aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@rspamd.com>2023-06-14 19:31:13 +0100
committerVsevolod Stakhov <vsevolod@rspamd.com>2023-06-14 19:31:13 +0100
commitcd65f390d22f8744850a16ff1c95fe2420a6c8ee (patch)
treedec0a82f841caed323150110fc3ecfdf1b844d0a /src
parent1496f881cf050fd73a558eaf30e051d72c12e549 (diff)
downloadrspamd-cd65f390d22f8744850a16ff1c95fe2420a6c8ee.tar.gz
rspamd-cd65f390d22f8744850a16ff1c95fe2420a6c8ee.zip
[Minor] Another workaround for a broken OpenSSL API
Diffstat (limited to 'src')
-rw-r--r--src/libcryptobox/cryptobox.c46
1 files changed, 44 insertions, 2 deletions
diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index aa79f875d..e8fe3e789 100644
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -428,6 +428,48 @@ rspamd_cryptobox_keypair_sig (rspamd_sig_pk_t pk, rspamd_sig_sk_t sk,
}
}
+#if OPENSSL_VERSION_MAJOR >= 3
+/* Compatibility function for OpenSSL 3.0 - thanks for breaking all API one more time */
+EC_POINT *ec_point_bn2point_compat(const EC_GROUP *group,
+ const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx)
+{
+ size_t buf_len = 0;
+ unsigned char *buf;
+ EC_POINT *ret;
+
+ if ((buf_len = BN_num_bytes(bn)) == 0)
+ buf_len = 1;
+ if ((buf = OPENSSL_malloc(buf_len)) == NULL) {
+ return NULL;
+ }
+
+ if (!BN_bn2binpad(bn, buf, buf_len)) {
+ OPENSSL_free(buf);
+ return NULL;
+ }
+
+ if (point == NULL) {
+ if ((ret = EC_POINT_new(group)) == NULL) {
+ OPENSSL_free(buf);
+ return NULL;
+ }
+ } else
+ ret = point;
+
+ if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) {
+ if (ret != point)
+ EC_POINT_clear_free(ret);
+ OPENSSL_free(buf);
+ return NULL;
+ }
+
+ OPENSSL_free(buf);
+ return ret;
+}
+#else
+#define ec_point_bn2point_compat EC_POINT_bn2point
+#endif
+
void
rspamd_cryptobox_nm (rspamd_nm_t nm,
const rspamd_pk_t pk, const rspamd_sk_t sk,
@@ -467,7 +509,7 @@ rspamd_cryptobox_nm (rspamd_nm_t nm,
g_assert (bn_sec != NULL);
g_assert (EC_KEY_set_private_key (lk, bn_sec) == 1);
- ec_pub = EC_POINT_bn2point (EC_KEY_get0_group (lk), bn_pub, NULL, NULL);
+ ec_pub = ec_point_bn2point_compat (EC_KEY_get0_group (lk), bn_pub, NULL, NULL);
g_assert (ec_pub != NULL);
len = ECDH_compute_key (s, sizeof (s), ec_pub, lk, NULL);
g_assert (len == sizeof (s));
@@ -571,7 +613,7 @@ rspamd_cryptobox_verify (const guchar *sig,
g_assert (lk != NULL);
bn_pub = BN_bin2bn (pk, rspamd_cryptobox_pk_bytes (mode), NULL);
g_assert (bn_pub != NULL);
- ec_pub = EC_POINT_bn2point (EC_KEY_get0_group (lk), bn_pub, NULL, NULL);
+ ec_pub = ec_point_bn2point_compat (EC_KEY_get0_group (lk), bn_pub, NULL, NULL);
g_assert (ec_pub != NULL);
g_assert (EC_KEY_set_public_key (lk, ec_pub) == 1);