Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL-1-1-1 support #73

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 17 additions & 2 deletions example/client/estclient.c
Original file line number Diff line number Diff line change
Expand Up @@ -368,7 +368,14 @@ static int client_manual_cert_verify(X509 *cur_cert, int openssl_cert_error)
* This fingerprint can be checked against the anticipated value to determine
* whether or not the server's cert should be approved.
*/
#if OPENSSL_VERSION_NUMBER < 0x10100000L
X509_signature_print(bio_err, cur_cert->sig_alg, cur_cert->signature);
#else
const ASN1_BIT_STRING *asn1_sig = NULL;
const X509_ALGOR *sig_type = NULL;
X509_get0_signature(&asn1_sig, &sig_type, cur_cert);
X509_signature_print(bio_err, sig_type, asn1_sig);
#endif

BIO_free(bio_err);

Expand Down Expand Up @@ -398,7 +405,11 @@ static X509_REQ *read_csr (char *csr_file)
/*
* Read in the csr
*/
#if OPENSSL_VERSION_NUMBER < 0x10100000L
csrin = BIO_new(BIO_s_file_internal());
#else
csrin = BIO_new(BIO_s_file());
#endif
if (BIO_read_filename(csrin, csr_file) <= 0) {
printf("\nUnable to read CSR file %s\n", csr_file);
return (NULL);
Expand Down Expand Up @@ -758,15 +769,13 @@ static void worker_thread (void *ptr)
exit(1);
}


if (srp) {
rv = est_client_enable_srp(ectx, 1024, est_srp_uid, est_srp_pwd);
if (rv != EST_ERR_NONE) {
printf("\nUnable to enable SRP. Aborting!!!\n");
exit(1);
}
}

if (token_auth_mode) {
rv = est_client_set_auth_cred_cb(ectx, auth_credentials_token_cb);
if (rv != EST_ERR_NONE) {
Expand Down Expand Up @@ -935,7 +944,9 @@ static void worker_thread (void *ptr)
if (verbose) printf("\nEnding thread %d", tctx->thread_id);
free(tctx);
ERR_clear_error();
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_remove_thread_state(NULL);
#endif
}


Expand Down Expand Up @@ -1275,7 +1286,11 @@ int main (int argc, char **argv)
* Read in the current client certificate
*/
if (client_cert_file[0]) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
certin = BIO_new(BIO_s_file_internal());
#else
certin = BIO_new(BIO_s_file());
#endif
if (BIO_read_filename(certin, client_cert_file) <= 0) {
printf("\nUnable to read client certificate file %s\n", client_cert_file);
exit(1);
Expand Down
13 changes: 12 additions & 1 deletion example/proxy/estproxy.c
Original file line number Diff line number Diff line change
Expand Up @@ -269,8 +269,11 @@ static int process_ssl_srp_auth (SSL *s, int *ad, void *arg)

if (!login)
return (-1);

#if OPENSSL_VERSION_NUMBER < 0x10100000L
user = SRP_VBASE_get_by_user(srp_db, login);
#else
user = SRP_VBASE_get1_by_user(srp_db, login);
#endif

if (user == NULL) {
printf("User doesn't exist in SRP database\n");
Expand Down Expand Up @@ -494,7 +497,11 @@ int main (int argc, char **argv)
/*
* Read in the local server certificate
*/
#if OPENSSL_VERSION_NUMBER < 0x10100000L
certin = BIO_new(BIO_s_file_internal());
#else
certin = BIO_new(BIO_s_file());
#endif
if (BIO_read_filename(certin, certfile) <= 0) {
printf("\nUnable to read server certificate file %s\n", certfile);
exit(1);
Expand All @@ -514,7 +521,11 @@ int main (int argc, char **argv)
/*
* Read in the server's private key
*/
#if OPENSSL_VERSION_NUMBER < 0x10100000L
keyin = BIO_new(BIO_s_file_internal());
#else
keyin = BIO_new(BIO_s_file());
#endif
if (BIO_read_filename(keyin, keyfile) <= 0) {
printf("\nUnable to read server private key file %s\n", keyfile);
exit(1);
Expand Down
26 changes: 26 additions & 0 deletions example/server/estserver.c
Original file line number Diff line number Diff line change
Expand Up @@ -144,13 +144,26 @@ static DH *get_dh1024dsa ()
if ((dh = DH_new()) == NULL) {
return (NULL);
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
if ((dh->p == NULL) || (dh->g == NULL)) {
DH_free(dh);
return (NULL);
}
dh->length = 160;
#else
BIGNUM * const dh_p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
BIGNUM * const dh_g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
if ((dh_p == NULL) || (dh_g == NULL) || !DH_set0_pqg(dh, dh_p, NULL, dh_g)) {
DH_free(dh);
return (NULL);
}
long bits =160;
if (DH_get_length(dh) > 0) {
DH_set_length(dh, bits);
}
#endif
return (dh);
}

