diff options
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/openvpn/openssl_compat.h | 44 | ||||
-rw-r--r-- | src/openvpn/ssl_openssl.c | 6 |
3 files changed, 49 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index e9ac5a6..5234878 100644 --- a/configure.ac +++ b/configure.ac @@ -932,6 +932,8 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then RSA_bits \ RSA_get0_key \ RSA_set0_key \ + DSA_get0_pqg \ + DSA_bits \ RSA_meth_new \ RSA_meth_free \ RSA_meth_set_pub_enc \ diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index e3f20b7..729fab6 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -275,6 +275,50 @@ RSA_bits(const RSA *rsa) } #endif +#if !defined(HAVE_DSA_GET0_PQG) +/** + * Get the DSA parameters + * + * @param dsa The DSA object + * @param p The @c p parameter + * @param q The @c q parameter + * @param g The @c g parameter + */ +static inline void +DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, + const BIGNUM **q, const BIGNUM **g) +{ + if (p != NULL) + { + *p = dsa ? dsa->p : NULL; + } + if (q != NULL) + { + *q = dsa ? dsa->q : NULL; + } + if (g != NULL) + { + *g = dsa ? dsa->g : NULL; + } +} +#endif + +#if !defined(HAVE_DSA_BITS) +/** + * Number of significant DSA bits + * + * @param rsa The DSA object ; shall not be NULL + * @return The number of DSA bits or 0 on error + */ +static inline int +DSA_bits(const DSA *dsa) +{ + const BIGNUM *p = NULL; + DSA_get0_pqg(dsa, &p, NULL, NULL); + return p ? BN_num_bits(p) : 0; +} +#endif + #if !defined(HAVE_RSA_METH_NEW) /** * Allocate a new RSA method object diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index da801ed..11f4a56 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1689,11 +1689,11 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix) openvpn_snprintf(s2, sizeof(s2), ", %d bit RSA", RSA_bits(rsa)); } - else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA && EVP_PKEY_get0_DSA(pkey) != NULL - && pkey->pkey.dsa->p != NULL) + else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA && EVP_PKEY_get0_DSA(pkey) != NULL) { + DSA *dsa = EVP_PKEY_get0_DSA(pkey); openvpn_snprintf(s2, sizeof(s2), ", %d bit DSA", - BN_num_bits(pkey->pkey.dsa->p)); + DSA_bits(dsa)); } EVP_PKEY_free(pkey); } |