mod_md: Keep compat with openssl < 1.1

author Yann Ylavic <ylavic@apache.org>

Mon, 8 Jul 2024 15:06:14 +0000 (15:06 +0000)

committer Yann Ylavic <ylavic@apache.org>

Mon, 8 Jul 2024 15:06:14 +0000 (15:06 +0000)
author Yann Ylavic <ylavic@apache.org>
Mon, 8 Jul 2024 15:06:14 +0000 (15:06 +0000)
committer Yann Ylavic <ylavic@apache.org>
Mon, 8 Jul 2024 15:06:14 +0000 (15:06 +0000)
diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c

index ca44fab064c2622128db02d89e4a2213f9a4a4c5..c116bf15117f5bb2b78d296a4d8e3e43351308c3 100644 (file)
--- a/modules/md/md_crypt.c
+++ b/modules/md/md_crypt.c
@@ -63,6 +63,10 @@
          || LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
  /* Missing from LibreSSL < 3.5.0 and only available since OpenSSL v1.1.x */
  #include <openssl/ct.h>
+#define MD_HAVE_CT 1
+#endif
+#ifndef MD_HAVE_CT
+#define MD_HAVE_CT 0
  #endif
  
  static int initialized;
@@ -978,42 +982,64 @@ static const char *bn64(const BIGNUM *b, apr_pool_t *p)
  
  const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p)
  {
+    const char *e64 = NULL;
+
  #if OPENSSL_VERSION_NUMBER < 0x30000000L
+
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
+    RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey);
+#else
      const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
+#endif
      if (rsa) {
          const BIGNUM *e;
          RSA_get0_key(rsa, NULL, &e, NULL);
-        return bn64(e, p);
+        e64 = bn64(e, p);
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
+        RSA_free(rsa);
+#endif
      }
-#else
+
+#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
      BIGNUM *e = NULL;
      if (EVP_PKEY_get_bn_param(pkey->pkey, OSSL_PKEY_PARAM_RSA_E, &e)) {
-        const char *e64 = bn64(e, p);
+        e64 = bn64(e, p);
          BN_free(e);
-        return e64;
      }
  #endif
-    return NULL;
+
+    return e64;
  }
  
  const char *md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p)
  {
+    const char *n64 = NULL;
+
  #if OPENSSL_VERSION_NUMBER < 0x30000000L
+
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
+    RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey);
+#else
      const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
+#endif
      if (rsa) {
          const BIGNUM *n;
          RSA_get0_key(rsa, &n, NULL, NULL);
-        return bn64(n, p);
+        n64 = bn64(n, p);
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
+        RSA_free(rsa);
+#endif
      }
-#else
+
+#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
      BIGNUM *n = NULL;
      if (EVP_PKEY_get_bn_param(pkey->pkey, OSSL_PKEY_PARAM_RSA_N, &n)) {
-        const char *n64 = bn64(n, p);
+        n64 = bn64(n, p);
          BN_free(n);
-        return n64;
      }
  #endif
-    return NULL;
+
+    return n64;
  }
  
  apr_status_t md_crypt_sign64(const char **psign64, md_pkey_t *pkey, apr_pool_t *p, 
@@ -2037,11 +2063,10 @@ out:
      return rv;
  }
  
+#if MD_HAVE_CT
  #define MD_OID_CT_SCTS_NUM          "1.3.6.1.4.1.11129.2.4.2"
  #define MD_OID_CT_SCTS_SNAME        "CT-SCTs"
  #define MD_OID_CT_SCTS_LNAME        "CT Certificate SCTs" 
-
-#ifndef OPENSSL_NO_CT
  static int get_ct_scts_nid(void)
  {
      int nid = OBJ_txt2nid(MD_OID_CT_SCTS_NUM);
@@ -2065,7 +2090,7 @@ const char *md_nid_get_lname(int nid)
  
  apr_status_t md_cert_get_ct_scts(apr_array_header_t *scts, apr_pool_t *p, const md_cert_t *cert)
  {
-#ifndef OPENSSL_NO_CT
+#if MD_HAVE_CT
      int nid, i, idx, critical;
      STACK_OF(SCT) *sct_list;
      SCT *sct_handle;
author	Yann Ylavic <ylavic@apache.org>
	Mon, 8 Jul 2024 15:06:14 +0000 (15:06 +0000)
committer	Yann Ylavic <ylavic@apache.org>
	Mon, 8 Jul 2024 15:06:14 +0000 (15:06 +0000)