From 3fb2c8edb7bf15969ff99b6bbb2e6cf789193b87 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 27 Jun 2016 12:08:29 +0200
Subject: [PATCH] openssl: Update RSA API to OpenSSL 1.1.0

---
 .../plugins/openssl/openssl_rsa_private_key.c | 41 +++++++++++++++----
 .../plugins/openssl/openssl_rsa_public_key.c  | 27 ++++++++----
 2 files changed, 52 insertions(+), 16 deletions(-)

diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index de02f302d6..485e0bbc72 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -20,6 +20,7 @@
 
 #include "openssl_rsa_private_key.h"
 #include "openssl_rsa_public_key.h"
+#include "openssl_util.h"
 
 #include <utils/debug.h>
 
@@ -35,6 +36,12 @@
  */
 #define PUBLIC_EXPONENT 0x10001
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
+OPENSSL_KEY_FALLBACK(RSA, factors, p, q)
+OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp)
+#endif
+
 typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t;
 
 /**
@@ -436,22 +443,38 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
 	}
 	else if (n.ptr && e.ptr && d.ptr && p.ptr && q.ptr && coeff.ptr)
 	{
+		BIGNUM *bn_n, *bn_e, *bn_d, *bn_p, *bn_q;
+		BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
+
 		this->rsa = RSA_new();
-		this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
-		this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
-		this->rsa->d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL);
-		this->rsa->p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL);
-		this->rsa->q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL);
+
+		bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
+		bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
+		bn_d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL);
+		if (!RSA_set0_key(this->rsa, bn_n, bn_e, bn_d))
+		{
+			destroy(this);
+			return NULL;
+
+		}
+		bn_p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL);
+		bn_q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL);
+		if (!RSA_set0_factors(this->rsa, bn_p, bn_q))
+		{
+			destroy(this);
+			return NULL;
+		}
 		if (exp1.ptr)
 		{
-			this->rsa->dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL);
+			dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL);
 		}
 		if (exp2.ptr)
 		{
-			this->rsa->dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL);
+			dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL);
 		}
-		this->rsa->iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL);
-		if (RSA_check_key(this->rsa) == 1)
+		iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL);
+		if (RSA_set0_crt_params(this->rsa, dmp1, dmq1, iqmp) &&
+			RSA_check_key(this->rsa) == 1)
 		{
 			return &this->public;
 		}
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index db928569f3..d66d5016e8 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -28,6 +28,10 @@
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
+#endif
+
 typedef struct private_openssl_rsa_public_key_t private_openssl_rsa_public_key_t;
 
 /**
@@ -224,11 +228,13 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp)
 			break;
 		default:
 		{
+			const BIGNUM *bn_n, *bn_e;
 			chunk_t n = chunk_empty, e = chunk_empty;
 			bool success = FALSE;
 
-			if (openssl_bn2chunk(rsa->n, &n) &&
-				openssl_bn2chunk(rsa->e, &e))
+			RSA_get0_key(rsa, &bn_n, &bn_e, NULL);
+			if (openssl_bn2chunk(bn_n, &n) &&
+				openssl_bn2chunk(bn_e, &e))
 			{
 				success = lib->encoding->encode(lib->encoding, type, rsa, fp,
 									CRED_PART_RSA_MODULUS, n,
@@ -297,10 +303,12 @@ METHOD(public_key_t, get_encoding, bool,
 		}
 		default:
 		{
+			const BIGNUM *bn_n, *bn_e;
 			chunk_t n = chunk_empty, e = chunk_empty;
 
-			if (openssl_bn2chunk(this->rsa->n, &n) &&
-				openssl_bn2chunk(this->rsa->e, &e))
+			RSA_get0_key(this->rsa, &bn_n, &bn_e, NULL);
+			if (openssl_bn2chunk(bn_n, &n) &&
+				openssl_bn2chunk(bn_e, &e))
 			{
 				success = lib->encoding->encode(lib->encoding, type, NULL,
 									encoding, CRED_PART_RSA_MODULUS, n,
@@ -416,10 +424,15 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type,
 	}
 	else if (n.ptr && e.ptr && type == KEY_RSA)
 	{
+		BIGNUM *bn_n, *bn_e;
+
 		this->rsa = RSA_new();
-		this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
-		this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
-		return &this->public;
+		bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
+		bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
+		if (RSA_set0_key(this->rsa, bn_n, bn_e, NULL))
+		{
+			return &this->public;
+		}
 	}
 	destroy(this);
 	return NULL;
-- 
2.47.2