From 7a707a2bb0b0c6de1eb98cef74a5d1016f0e8c9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Tue, 11 Oct 2016 16:15:43 +0200
Subject: [PATCH] Port to OpenSSL 1.1.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OpenSSL 1.1.0 hid ECDSA structure internals and provided methods
instead.

This patch uses the methods and provides their copies in the case of
older OpenSSL. Because the new OpenSSL API, ECDSA_SIG_set0(), cannot
set curve parameters individually and ECDSA_SIG_get0() returns yet
another reference, it's necessary to duplicate the other unchanged
paramater when calling set_r() or set_s().

This patch also stops exporting ECDSA_METHOD functions that were
removed from the new OpenSSL.

CPAN RT#118330

Signed-off-by: Petr Písař <ppisar@redhat.com>
---
 ECDSA.xs | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 61 insertions(+), 17 deletions(-)

diff --git a/ECDSA.xs b/ECDSA.xs
index 4016368..648303e 100644
--- a/ECDSA.xs
+++ b/ECDSA.xs
@@ -7,9 +7,34 @@
 
 #include <openssl/ecdsa.h>
 #include <openssl/err.h>
+#include <openssl/bn.h>
 
 #include "const-c.inc"
 
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || LIBRESSL_VERSION_NUMBER >= 0x2070000fL
+#include <openssl/ec.h>
+#else
+static void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr,
+    const BIGNUM **ps) {
+    if (pr != NULL)
+        *pr = sig->r;
+    if (ps != NULL)
+        *ps = sig->s;
+}
+
+static int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+    if (r == NULL || s == NULL)
+        return 0;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    sig->r = r;
+    sig->s = s;
+    return 1;
+}
+#endif
+
 MODULE = Crypt::OpenSSL::ECDSA		PACKAGE = Crypt::OpenSSL::ECDSA
 
 PROTOTYPES: ENABLE
@@ -17,7 +42,9 @@ INCLUDE: const-xs.inc
 
 BOOT:
     ERR_load_crypto_strings();
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && OPENSSL_VERSION_NUMBER < 0x10100000L
     ERR_load_ECDSA_strings();
+#endif
 
 #ECDSA_SIG *
 #ECDSA_SIG_new()
@@ -61,10 +88,16 @@ ECDSA_do_verify(const unsigned char *dgst, const ECDSA_SIG *sig, EC_KEY* eckey);
 	OUTPUT:
 		RETVAL
 
-# These ECDSA_METHOD functions only became available in 1.0.2
+# These ECDSA_METHOD functions only became available in 1.0.2,
+# but some of them removed again in 1.1.0.
 
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
 
+int	  
+ECDSA_size(const EC_KEY *eckey)
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
 const ECDSA_METHOD *
 ECDSA_OpenSSL()
 
@@ -77,9 +110,6 @@ ECDSA_get_default_method()
 int 	  
 ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
 
-int	  
-ECDSA_size(const EC_KEY *eckey)
-
 ECDSA_METHOD *
 ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method=0)
 
@@ -95,7 +125,7 @@ ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name)
 void 
 ERR_load_ECDSA_strings()
 
-
+#endif
 #endif
 
 
@@ -135,11 +165,13 @@ SV *
 get_r(ecdsa_sig)
         ECDSA_SIG *ecdsa_sig
     PREINIT:
+        const BIGNUM *r;
         unsigned char *to;
         STRLEN len;
     CODE:
         to = malloc(sizeof(char) * 128);
-        len = BN_bn2bin(ecdsa_sig->r, to);
+        ECDSA_SIG_get0(ecdsa_sig, &r, NULL);
+        len = BN_bn2bin(r, to);
         RETVAL = newSVpvn((const char*)to, len);
         free(to);
     OUTPUT:
@@ -149,11 +181,13 @@ SV *
 get_s(ecdsa_sig)
         ECDSA_SIG *ecdsa_sig
     PREINIT:
+        const BIGNUM *s;
         unsigned char *to;
         STRLEN len;
     CODE:
         to = malloc(sizeof(char) * 128);
-        len = BN_bn2bin(ecdsa_sig->s, to);
+        ECDSA_SIG_get0(ecdsa_sig, NULL, &s);
+        len = BN_bn2bin(s, to);
         RETVAL = newSVpvn((const char*)to, len);
         free(to);
     OUTPUT:
@@ -164,26 +198,36 @@ set_r(ecdsa_sig, r_SV)
         ECDSA_SIG *ecdsa_sig
         SV * r_SV
     PREINIT:
-	char *s;
+	    char *string;
         STRLEN len;
+        BIGNUM *r;
+        BIGNUM *s;
     CODE:
-        s = SvPV(r_SV, len);
-        if (ecdsa_sig->r)
-            BN_free(ecdsa_sig->r);
-        ecdsa_sig->r = BN_bin2bn((const unsigned char *)s, len, NULL);
+        string = SvPV(r_SV, len);
+        r = BN_bin2bn((const unsigned char *)string, len, NULL);
+        ECDSA_SIG_get0(ecdsa_sig, NULL, (const BIGNUM**)&s);
+        s = BN_dup(s);
+        if (NULL == s)
+            croak("Could not duplicate unchanged ECDSA paramater");
+        ECDSA_SIG_set0(ecdsa_sig, r, s);
 
 void
 set_s(ecdsa_sig, s_SV)
         ECDSA_SIG *ecdsa_sig
         SV * s_SV
     PREINIT:
-	char *s;
+	    char *string;
         STRLEN len;
+        BIGNUM *r;
+        BIGNUM *s;
     CODE:
-        s = SvPV(s_SV, len);
-        if (ecdsa_sig->s)
-            BN_free(ecdsa_sig->s);
-        ecdsa_sig->s = BN_bin2bn((const unsigned char *)s, len, NULL);
+        string = SvPV(s_SV, len);
+        s = BN_bin2bn((const unsigned char *)string, len, NULL);
+        ECDSA_SIG_get0(ecdsa_sig, (const BIGNUM**)&r, NULL);
+        r = BN_dup(r);
+        if (NULL == r)
+            croak("Could not duplicate unchanged ECDSA paramater");
+        ECDSA_SIG_set0(ecdsa_sig, r, s);
 
 
 
-- 
2.7.4