master

分支 (27)

标签 (25)

管理

管理

master

openEuler-24.03-LTS

openEuler-24.03-LTS-SP1

openEuler-24.03-LTS-Next

openEuler-22.03-LTS-SP3

openEuler-22.03-LTS-SP4

openEuler-22.03-LTS-SP1

openEuler-24.09

openEuler-20.03-LTS-SP4

openEuler-22.03-LTS

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS-Next

openEuler-20.03-LTS-SP1

openEuler-20.03-LTS-SP3

openEuler-23.09

openEuler-23.03

revert-merge-161-master

openEuler-22.09

openEuler-22.03-LTS-LoongArch

openEuler-20.03-LTS-Next

openEuler-20.03-LTS-SP4-update-20241101

openEuler-22.03-LTS-SP1-update-20241101

openEuler-22.03-LTS-SP3-update-20241101

openEuler-22.03-LTS-SP4-update-20241101

openEuler-24.03-LTS-update-20241101

openEuler-22.03-LTS-SP4-release

openEuler-24.09-release

openEuler-24.03-LTS-release

openEuler-22.03-LTS-SP3-release

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

rpm
/
backport-No-longer-use-the-low-level-...

From 408f2053da61fa80c5a306b8f87cdd70a7c57a62 Mon Sep 17 00:00:00 2001
From: Michael Schroeder <mls@suse.de>
Date: Wed, 17 Apr 2024 13:05:28 +0200
Subject: [PATCH] No longer use the low level API in openssl-3

Conflict:modify digest_openssl.c in rpmio; adapt context
Reference:https://github.com/rpm-software-management/rpmpgp_legacy/commit/de96811994b28d8fb43dfb101a9cbca263eb1ce5

Instead, construct the key with EVP_PKEY_fromdata()
---
 rpmio/digest_openssl.c | 73 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 72 insertions(+), 1 deletion(-)

diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
index 41d77d0..4d930c9 100644
--- a/rpmio/digest_openssl.c
+++ b/rpmio/digest_openssl.c
@@ -1,10 +1,13 @@
 #include "system.h"

 #include <openssl/evp.h>
+#if OPENSSL_VERSION_MAJOR >= 3
+# include <openssl/params.h>
+#endif
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
-#include <rpm/rpmcrypto.h>

+#include <rpm/rpmcrypto.h>
 #include "rpmio/rpmpgp_internal.h"


@@ -283,6 +286,46 @@ done:
 }


+/*********************** pkey construction *******************************/
+
+#if OPENSSL_VERSION_MAJOR >= 3
+
+static EVP_PKEY *
+construct_pkey_from_param(int id, OSSL_PARAM *params)
+{
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(id, NULL);
+    if (!ctx || EVP_PKEY_fromdata_init(ctx) <= 0 || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, params) <= 0)
+	pkey = NULL;
+    if (ctx)
+	EVP_PKEY_CTX_free(ctx);
+    return pkey;
+}
+
+static OSSL_PARAM
+create_bn_param(char *key, BIGNUM *bn)
+{
+    int sz = bn ? BN_num_bytes(bn) : -1;
+    if (sz < 0 || BN_is_negative(bn)) {
+	OSSL_PARAM param = OSSL_PARAM_END;
+	return param;
+    }
+    if (sz == 0)
+	sz = 1;
+    unsigned char *buf = xmalloc(sz);
+    BN_bn2nativepad(bn, buf, sz);
+    OSSL_PARAM param = OSSL_PARAM_BN(key, buf, sz);
+    return param;
+}
+
+static void
+free_bn_param(OSSL_PARAM *param)
+{
+    free(param->data);
+}
+
+#endif
+
 /****************************** RSA **************************************/

 /* Key */
@@ -300,6 +343,17 @@ static int constructRSASigningKey(struct pgpDigKeyRSA_s *key)
     if (key->evp_pkey)
         return 1;	/* We've already constructed it, so just reuse it */

+#if OPENSSL_VERSION_MAJOR >= 3
+    OSSL_PARAM params[] = {
+	create_bn_param("n", key->n),
+	create_bn_param("e", key->e),
+	OSSL_PARAM_END
+    };
+    key->evp_pkey = construct_pkey_from_param(EVP_PKEY_RSA, params);
+    free_bn_param(params + 0);
+    free_bn_param(params + 1);
+    return key->evp_pkey ? 1 : 0;
+#else
     /* Create the RSA key */
     RSA *rsa = RSA_new();
     if (!rsa) return 0;
@@ -324,6 +378,7 @@ static int constructRSASigningKey(struct pgpDigKeyRSA_s *key)
 exit:
     RSA_free(rsa);
     return 0;
+#endif
 }

 static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
@@ -506,6 +561,21 @@ static int constructDSASigningKey(struct pgpDigKeyDSA_s *key)
     if (key->evp_pkey)
         return 1;	/* We've already constructed it, so just reuse it */

+#if OPENSSL_VERSION_MAJOR >= 3
+    OSSL_PARAM params[] = {
+	create_bn_param("p", key->p),
+	create_bn_param("q", key->q),
+	create_bn_param("g", key->g),
+	create_bn_param("pub", key->y),
+	OSSL_PARAM_END
+    };
+    key->evp_pkey = construct_pkey_from_param(EVP_PKEY_DSA, params);
+    free_bn_param(params + 0);
+    free_bn_param(params + 1);
+    free_bn_param(params + 2);
+    free_bn_param(params + 3);
+    return key->evp_pkey ? 1 : 0;
+#else
     /* Create the DSA key */
     DSA *dsa = DSA_new();
     if (!dsa) return 0;
@@ -533,6 +603,7 @@ static int constructDSASigningKey(struct pgpDigKeyDSA_s *key)
 exit:
     DSA_free(dsa);
     return 0;
+#endif
 }


--
2.23.0