8982 Cdiff usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto

Print this page

8982 Support building with OpenSSL 1.1


*** 28,37 ****
--- 28,38 ----
   * SUCH DAMAGES.
   */
  
  /*
   * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+  * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
   */
  
  #ifndef _PKINIT_CRYPTO_OPENSSL_H
  #define _PKINIT_CRYPTO_OPENSSL_H
  
*** 42,56 ****
  #include <openssl/pkcs12.h>
  #include <openssl/obj_mac.h>
  #include <openssl/x509v3.h>
  #include <openssl/err.h>
  #include <openssl/evp.h>
- #include <openssl/asn1_mac.h>
  #include <openssl/sha.h>
  #include <openssl/asn1.h>
  #include <openssl/pem.h>
  
  #include "pkinit.h"
  
  #define DN_BUF_LEN  256
  #define MAX_CREDS_ALLOWED 20
  
--- 43,63 ----
  #include <openssl/pkcs12.h>
  #include <openssl/obj_mac.h>
  #include <openssl/x509v3.h>
  #include <openssl/err.h>
  #include <openssl/evp.h>
  #include <openssl/sha.h>
  #include <openssl/asn1.h>
  #include <openssl/pem.h>
+ #include <openssl/rsa.h>
  
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #include <openssl/asn1_mac.h>
+ #else
+ #include <openssl/asn1t.h>
+ #endif
+ 
  #include "pkinit.h"
  
  #define DN_BUF_LEN  256
  #define MAX_CREDS_ALLOWED 20
  
*** 160,174 ****
  
  static krb5_error_code pkinit_init_pkcs11(pkinit_identity_crypto_context ctx);
  static void pkinit_fini_pkcs11(pkinit_identity_crypto_context ctx);
  
  static krb5_error_code pkinit_encode_dh_params
!         (BIGNUM *, BIGNUM *, BIGNUM *, unsigned char **, unsigned int *);
  static DH *pkinit_decode_dh_params
          (DH **, unsigned char **, unsigned int );
  static int pkinit_check_dh_params
!         (BIGNUM * p1, BIGNUM * p2, BIGNUM * g1, BIGNUM * q1);
  
  static krb5_error_code pkinit_sign_data
          (krb5_context context, pkinit_identity_crypto_context cryptoctx,
                  unsigned char *data, unsigned int data_len,
                  unsigned char **sig, unsigned int *sig_len);
--- 167,183 ----
  
  static krb5_error_code pkinit_init_pkcs11(pkinit_identity_crypto_context ctx);
  static void pkinit_fini_pkcs11(pkinit_identity_crypto_context ctx);
  
  static krb5_error_code pkinit_encode_dh_params
!         (const BIGNUM *, const BIGNUM *, const BIGNUM *,
!                 unsigned char **, unsigned int *);
  static DH *pkinit_decode_dh_params
          (DH **, unsigned char **, unsigned int );
  static int pkinit_check_dh_params
!         (const BIGNUM *p1, const BIGNUM *p2, const BIGNUM *g1,
!                 const BIGNUM *q1);
  
  static krb5_error_code pkinit_sign_data
          (krb5_context context, pkinit_identity_crypto_context cryptoctx,
                  unsigned char *data, unsigned int data_len,
                  unsigned char **sig, unsigned int *sig_len);
*** 273,284 ****
--- 282,300 ----
  wrap_signeddata(unsigned char *data, unsigned int data_len,
                  unsigned char **out, unsigned int *out_len);
  #endif
  
  /* This handy macro borrowed from crypto/x509v3/v3_purp.c */
+ 
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
  #define ku_reject(x, usage) \
          (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+ #else
+ #define ku_reject(x, usage) \
+         ((X509_get_extension_flags(x) & EXFLAG_KUSAGE) && \
+         !(X509_get_key_usage(x) & (usage)))
+ #endif
  
  static char *
  pkinit_pkcs11_code_to_text(int err);
  
  #endif  /* _PKINIT_CRYPTO_OPENSSL_H */