Expand Down Expand Up @@ -276,7 +289,11 @@ int lookup_pkcs10_request (unsigned char *pkcs10, int p10_len)
* would do this lookup. But this should be good enough for
* testing the retry-after logic.
*/
#if OPENSSL_VERSION_NUMBER < 0x10100000L
pkey = X509_PUBKEY_get(req->req_info->pubkey);
#else
pkey = X509_PUBKEY_get(X509_REQ_get_X509_PUBKEY(req));
#endif
if (!pkey) {
rv = 1;
goto DONE;
Expand Down Expand Up @@ -859,7 +876,11 @@ static int process_ssl_srp_auth (SSL *s, int *ad, void *arg)
if (!login)
return (-1);

#if OPENSSL_VERSION_NUMBER < 0x10100000L
user = SRP_VBASE_get_by_user(srp_db, login);
#else
user = SRP_VBASE_get1_by_user(srp_db, login);
#endif

if (user == NULL) {
printf("User doesn't exist in SRP database\n");
Expand Down Expand Up @@ -1138,7 +1159,12 @@ int main (int argc, char **argv)
/*
* Read in the local server certificate
*/
#if OPENSSL_VERSION_NUMBER < 0x10100000L
certin = BIO_new(BIO_s_file_internal());
#else
certin = BIO_new(BIO_s_file());
#endif

if (BIO_read_filename(certin, certfile) <= 0) {
printf("\nUnable to read server certificate file %s\n", certfile);
exit(1);
Expand Down
61 changes: 56 additions & 5 deletions example/server/ossl_srv.c
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,8 @@ X509 *load_cert(BIO *err, const char *file, int format, const char *pass,

if (format == FORMAT_ASN1)
x = d2i_X509_bio(cert, NULL);
//Could not find any equivalent
#if OPENSSL_VERSION_NUMBER < 0x10100000L
else if (format == FORMAT_NETSCAPE) {
NETSCAPE_X509 *nx;
nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509), cert, NULL);
Expand All @@ -280,7 +282,9 @@ X509 *load_cert(BIO *err, const char *file, int format, const char *pass,
x = nx->cert;
nx->cert = NULL;
NETSCAPE_X509_free(nx);
} else if (format == FORMAT_PEM)
}
#endif
else if (format == FORMAT_PEM)
x = PEM_read_bio_X509_AUX(cert, NULL,
(pem_password_cb *) password_callback, NULL);
else if (format == FORMAT_PKCS12) {
Expand Down Expand Up @@ -1389,12 +1393,21 @@ static int do_sign_init(BIO *err, EVP_MD_CTX *ctx, EVP_PKEY *pkey,
static int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts) {
int rv;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_MD_CTX mctx;
EVP_MD_CTX_init(&mctx);
rv = do_sign_init(err, &mctx, pkey, md, sigopts);
if (rv > 0)
rv = X509_sign_ctx(x, &mctx);
EVP_MD_CTX_cleanup(&mctx);
#else
EVP_MD_CTX *mctx;
mctx = EVP_MD_CTX_new();
rv = do_sign_init(err, mctx, pkey, md, sigopts);
if (rv > 0)
rv = X509_sign_ctx(x, mctx);
EVP_MD_CTX_free(mctx);
#endif
return rv > 0 ? 1 : 0;
}

Expand All @@ -1410,7 +1423,9 @@ STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
X509 *ret = NULL;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
X509_CINF *ci;
#endif
X509_NAME_ENTRY *ne;
X509_NAME_ENTRY *tne, *push;
EVP_PKEY *pktmp;
Expand Down Expand Up @@ -1439,7 +1454,10 @@ STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
goto err;
}
X509_REQ_set_subject_name(req, n);
//could not find any equivalent
#if OPENSSL_VERSION_NUMBER < 0x10100000L
req->req_info->enc.modified = 1;
#endif
X509_NAME_free(n);
}

Expand All @@ -1454,8 +1472,11 @@ STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db,

if (msie_hack) {
/* assume all type should be strings */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
nid = OBJ_obj2nid(ne->object);

#else
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne));
#endif
if (str->type == V_ASN1_UNIVERSALSTRING)
ASN1_UNIVERSALSTRING_to_string(str);

