
|
#include <openssl/param_build.h>
|
||||||
|
#include <openssl/evp.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include "certificate.h"
|
#include "certificate.h"
|
||||||
@ -469,6 +471,38 @@ static void certificate_free_x509_certificate_chain(rdpX509CertChain* x509_cert_
|
|||||||
free(x509_cert_chain->array);
|
free(x509_cert_chain->array);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||||
|
static OSSL_PARAM* get_params(const BIGNUM* e, const BIGNUM* mod)
|
||||||
|
{
|
||||||
|
WINPR_ASSERT(e);
|
||||||
|
WINPR_ASSERT(mod);
|
||||||
|
|
||||||
|
OSSL_PARAM* parameters = NULL;
|
||||||
|
OSSL_PARAM_BLD* param = OSSL_PARAM_BLD_new();
|
||||||
|
if (!param)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
const int bits = BN_num_bits(e);
|
||||||
|
if ((bits < 0) || (bits > 32))
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
UINT ie = 0;
|
||||||
|
const int ne = BN_bn2nativepad(e, (BYTE*)&ie, sizeof(ie));
|
||||||
|
if ((ne < 0) || (ne > 4))
|
||||||
|
goto fail;
|
||||||
|
if (OSSL_PARAM_BLD_push_BN(param, OSSL_PKEY_PARAM_RSA_N, mod) != 1)
|
||||||
|
goto fail;
|
||||||
|
if (OSSL_PARAM_BLD_push_uint(param, OSSL_PKEY_PARAM_RSA_E, ie) != 1)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
parameters = OSSL_PARAM_BLD_to_param(param);
|
||||||
|
fail:
|
||||||
|
OSSL_PARAM_BLD_free(param);
|
||||||
|
|
||||||
|
return parameters;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static BOOL update_x509_from_info(rdpCertificate* cert)
|
static BOOL update_x509_from_info(rdpCertificate* cert)
|
||||||
{
|
{
|
||||||
BOOL rc = FALSE;
|
BOOL rc = FALSE;
|
||||||
@ -502,13 +536,20 @@ static BOOL update_x509_from_info(rdpCertificate* cert)
|
|||||||
|
|
||||||
cert->x509 = x509_from_rsa(rsa);
|
cert->x509 = x509_from_rsa(rsa);
|
||||||
#else
|
#else
|
||||||
EVP_PKEY* pkey = EVP_PKEY_new();
|
EVP_PKEY* pkey = NULL;
|
||||||
if (!pkey)
|
EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
|
||||||
|
if (!ctx)
|
||||||
|
goto fail2;
|
||||||
|
const int xx = EVP_PKEY_fromdata_init(ctx);
|
||||||
|
if (xx != 1)
|
||||||
|
goto fail2;
|
||||||
|
OSSL_PARAM* parameters = get_params(e, mod);
|
||||||
|
if (!parameters)
|
||||||
goto fail2;
|
goto fail2;
|
||||||
|
|
||||||
if (!EVP_PKEY_set_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, e))
|
const int rc2 = EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, parameters);
|
||||||
goto fail2;
|
OSSL_PARAM_free(parameters);
|
||||||
if (!EVP_PKEY_set_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, mod))
|
if (rc2 <= 0)
|
||||||
goto fail2;
|
goto fail2;
|
||||||
|
|
||||||
cert->x509 = X509_new();
|
cert->x509 = X509_new();
|
||||||
@ -521,6 +562,7 @@ static BOOL update_x509_from_info(rdpCertificate* cert)
|
|||||||
}
|
}
|
||||||
fail2:
|
fail2:
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
|
EVP_PKEY_CTX_free(ctx);
|
||||||
#endif
|
#endif
|
||||||
if (!cert->x509)
|
if (!cert->x509)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user