[rs-commit] r82 - in /redwax-tool/trunk: config.h.in configure.ac redwax_openssl.c

rs-commit at redwax.eu rs-commit at redwax.eu
Thu Nov 25 14:38:30 CET 2021 

Author: minfrin at redwax.eu
Date: Thu Nov 25 14:38:30 2021
New Revision: 82

Log:
Add support for openssl 1.0.x and higher.

Modified:
    redwax-tool/trunk/config.h.in
    redwax-tool/trunk/configure.ac
    redwax-tool/trunk/redwax_openssl.c

Modified: redwax-tool/trunk/config.h.in
==============================================================================
--- redwax-tool/trunk/config.h.in	(original)
+++ redwax-tool/trunk/config.h.in	Thu Nov 25 14:38:30 2021
@@ -37,9 +37,33 @@
 /* Define to 1 if you have the <openssl/pem.h> header file. */
 #undef HAVE_OPENSSL_PEM_H
 
+/* Define to 1 if you have the `OPENSSL_uni2utf8' function. */
+#undef HAVE_OPENSSL_UNI2UTF8
+
 /* Define to 1 if you have the `p11_kit_modules_load_and_initialize' function.
    */
 #undef HAVE_P11_KIT_MODULES_LOAD_AND_INITIALIZE
+
+/* Define to 1 if you have the `PKCS12_SAFEBAG_get0_attr' function. */
+#undef HAVE_PKCS12_SAFEBAG_GET0_ATTR
+
+/* Define to 1 if you have the `PKCS12_SAFEBAG_get0_p8inf' function. */
+#undef HAVE_PKCS12_SAFEBAG_GET0_P8INF
+
+/* Define to 1 if you have the `PKCS12_SAFEBAG_get0_safes' function. */
+#undef HAVE_PKCS12_SAFEBAG_GET0_SAFES
+
+/* Define to 1 if you have the `PKCS12_SAFEBAG_get1_cert' function. */
+#undef HAVE_PKCS12_SAFEBAG_GET1_CERT
+
+/* Define to 1 if you have the `PKCS12_SAFEBAG_get1_crl' function. */
+#undef HAVE_PKCS12_SAFEBAG_GET1_CRL
+
+/* Define to 1 if you have the `PKCS12_SAFEBAG_get_bag_nid' function. */
+#undef HAVE_PKCS12_SAFEBAG_GET_BAG_NID
+
+/* Define to 1 if you have the `PKCS12_SAFEBAG_get_nid' function. */
+#undef HAVE_PKCS12_SAFEBAG_GET_NID
 
 /* Define to 1 if you have the `RSA_get0_d' function. */
 #undef HAVE_RSA_GET0_D

Modified: redwax-tool/trunk/configure.ac
==============================================================================
--- redwax-tool/trunk/configure.ac	(original)
+++ redwax-tool/trunk/configure.ac	Thu Nov 25 14:38:30 2021
@@ -96,7 +96,7 @@
 
 # Checks for library functions.
 AC_FUNC_MALLOC
-AC_CHECK_FUNCS([OPENSSL_init_crypto ASN1_TIME_diff X509_STORE_get0_param X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_get_num_untrusted X509_get0_notBefore X509_get0_notAfter X509_get_extension_flags X509_up_ref EVP_PKEY_get0_description EVP_PKEY_get_bn_param RSA_get0_n RSA_get0_e RSA_get0_d RSA_get0_p RSA_get0_q RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_iqmp RSA_set0_key RSA_set0_factors RSA_set0_crt_params NSS_Initialize p11_kit_modules_load_and_initialize apr_crypto_clear])
+AC_CHECK_FUNCS([OPENSSL_init_crypto PKCS12_SAFEBAG_get0_safes PKCS12_SAFEBAG_get_bag_nid PKCS12_SAFEBAG_get_nid PKCS12_SAFEBAG_get0_attr PKCS12_SAFEBAG_get0_p8inf PKCS12_SAFEBAG_get1_cert PKCS12_SAFEBAG_get1_crl OPENSSL_uni2utf8 ASN1_TIME_diff X509_STORE_get0_param X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_get_num_untrusted X509_get0_notBefore X509_get0_notAfter X509_get_extension_flags X509_up_ref EVP_PKEY_get0_description EVP_PKEY_get_bn_param RSA_get0_n RSA_get0_e RSA_get0_d RSA_get0_p RSA_get0_q RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_iqmp RSA_set0_key RSA_set0_factors RSA_set0_crt_params NSS_Initialize p11_kit_modules_load_and_initialize apr_crypto_clear])
 