Expand Down Expand Up @@ -1505,7 +1526,11 @@ STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
if (selfsign)
CAname = X509_NAME_dup(name);
else
#if OPENSSL_VERSION_NUMBER < 0x10100000L
CAname = X509_NAME_dup(x509->cert_info->subject);
#else
CAname = X509_NAME_dup(X509_get_subject_name(x509));
#endif
if (CAname == NULL)
goto err;
str = str2 = NULL;
Expand Down Expand Up @@ -1708,13 +1733,17 @@ STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db,

if ((ret = X509_new()) == NULL)
goto err;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ci = ret->cert_info;

#endif
/* Make it an X509 v3 certificate. */
if (!X509_set_version(ret, 2))
goto err;

#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (BN_to_ASN1_INTEGER(serial, ci->serialNumber) == NULL)
#else
if (BN_to_ASN1_INTEGER(serial, X509_get_serialNumber(ret)) == NULL)
#endif
goto err;
if (selfsign) {
if (!X509_set_issuer_name(ret, subject))
Expand Down Expand Up @@ -1746,6 +1775,7 @@ STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (ci->version == NULL)
if ((ci->version = ASN1_INTEGER_new()) == NULL)
goto err;
Expand All @@ -1757,6 +1787,16 @@ STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);

ci->extensions = NULL;
#else
X509_set_version(ret, 2);
/* Free the current entries if any, there should not
* be any I believe */
STACK_OF(X509_EXTENSION) *exts = (STACK_OF(X509_EXTENSION) *)X509_get0_extensions(ret);
if (exts)
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);

exts = NULL;
#endif

/* Initialize the context structure */
if (selfsign)
Expand Down Expand Up @@ -2495,8 +2535,13 @@ BIO * ossl_simple_enroll(const char *p10buf, int p10len) {
email_dn = 0;
}
if (verbose)
#if OPENSSL_VERSION_NUMBER < 0x10100000L
BIO_printf(bio_err, "message digest is %s\n",
OBJ_nid2ln(dgst->type));
#else
BIO_printf(bio_err, "message digest is %s\n",
OBJ_nid2ln(EVP_MD_type(dgst)));
#endif
if ((policy == NULL)
&& ((policy = NCONF_get_string(conf, section, ENV_POLICY))
== NULL)) {
Expand Down Expand Up @@ -2635,9 +2680,15 @@ BIO * ossl_simple_enroll(const char *p10buf, int p10len) {
char *n;

x = sk_X509_value(cert_sk, i);

#if OPENSSL_VERSION_NUMBER < 0x10100000L
j = x->cert_info->serialNumber->length;
p = (const char *) x->cert_info->serialNumber->data;
#else
ASN1_INTEGER *serialNumber = X509_get_serialNumber(x);
j = ASN1_STRING_length(serialNumber);
p = (const char *)ASN1_STRING_get0_data(serialNumber);

#endif

BUF_strlcat(buf[2], "/", sizeof(buf[2]));

Expand Down
4 changes: 4 additions & 0 deletions example/util/utils.c
Original file line number Diff line number Diff line change
Expand Up @@ -266,7 +266,11 @@ EVP_PKEY *read_private_key(const char *key_file, pem_password_cb *cb)
/*
* Read in the private key
*/
#if OPENSSL_VERSION_NUMBER < 0x10100000L
keyin = BIO_new(BIO_s_file_internal());
#else
keyin = BIO_new(BIO_s_file());
#endif
if (BIO_read_filename(keyin, key_file) <= 0) {
EST_LOG_ERR("Unable to read private key file %s", key_file);
return(NULL);
Expand Down
8 changes: 8 additions & 0 deletions src/est/est.c
Original file line number Diff line number Diff line change
Expand Up @@ -1128,7 +1128,11 @@ EST_ERROR est_asn1_sanity_test (const unsigned char *string, long out_len,
switch (tag)
{
case V_ASN1_OBJECT:
#if OPENSSL_VERSION_NUMBER < 0x10100000L
a_object = c2i_ASN1_OBJECT(NULL, &string, len);
#else
a_object = d2i_ASN1_OBJECT(NULL, &string, len);
#endif
if (a_object != NULL) {
nid = OBJ_obj2nid(a_object);
EST_LOG_INFO("NID=%d", nid);
Expand Down Expand Up @@ -1485,7 +1489,11 @@ EST_ERROR est_get_attributes_helper (unsigned char **der_ptr, int *der_len, int
switch (tag) {

case V_ASN1_OBJECT:
#if OPENSSL_VERSION_NUMBER < 0x10100000L
a_object = c2i_ASN1_OBJECT(NULL, &string, len);
#else
a_object = d2i_ASN1_OBJECT(NULL, &string, len);
#endif
if (a_object != NULL) {
nid = OBJ_obj2nid(a_object);
EST_LOG_INFO("NID=%d", nid);
Expand Down
Loading