From: maurerpe <junk4me46806@yahoo.com>
Date: Thu, 14 Aug 2014 21:43:55 +0000 (-0400)
Subject: Autodetect OpenSSL CMS for LibreSSL compatibility
X-Git-Tag: krb5-1.14-alpha1~265
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7a8e3186a21c15132cd8fb6c141afcf25a1fb74;p=thirdparty%2Fkrb5.git

Autodetect OpenSSL CMS for LibreSSL compatibility

LibreSSL currently does not support CMS, so checking for CMS via
OPENSSL_VERSION_NUMBER isn't reliable.  Detect CMS support via
autoconf instead.

[ghudson@mit.edu: clarified commit message; minor style changes]

ticket: 7993 (new)
target_version: 1.13
tags: pullup
---

diff --git a/src/configure.in b/src/configure.in
index 621f105ca0..58e6e54ca7 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -242,6 +242,9 @@ case "$withval" in
 builtin|openssl)
   AC_CHECK_LIB(crypto, PKCS7_get_signer_info, PKINIT_CRYPTO_IMPL_LIBS=-lcrypto)
   PKINIT_CRYPTO_IMPL=openssl
+  AC_CHECK_LIB(crypto, CMS_get0_content,
+               [AC_DEFINE([HAVE_OPENSSL_CMS], 1,
+                          [Define if OpenSSL supports cms.])])
   ;;
 nss)
   if test "${PKINIT_CRYPTO_IMPL_CFLAGS+set}" != set; then
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 4d9b5e50ca..0c2d17376e 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -156,8 +156,8 @@ static char *
 pkinit_pkcs11_code_to_text(int err);
 
 
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-/* Use CMS support present in OpenSSL 1.0 and later. */
+#ifdef HAVE_OPENSSL_CMS
+/* Use CMS support present in OpenSSL. */
 #include <openssl/cms.h>
 #define pkinit_CMS_get0_content_signed(_cms) CMS_get0_content(_cms)
 #define pkinit_CMS_get0_content_data(_cms) CMS_get0_content(_cms)