Previous maximum OpenSSL was 3.
F1xes #183.
{
json_t *root;
json_t *child;
- X509_PUBKEY *pubkey;
+ X509_PUBKEY const *pubkey;
ASN1_OBJECT *oid;
root = json_obj_new();
return false;
}
- /*
- * TODO (SLURM, RK) WHY IS THERE NO ERROR HANDLING HERE
- * ARGGGGGGGGGGGGGGGGGGGGHHHHHHHHHHHHHHHHHHHHH
- */
mem = BIO_push(b64, mem);
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
- BIO_write(b64, in, in_len);
- BIO_flush(b64);
+
+ if (BIO_write(b64, in, in_len) < 0)
+ goto fail;
+ if (BIO_flush(b64) <= 0)
+ goto fail;
BIO_get_mem_ptr(mem, &mem_buf);
*result = to_base64url(mem_buf->data, mem_buf->length);
BIO_free_all(b64);
return true;
+
+fail: BIO_free_all(b64);
+ return false;
}
#include "extension.h"
+#if OPENSSL_VERSION_MAJOR >= 4
+#include <crypto/asn1.h>
+#endif
#include <openssl/asn1t.h>
#include <openssl/obj_mac.h>
#include <openssl/objects.h>
int
validate_public_key_hash(X509 *cert, ASN1_OCTET_STRING *hash)
{
- X509_PUBKEY *pubkey;
+ X509_PUBKEY const *pubkey;
const unsigned char *spk;
int spk_len;
int ok;
#include "libcrypto_util.h"
+#if OPENSSL_VERSION_MAJOR >= 4
+#include <crypto/asn1.h>
+#endif
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/buffer.h>
if (bio == NULL)
enomem_panic();
+ res = NULL;
if (BIO_PR_TIME(bio, tm) <= 0)
- return NULL;
+ goto end;
+ if (BIO_flush(bio) <= 0)
+ goto end;
- BIO_flush(bio);
BIO_get_mem_ptr(bio, &buf);
res = pstrndup(buf->data, buf->length);
- BIO_free_all(bio);
+end: BIO_free_all(bio);
return res;
}
{
json_t *root, *rdnSeq;
json_t *typeval, *child;
- X509_NAME_ENTRY *entry;
+ X509_NAME_ENTRY const *entry;
int nid;
const ASN1_STRING *data;
int i;
unsigned char *ski;
enum rpki_policy policy;
struct resources *resources;
- X509_PUBKEY *pub_key;
+ X509_PUBKEY const *pub_key;
unsigned char *cert_spk, *tmp;
int cert_spk_len;
struct resource_params res_params;
#include "object/certificate.h"
+#if OPENSSL_VERSION_MAJOR >= 4
+#include <crypto/asn1.h>
+#endif
#include <openssl/asn1t.h>
#include <openssl/bio.h>
#if OPENSSL_VERSION_MAJOR >= 3
static int
validate_issuer(X509 *cert, bool is_ta)
{
- X509_NAME *issuer;
+ X509_NAME const *issuer;
struct rfc5280_name *name;
char const *commonName;
int error;
* @diff_pk_cb when the public key is different; return 0 if both are equal.
*/
static int
-spki_cmp(X509_PUBKEY *tal_spki, X509_PUBKEY *cert_spki,
+spki_cmp(X509_PUBKEY *tal_spki, X509_PUBKEY const *cert_spki,
int (*diff_alg_cb)(void), int (*diff_pk_cb)(void))
{
ASN1_OBJECT *tal_alg;
}
static int
-validate_spki(X509_PUBKEY *cert_spki)
+validate_spki(X509_PUBKEY const *cert_spki)
{
struct validation *state;
struct tal *tal;
* 2048-bit modulus and a public exponent (e) of 65,537."
*/
static int
-validate_subject_public_key(X509_PUBKEY *pubkey)
+validate_subject_public_key(X509_PUBKEY const *pubkey)
{
#if OPENSSL_VERSION_MAJOR >= 3
static int
validate_public_key(X509 *cert, enum cert_type type)
{
- X509_PUBKEY *pubkey;
+ X509_PUBKEY const *pubkey;
EVP_PKEY *evppkey;
X509_ALGOR *pa;
int ok;
{
static const uint8_t EXPLICIT_SET_OF_TAG = 0x31;
- X509_PUBKEY *public_key;
+ X509_PUBKEY const *public_key;
EVP_MD_CTX *ctx;
struct encoded_signedAttrs signedAttrs;
int error;
}
static int
-handle_ip_extension(X509_EXTENSION *ext, struct resources *resources)
+handle_ip_extension(X509_EXTENSION const *ext, struct resources *resources)
{
- ASN1_OCTET_STRING *string;
+ ASN1_OCTET_STRING const *string;
struct IPAddrBlocks *blocks;
OCTET_STRING_t *family;
int i;
}
static int
-handle_asn_extension(X509_EXTENSION *ext, struct resources *resources,
+handle_asn_extension(X509_EXTENSION const *ext, struct resources *resources,
bool allow_inherit)
{
- ASN1_OCTET_STRING *string;
+ ASN1_OCTET_STRING const *string;
struct ASIdentifiers *ids;
int error;
int addr_nid, int asn_nid, int bad_addr_nid, int bad_asn_nid,
char const *policy_rfc, char const *bad_ext_rfc, bool allow_asn_inherit)
{
- X509_EXTENSION *ext;
+ X509_EXTENSION const *ext;
int nid;
int i;
int error;
#include "object/name.h"
+#if OPENSSL_VERSION_MAJOR >= 4
+#include <crypto/asn1.h>
+#endif
#include <openssl/asn1.h>
#include <openssl/obj_mac.h>
#include <openssl/objects.h>
};
static int
-name2string(X509_NAME_ENTRY *name, char **_result)
+name2string(X509_NAME_ENTRY const *name, char **_result)
{
const ASN1_STRING *data;
char *result;
}
int
-x509_name_decode(X509_NAME *name, char const *what,
+x509_name_decode(X509_NAME const *name, char const *what,
struct rfc5280_name **_result)
{
struct rfc5280_name *result;
int i;
- X509_NAME_ENTRY *entry;
+ X509_NAME_ENTRY const *entry;
int nid;
int error;
}
int
-validate_issuer_name(char const *container, X509_NAME *issuer)
+validate_issuer_name(char const *container, X509_NAME const *issuer)
{
struct validation *state;
X509 *parent;
}
void
-x509_name_pr_debug(const char *prefix, X509_NAME *name)
+x509_name_pr_debug(const char *prefix, X509_NAME const *name)
{
if (!log_val_enabled(LOG_DEBUG))
return;
struct rfc5280_name;
/* Constructor */
-int x509_name_decode(X509_NAME *, char const *, struct rfc5280_name **);
+int x509_name_decode(X509_NAME const *, char const *, struct rfc5280_name **);
/* Reference counting */
void x509_name_get(struct rfc5280_name *);
void x509_name_put(struct rfc5280_name *);
/* X509_NAME utils */
-int validate_issuer_name(char const *, X509_NAME *);
+int validate_issuer_name(char const *, X509_NAME const *);
-void x509_name_pr_debug(char const *, X509_NAME *);
+void x509_name_pr_debug(char const *, X509_NAME const *);
#endif /* SRC_OBJECT_NAME_H_ */
#include "str_token.h"
+#if OPENSSL_VERSION_MAJOR >= 4
+#include <crypto/asn1.h>
+#endif
#include <openssl/bio.h>
#include <stdint.h>
#include <string.h>