[28549] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit [krb5-1.13]: Autodetect OpenSSL CMS for LibreSSL

daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Aug 21 18:11:11 2014

Date: Thu, 21 Aug 2014 18:11:03 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201408212211.s7LMB37J011553@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/d300093bc0b3d7a996094c02d86c6058cd0c5045
commit d300093bc0b3d7a996094c02d86c6058cd0c5045
Author: maurerpe <junk4me46806@yahoo.com>
Date:   Thu Aug 14 17:43:55 2014 -0400

    Autodetect OpenSSL CMS for LibreSSL compatibility
    
    LibreSSL currently does not support CMS, so checking for CMS via
    OPENSSL_VERSION_NUMBER isn't reliable.  Detect CMS support via
    autoconf instead.
    
    [ghudson@mit.edu: clarified commit message; minor style changes]
    
    (cherry picked from commit a7a8e3186a21c15132cd8fb6c141afcf25a1fb74)
    
    ticket: 7993
    version_fixed: 1.13
    status: resolved

 src/configure.in                                   |    3 +++
 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |    4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/configure.in b/src/configure.in
index 621f105..58e6e54 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -242,6 +242,9 @@ case "$withval" in
 builtin|openssl)
   AC_CHECK_LIB(crypto, PKCS7_get_signer_info, PKINIT_CRYPTO_IMPL_LIBS=-lcrypto)
   PKINIT_CRYPTO_IMPL=openssl
+  AC_CHECK_LIB(crypto, CMS_get0_content,
+               [AC_DEFINE([HAVE_OPENSSL_CMS], 1,
+                          [Define if OpenSSL supports cms.])])
   ;;
 nss)
   if test "${PKINIT_CRYPTO_IMPL_CFLAGS+set}" != set; then
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 4d9b5e5..0c2d173 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -156,8 +156,8 @@ static char *
 pkinit_pkcs11_code_to_text(int err);
 
 
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-/* Use CMS support present in OpenSSL 1.0 and later. */
+#ifdef HAVE_OPENSSL_CMS
+/* Use CMS support present in OpenSSL. */
 #include <openssl/cms.h>
 #define pkinit_CMS_get0_content_signed(_cms) CMS_get0_content(_cms)
 #define pkinit_CMS_get0_content_data(_cms) CMS_get0_content(_cms)
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5

home help back first fref pref prev next nref lref last post