8982 Udiff usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto

Print this page

8982 Support building with OpenSSL 1.1

@@ -28,10 +28,11 @@
  * SUCH DAMAGES.
  */
 
 /*
  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
  */
 
 #ifndef _PKINIT_CRYPTO_OPENSSL_H
 #define _PKINIT_CRYPTO_OPENSSL_H

@@ -42,15 +43,21 @@
 #include <openssl/pkcs12.h>
 #include <openssl/obj_mac.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
 #include <openssl/sha.h>
 #include <openssl/asn1.h>
 #include <openssl/pem.h>
+#include <openssl/rsa.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#include <openssl/asn1_mac.h>
+#else
+#include <openssl/asn1t.h>
+#endif
+
 #include "pkinit.h"
 
 #define DN_BUF_LEN  256
 #define MAX_CREDS_ALLOWED 20

@@ -160,15 +167,17 @@
 
 static krb5_error_code pkinit_init_pkcs11(pkinit_identity_crypto_context ctx);
 static void pkinit_fini_pkcs11(pkinit_identity_crypto_context ctx);
 
 static krb5_error_code pkinit_encode_dh_params
-        (BIGNUM *, BIGNUM *, BIGNUM *, unsigned char **, unsigned int *);
+        (const BIGNUM *, const BIGNUM *, const BIGNUM *,
+                unsigned char **, unsigned int *);
 static DH *pkinit_decode_dh_params
         (DH **, unsigned char **, unsigned int );
 static int pkinit_check_dh_params
-        (BIGNUM * p1, BIGNUM * p2, BIGNUM * g1, BIGNUM * q1);
+        (const BIGNUM *p1, const BIGNUM *p2, const BIGNUM *g1,
+                const BIGNUM *q1);
 
 static krb5_error_code pkinit_sign_data
         (krb5_context context, pkinit_identity_crypto_context cryptoctx,
                 unsigned char *data, unsigned int data_len,
                 unsigned char **sig, unsigned int *sig_len);

@@ -273,12 +282,19 @@
 wrap_signeddata(unsigned char *data, unsigned int data_len,
                 unsigned char **out, unsigned int *out_len);
 #endif
 
 /* This handy macro borrowed from crypto/x509v3/v3_purp.c */
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define ku_reject(x, usage) \
         (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+#else
+#define ku_reject(x, usage) \
+        ((X509_get_extension_flags(x) & EXFLAG_KUSAGE) && \
+        !(X509_get_key_usage(x) & (usage)))
+#endif
 
 static char *
 pkinit_pkcs11_code_to_text(int err);
 
 #endif  /* _PKINIT_CRYPTO_OPENSSL_H */