interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

DSA support with OpenSSL 1.1.0

This commit is contained in:
Willem Toorop 2017-01-13 12:48:15 +01:00
parent 53d73d2f90
commit 9a3b01ed62
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
configure.ac
View File

@ -253,7 +253,7 @@ fi
AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/bn.h openssl/rsa.h openssl/dsa.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/bn.h openssl/rsa.h openssl/dsa.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method]) AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method DSA_SIG_set0 EVP_dss1])
AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
AC_INCLUDES_DEFAULT AC_INCLUDES_DEFAULT
#ifdef HAVE_OPENSSL_ERR_H #ifdef HAVE_OPENSSL_ERR_H
@ -440,7 +440,7 @@ case "$enable_dsa" in
;; ;;
*) dnl default *) dnl default
# detect if DSA is supported, and turn it off if not. # detect if DSA is supported, and turn it off if not.
AC_CHECK_FUNC(EVP_dss1, [ AC_CHECK_FUNC(DSA_SIG_new, [
AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.])
], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.]) ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.])
fi ]) fi ])

9
src/util/val_secalgo.c
View File

@ -230,6 +230,7 @@ log_crypto_error(const char* str, unsigned long e)
ERR_error_string_n(e, buf, sizeof(buf)); ERR_error_string_n(e, buf, sizeof(buf));
/* buf now contains */ /* buf now contains */
/* error:[error code]:[library name]:[function name]:[reason string] */ /* error:[error code]:[library name]:[function name]:[reason string] */
(void)str;
log_err("%s crypto %s", str, buf); log_err("%s crypto %s", str, buf);
} }
@ -262,8 +263,12 @@ setup_dsa_sig(unsigned char** sig, unsigned int* len)
dsasig = DSA_SIG_new(); dsasig = DSA_SIG_new();
if(!dsasig) return 0; if(!dsasig) return 0;
#ifdef HAVE_DSA_SIG_SET0
if(!DSA_SIG_set0(dsasig, R, S)) return 0;
#else
dsasig->r = R; dsasig->r = R;
dsasig->s = S; dsasig->s = S;
#endif
*sig = NULL; *sig = NULL;
newlen = i2d_DSA_SIG(dsasig, sig); newlen = i2d_DSA_SIG(dsasig, sig);
if(newlen < 0) { if(newlen < 0) {
@ -404,7 +409,11 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
"EVP_PKEY_assign_DSA failed"); "EVP_PKEY_assign_DSA failed");
return 0; return 0;
} }
#ifdef HAVE_EVP_DSS1
*digest_type = EVP_dss1(); *digest_type = EVP_dss1();
#else
*digest_type = EVP_sha1();
#endif
break; break;
#endif /* USE_DSA */ #endif /* USE_DSA */