[rs-commit] r147 - in /mod_scep/trunk: mod_scep.c openssl_setter_compat.h
rs-commit at redwax.eu
rs-commit at redwax.eu
Tue Dec 3 22:14:39 CET 2019
Author: dirkx at redwax.eu
Date: Tue Dec 3 22:14:38 2019
New Revision: 147
Log:
Introduce a stopgap measure for the missing setter in OpenSSL 1.1.0..1.1.1.
Added:
mod_scep/trunk/openssl_setter_compat.h
- copied unchanged from r146, mod_csr/trunk/openssl_setter_compat.h
Modified:
mod_scep/trunk/mod_scep.c
Modified: mod_scep/trunk/mod_scep.c
==============================================================================
--- mod_scep/trunk/mod_scep.c (original)
+++ mod_scep/trunk/mod_scep.c Tue Dec 3 22:14:38 2019
@@ -37,7 +37,9 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>
+#if OPENSSL_VERSION_NUMBER < 0x1010001fL
#include <openssl/asn1_mac.h>
+#endif
#include <openssl/asn1t.h>
#include <openssl/pkcs7.h>
@@ -51,10 +53,12 @@
#include "ap_expr.h"
#include "mod_ca.h"
+#include "openssl_setter_compat.h"
#define DEFAULT_SCEP_SIZE 128*1024
#define DEFAULT_FRESHNESS 2
#define DEFAULT_FRESHNESS_MAX 3600*24
+
module AP_MODULE_DECLARE_DATA scep_module;
@@ -889,26 +893,43 @@
/* scan all attributes for the one we are looking for */
for (i = 0; i < sk_X509_ATTRIBUTE_num(sattrs); i++) {
+ ASN1_OBJECT *attr_obj;
attr = sk_X509_ATTRIBUTE_value(sattrs, i);
+
+ /* duplicate the signature algorithm */
+ const X509_ALGOR *psigalg;
+#if OPENSSL_VERSION_NUMBER >= 0x010100000L
+ attr_obj = X509_ATTRIBUTE_get0_object(attr);
+ asn1_type = X509_ATTRIBUTE_get0_type(attr, 0);
+#else
asn1_type = sk_ASN1_TYPE_value(attr->value.set, 0);
-
- if (!OBJ_cmp(attr->object, transactionId)) {
+ attr_obj = attr->object;
+#endif
+ if (!OBJ_cmp(attr_obj, transactionId)) {
switch (ASN1_TYPE_get(asn1_type)) {
case V_ASN1_PRINTABLESTRING: {
scep->transactionId = apr_pstrndup(r->pool,
- (const char *) ASN1_STRING_data(
+#if OPENSSL_VERSION_NUMBER > 0x1010001fL
+ (const char *) ASN1_STRING_get0_data(
+#else
+ (const char *) ASN1_STRING_get0_data(
+#endif
asn1_type->value.asn1_string),
ASN1_STRING_length(asn1_type->value.asn1_string));
break;
}
}
}
- else if (!OBJ_cmp(attr->object, messageType)) {
+ else if (!OBJ_cmp(attr_obj, messageType)) {
switch (ASN1_TYPE_get(asn1_type)) {
case V_ASN1_PRINTABLESTRING: {
scep->messageType = atoi(
apr_pstrndup(r->pool,
+#if OPENSSL_VERSION_NUMBER > 0x1010001fL
+ (const char *) ASN1_STRING_get0_data(
+#else
(const char *) ASN1_STRING_data(
+#endif
asn1_type->value.asn1_string),
ASN1_STRING_length(
asn1_type->value.asn1_string)));
@@ -916,12 +937,16 @@
}
}
}
- else if (!OBJ_cmp(attr->object, pkiStatus)) {
+ else if (!OBJ_cmp(attr_obj, pkiStatus)) {
switch (ASN1_TYPE_get(asn1_type)) {
case V_ASN1_PRINTABLESTRING: {
scep->pkiStatus = atoi(
apr_pstrndup(r->pool,
+#if OPENSSL_VERSION_NUMBER > 0x1010001fL
+ (const char *) ASN1_STRING_get0_data(
+#else
(const char *) ASN1_STRING_data(
+#endif
asn1_type->value.asn1_string),
ASN1_STRING_length(
asn1_type->value.asn1_string)));
@@ -929,12 +954,16 @@
}
}
}
- else if (!OBJ_cmp(attr->object, failInfo)) {
+ else if (!OBJ_cmp(attr_obj, failInfo)) {
switch (ASN1_TYPE_get(asn1_type)) {
case V_ASN1_PRINTABLESTRING: {
scep->failInfo = atoi(
apr_pstrndup(r->pool,
+#if OPENSSL_VERSION_NUMBER > 0x1010001fL
+ (const char *) ASN1_STRING_get0_data(
+#else
(const char *) ASN1_STRING_data(
+#endif
asn1_type->value.asn1_string),
ASN1_STRING_length(
asn1_type->value.asn1_string)));
@@ -942,31 +971,39 @@
}
}
}
- else if (!OBJ_cmp(attr->object, senderNonce)) {
+ else if (!OBJ_cmp(attr_obj, senderNonce)) {
switch (ASN1_TYPE_get(asn1_type)) {
case V_ASN1_OCTET_STRING: {
scep->senderNonceLength = ASN1_STRING_length(
asn1_type->value.octet_string);
scep->senderNonce = apr_pmemdup(r->pool,
+#if OPENSSL_VERSION_NUMBER > 0x1010001fL
+ ASN1_STRING_get0_data(asn1_type->value.octet_string),
+#else
ASN1_STRING_data(asn1_type->value.octet_string),
+#endif
scep->senderNonceLength);
break;
}
}
}
- else if (!OBJ_cmp(attr->object, recipientNonce)) {
+ else if (!OBJ_cmp(attr_obj, recipientNonce)) {
switch (ASN1_TYPE_get(asn1_type)) {
case V_ASN1_OCTET_STRING: {
scep->recipientNonceLength = ASN1_STRING_length(
asn1_type->value.octet_string);
scep->recipientNonce = apr_pmemdup(r->pool,
+#if OPENSSL_VERSION_NUMBER > 0x1010001fL
+ ASN1_STRING_get0_data(asn1_type->value.octet_string),
+#else
ASN1_STRING_data(asn1_type->value.octet_string),
+#endif
scep->recipientNonceLength);
break;
}
}
}
- else if (!OBJ_cmp(attr->object, proxyAuthenticator)) {
+ else if (!OBJ_cmp(attr_obj, proxyAuthenticator)) {
switch (ASN1_TYPE_get(asn1_type)) {
case V_ASN1_OCTET_STRING: {
scep->proxyAuthenticator = asn1_type->value.octet_string;
@@ -976,7 +1013,6 @@
}
}
-
return scep;
}
@@ -1970,7 +2006,13 @@
X509_REQ_set_pubkey(creq, pktmp);
/* duplicate the signature algorithm */
+#if OPENSSL_VERSION_NUMBER >= 0x010100000L
+ const X509_ALGOR *psigalg;
+ X509_REQ_get0_signature(req,NULL /* no need for signature */,&psigalg);
+ X509_REQ_set0_signature(creq, NULL, X509_ALGOR_dup((X509_ALGOR*)psigalg));
+#else
creq->sig_alg = X509_ALGOR_dup(req->sig_alg);
+#endif
/* handle the challenge */
idx = X509_REQ_get_attr_by_NID(req, OBJ_sn2nid("challengePassword"), -1);
More information about the rs-commit
mailing list