[rs-commit] r29 - in /redwax-tool/trunk: config.h.in configure.ac redwax_openssl.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Tue Nov 16 22:14:24 CET 2021
Author: minfrin at redwax.eu
Date: Tue Nov 16 22:14:23 2021
New Revision: 29
Log:
Add X509_get_extension_flags if missing.
Modified:
redwax-tool/trunk/config.h.in
redwax-tool/trunk/configure.ac
redwax-tool/trunk/redwax_openssl.c
Modified: redwax-tool/trunk/config.h.in
==============================================================================
--- redwax-tool/trunk/config.h.in (original)
+++ redwax-tool/trunk/config.h.in Tue Nov 16 22:14:23 2021
@@ -95,6 +95,9 @@
/* Define to 1 if you have the `X509_get0_notBefore' function. */
#undef HAVE_X509_GET0_NOTBEFORE
+/* Define to 1 if you have the `X509_get_extension_flags' function. */
+#undef HAVE_X509_GET_EXTENSION_FLAGS
+
/* Define to 1 if you have the `X509_STORE_CTX_get_num_untrusted' function. */
#undef HAVE_X509_STORE_CTX_GET_NUM_UNTRUSTED
Modified: redwax-tool/trunk/configure.ac
==============================================================================
--- redwax-tool/trunk/configure.ac (original)
+++ redwax-tool/trunk/configure.ac Tue Nov 16 22:14:23 2021
@@ -96,7 +96,7 @@
# Checks for library functions.
AC_FUNC_MALLOC
-AC_CHECK_FUNCS([OPENSSL_init_crypto X509_STORE_get0_param X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_get_num_untrusted X509_get0_notBefore X509_get0_notAfter EVP_PKEY_get0_description EVP_PKEY_get_bn_param RSA_get0_n RSA_get0_e RSA_get0_d RSA_get0_p RSA_get0_q RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_iqmp NSS_Initialize p11_kit_modules_load_and_initialize apr_crypto_clear])
+AC_CHECK_FUNCS([OPENSSL_init_crypto X509_STORE_get0_param X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_get_num_untrusted X509_get0_notBefore X509_get0_notAfter X509_get_extension_flags EVP_PKEY_get0_description EVP_PKEY_get_bn_param RSA_get0_n RSA_get0_e RSA_get0_d RSA_get0_p RSA_get0_q RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_iqmp NSS_Initialize p11_kit_modules_load_and_initialize apr_crypto_clear])
AC_OUTPUT
Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c (original)
+++ redwax-tool/trunk/redwax_openssl.c Tue Nov 16 22:14:23 2021
@@ -104,6 +104,15 @@
#define X509_get0_notAfter X509_get_notAfter
#endif
+#if !HAVE_X509_GET_EXTENSION_FLAGS
+uint32_t X509_get_extension_flags(X509 *x)
+{
+ /* Call for side-effect of computing hash and caching extensions */
+ X509_check_purpose(x, -1, 0);
+ return x->ex_flags;
+}
+#endif
+
#if !HAVE_EVP_PKEY_GET_BN_PARAM
#if !HAVE_RSA_GET0_N
@@ -1917,7 +1926,7 @@
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &dmq1);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT, &iqmp);
#else
- RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ RSA *rsa = EVP_PKEY_get1_RSA(pkey);
const BIGNUM *n = RSA_get0_n(rsa);
const BIGNUM *e = RSA_get0_e(rsa);
@@ -1991,6 +2000,8 @@
BN_clear_free(dmp1);
BN_clear_free(dmq1);
BN_clear_free(iqmp);
+#else
+ RSA_free(rsa);
#endif
break;
@@ -2174,13 +2185,13 @@
x509->id_der = apr_pmemdup(cert->pool, skid->data, skid->length);
}
else if (pub) {
- EVP_PKEY *pkey = X509_PUBKEY_get0(pub);
+ EVP_PKEY *pkey = X509_PUBKEY_get(pub);
switch(EVP_PKEY_base_id(pkey)) {
case EVP_PKEY_RSA: {
/* id is the sha1 hash of the modulus */
unsigned char digest[EVP_MAX_MD_SIZE];
- RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ RSA *rsa = EVP_PKEY_get1_RSA(pkey);
const BIGNUM *n = RSA_get0_n(rsa);
unsigned char *buf = apr_palloc(cert->pool, BN_num_bytes(n));
unsigned int len;
@@ -2188,6 +2199,7 @@
EVP_Digest(buf, BN_num_bytes(n), digest, &len, EVP_sha1(), NULL);
x509->id_der = apr_pmemdup(cert->pool, digest, len);
x509->id_len = len;
+ RSA_free(rsa);
break;
}
#if 0
@@ -2200,6 +2212,7 @@
#endif
}
+ EVP_PKEY_free(pkey);
}
name = X509_get_issuer_name(x);
More information about the rs-commit
mailing list