Autodetect OpenSSL CMS for LibreSSL compatibility

LibreSSL currently does not support CMS, so checking for CMS via
OPENSSL_VERSION_NUMBER isn't reliable.  Detect CMS support via
autoconf instead.

[ghudson@mit.edu: clarified commit message; minor style changes]

ticket: 7993 (new)
target_version: 1.13
tags: pullup

diff --git a/src/configure.in b/src/configure.in
index 621f105ca0c4d65ff2e0bc6908a345cbc5760958..58e6e54ca7c6e47ad6bbd146832f64e85e739bd3 100644 (file)
--- a/src/configure.in
+++ b/src/configure.in
@@ -242,6 +242,9 @@ case "$withval" in
 builtin|openssl)
   AC_CHECK_LIB(crypto, PKCS7_get_signer_info, PKINIT_CRYPTO_IMPL_LIBS=-lcrypto)
   PKINIT_CRYPTO_IMPL=openssl
+  AC_CHECK_LIB(crypto, CMS_get0_content,
+               [AC_DEFINE([HAVE_OPENSSL_CMS], 1,
+                          [Define if OpenSSL supports cms.])])
   ;;
 nss)
   if test "${PKINIT_CRYPTO_IMPL_CFLAGS+set}" != set; then

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 4d9b5e50caa7546da267970b53ac00225ffd6c53..0c2d17376e65cda656a19316bd8f0f348d0c62f9 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -156,8 +156,8 @@ static char *
 pkinit_pkcs11_code_to_text(int err);
 
 
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-/* Use CMS support present in OpenSSL 1.0 and later. */
+#ifdef HAVE_OPENSSL_CMS
+/* Use CMS support present in OpenSSL. */
 #include <openssl/cms.h>
 #define pkinit_CMS_get0_content_signed(_cms) CMS_get0_content(_cms)
 #define pkinit_CMS_get0_content_data(_cms) CMS_get0_content(_cms)