 AC_OUTPUT
 

Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c	(original)
+++ redwax-tool/trunk/redwax_openssl.c	Thu Nov 25 14:38:30 2021
@@ -88,6 +88,35 @@
  * not added to the headers, breaking the autoconf detection and causing
  * havoc.
  */
+
+#if !HAVE_PKCS12_SAFEBAG_GET0_SAFES
+#define PKCS12_SAFEBAG_get0_safes(bag) bag->value.safes
+#endif
+
+#if !HAVE_PKCS12_SAFEBAG_GET_BAG_NID
+#define PKCS12_SAFEBAG_get_bag_nid M_PKCS12_cert_bag_type
+#endif
+
+#if !HAVE_PKCS12_SAFEBAG_GET_NID
+#define PKCS12_SAFEBAG_get_nid M_PKCS12_bag_type
+#endif
+
+#if !HAVE_PKCS12_SAFEBAG_GET0_ATTR
+#define PKCS12_SAFEBAG_get0_attr PKCS12_get_attr
+#endif
+
+#if !HAVE_PKCS12_SAFEBAG_GET0_P8INF
+#define PKCS12_SAFEBAG_get0_p8inf(bag) bag->value.keybag
+#endif
+
+#if !HAVE_PKCS12_SAFEBAG_GET1_CERT
+#define PKCS12_SAFEBAG_get1_cert PKCS12_certbag2x509
+#endif
+
+#if !HAVE_PKCS12_SAFEBAG_GET1_CRL
+#define PKCS12_SAFEBAG_get1_crl PKCS12_certbag2x509crl
+#endif
+
 #if !HAVE_ASN1_TIME_DIFF
 
 #define SECS_PER_DAY (24 * 60 * 60)
@@ -1867,10 +1896,7 @@
 static apr_status_t import_bag(redwax_tool_t *r, const char *file, const char *secret,
         const PKCS12_SAFEBAG *bag, const char **pass, apr_size_t *pass_len)
 {
-    const STACK_OF(X509_ATTRIBUTE) *attrs;
     const PKCS8_PRIV_KEY_INFO *p8inf;
-
-    attrs = PKCS12_SAFEBAG_get0_attrs(bag);
 
     switch (PKCS12_SAFEBAG_get_nid(bag)) {
     case NID_keyBag: {
@@ -1903,8 +1929,13 @@
 
             if (label->type == V_ASN1_BMPSTRING) {
 
+#if HAVE_OPENSSL_UNI2UTF8
                 key->label = OPENSSL_uni2utf8(label->value.bmpstring->data,
                         label->value.bmpstring->length);
+#else
+                key->label = OPENSSL_uni2asc(label->value.bmpstring->data,
+                        label->value.bmpstring->length);
+#endif
                 key->label_len = strlen(key->label);
 
                 apr_pool_cleanup_register(r->pool, key->label, cleanup_alloc,
@@ -1939,7 +1970,8 @@
             *pass_len = strlen(*pass);
         }
 
-        if ((p8inf = PKCS12_decrypt_skey(bag, *pass, *pass_len)) == NULL) {
+        if ((p8inf = (const PKCS8_PRIV_KEY_INFO*) PKCS12_decrypt_skey(
+                (PKCS12_SAFEBAG *)bag, *pass, *pass_len)) == NULL) {
             redwax_openssl_print_errors(r);
             return APR_EINVAL;
         }
@@ -1968,8 +2000,13 @@
 
             if (label->type == V_ASN1_BMPSTRING) {
 
+#if HAVE_OPENSSL_UNI2UTF8
                 key->label = OPENSSL_uni2utf8(label->value.bmpstring->data,
                         label->value.bmpstring->length);
+#else
+                key->label = OPENSSL_uni2asc(label->value.bmpstring->data,
+                        label->value.bmpstring->length);
+#endif
                 key->label_len = strlen(key->label);
 
                 apr_pool_cleanup_register(key->pool, key->label, cleanup_alloc,
@@ -1998,7 +2035,7 @@
             break;
         }
 
-        x = PKCS12_SAFEBAG_get1_cert(bag);
+        x = PKCS12_SAFEBAG_get1_cert((PKCS12_SAFEBAG *)bag);
 
         apr_pool_cleanup_register(r->pool, x, cleanup_x509,
                 apr_pool_cleanup_null);
@@ -2055,8 +2092,13 @@
 
             if (label->type == V_ASN1_BMPSTRING) {
 
+#if HAVE_OPENSSL_UNI2UTF8
                 cert->label = OPENSSL_uni2utf8(label->value.bmpstring->data,
                         label->value.bmpstring->length);
+#else
+                cert->label = OPENSSL_uni2asc(label->value.bmpstring->data,
+                        label->value.bmpstring->length);
+#endif
                 cert->label_len = strlen(cert->label);
 
                 apr_pool_cleanup_register(cert->pool, cert->label, cleanup_alloc,
@@ -2080,7 +2122,7 @@
             break;
         }
 
-        c = PKCS12_SAFEBAG_get1_crl(bag);
+        c = PKCS12_SAFEBAG_get1_crl((PKCS12_SAFEBAG *)bag);
 
         if (c) {

More information about the rs-commit mailing list