Properly apply the OpenSSL version checks
This commit is contained in:
@@ -7,7 +7,7 @@
|
|||||||
* https://www.openssl.org/source/license.html
|
* https://www.openssl.org/source/license.html
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <openssl/opensslv.h>
|
#include "openssl-compat.h"
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|||||||
@@ -10,6 +10,7 @@
|
|||||||
#ifndef LIBCRYPTO_COMPAT_H
|
#ifndef LIBCRYPTO_COMPAT_H
|
||||||
#define LIBCRYPTO_COMPAT_H
|
#define LIBCRYPTO_COMPAT_H
|
||||||
|
|
||||||
|
#include <openssl/opensslv.h>
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
|
|
||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
|
|||||||
@@ -116,6 +116,7 @@ static bool sign_data(ykpiv_state *state, const unsigned char *in, size_t len, u
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||||
static int ec_key_ex_data_idx = -1;
|
static int ec_key_ex_data_idx = -1;
|
||||||
|
|
||||||
struct internal_key {
|
struct internal_key {
|
||||||
@@ -148,7 +149,6 @@ yk_ec_meth_sign(int type, const unsigned char *dgst, int dlen,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 10100000L
|
|
||||||
static int
|
static int
|
||||||
wrap_public_key(ykpiv_state *state, int algorithm, EVP_PKEY *public_key,
|
wrap_public_key(ykpiv_state *state, int algorithm, EVP_PKEY *public_key,
|
||||||
int key)
|
int key)
|
||||||
@@ -801,7 +801,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
|
|||||||
goto request_out;
|
goto request_out;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 10100000L
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
memcpy(digest, oid, oid_len);
|
memcpy(digest, oid, oid_len);
|
||||||
/* XXX: this should probably use X509_REQ_digest() but that's buggy */
|
/* XXX: this should probably use X509_REQ_digest() but that's buggy */
|
||||||
if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info,
|
if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info,
|
||||||
@@ -864,7 +864,7 @@ request_out:
|
|||||||
EVP_PKEY_free(public_key);
|
EVP_PKEY_free(public_key);
|
||||||
}
|
}
|
||||||
if(req) {
|
if(req) {
|
||||||
#if OPENSSL_VERSION_NUMBER < 10100000L
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
if(req->sig_alg->parameter) {
|
if(req->sig_alg->parameter) {
|
||||||
req->sig_alg->parameter = NULL;
|
req->sig_alg->parameter = NULL;
|
||||||
}
|
}
|
||||||
@@ -997,7 +997,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
|
|||||||
if(nid == 0) {
|
if(nid == 0) {
|
||||||
goto selfsign_out;
|
goto selfsign_out;
|
||||||
}
|
}
|
||||||
#if OPENSSL_VERSION_NUMBER < 10100000L
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
if(YKPIV_IS_RSA(algorithm)) {
|
if(YKPIV_IS_RSA(algorithm)) {
|
||||||
signinput = digest;
|
signinput = digest;
|
||||||
len = oid_len + md_len;
|
len = oid_len + md_len;
|
||||||
@@ -1054,7 +1054,7 @@ selfsign_out:
|
|||||||
fclose(output_file);
|
fclose(output_file);
|
||||||
}
|
}
|
||||||
if(x509) {
|
if(x509) {
|
||||||
#if OPENSSL_VERSION_NUMBER < 10100000L
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
if(x509->sig_alg->parameter) {
|
if(x509->sig_alg->parameter) {
|
||||||
x509->sig_alg->parameter = NULL;
|
x509->sig_alg->parameter = NULL;
|
||||||
x509->cert_info->signature->parameter = NULL;
|
x509->cert_info->signature->parameter = NULL;
|
||||||
|
|||||||
@@ -259,7 +259,7 @@ static void test_login() {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 10100000L
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||||
static int bogus_sign(int dtype, const unsigned char *m, unsigned int m_length,
|
static int bogus_sign(int dtype, const unsigned char *m, unsigned int m_length,
|
||||||
unsigned char *sigret, unsigned int *siglen, const RSA *rsa) {
|
unsigned char *sigret, unsigned int *siglen, const RSA *rsa) {
|
||||||
sigret = malloc(1);
|
sigret = malloc(1);
|
||||||
@@ -370,7 +370,7 @@ static void test_import_and_sign_all_10() {
|
|||||||
X509_set_notBefore(cert, tm);
|
X509_set_notBefore(cert, tm);
|
||||||
X509_set_notAfter(cert, tm);
|
X509_set_notAfter(cert, tm);
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 10100000L
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
cert->sig_alg->algorithm = OBJ_nid2obj(8);
|
cert->sig_alg->algorithm = OBJ_nid2obj(8);
|
||||||
cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
|
cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
|
||||||
|
|
||||||
@@ -568,7 +568,7 @@ static void test_import_and_sign_all_10_RSA() {
|
|||||||
X509_set_notBefore(cert, tm);
|
X509_set_notBefore(cert, tm);
|
||||||
X509_set_notAfter(cert, tm);
|
X509_set_notAfter(cert, tm);
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 10100000L
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
/* putting bogus data to signature to make some checks happy */
|
/* putting bogus data to signature to make some checks happy */
|
||||||
cert->sig_alg->algorithm = OBJ_nid2obj(8);
|
cert->sig_alg->algorithm = OBJ_nid2obj(8);
|
||||||
cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
|
cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
|
||||||
|
|||||||
Reference in New Issue
Block a user