krb5 commit: Autodetect OpenSSL CMS for LibreSSL compatibility

Greg Hudson ghudson at MIT.EDU
Fri Aug 15 10:58:31 EDT 2014


https://github.com/krb5/krb5/commit/a7a8e3186a21c15132cd8fb6c141afcf25a1fb74
commit a7a8e3186a21c15132cd8fb6c141afcf25a1fb74
Author: maurerpe <junk4me46806 at yahoo.com>
Date:   Thu Aug 14 17:43:55 2014 -0400

    Autodetect OpenSSL CMS for LibreSSL compatibility
    
    LibreSSL currently does not support CMS, so checking for CMS via
    OPENSSL_VERSION_NUMBER isn't reliable.  Detect CMS support via
    autoconf instead.
    
    [ghudson at mit.edu: clarified commit message; minor style changes]
    
    ticket: 7993 (new)
    target_version: 1.13
    tags: pullup

 src/configure.in                                   |    3 +++
 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |    4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/configure.in b/src/configure.in
index 621f105..58e6e54 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -242,6 +242,9 @@ case "$withval" in
 builtin|openssl)
   AC_CHECK_LIB(crypto, PKCS7_get_signer_info, PKINIT_CRYPTO_IMPL_LIBS=-lcrypto)
   PKINIT_CRYPTO_IMPL=openssl
+  AC_CHECK_LIB(crypto, CMS_get0_content,
+               [AC_DEFINE([HAVE_OPENSSL_CMS], 1,
+                          [Define if OpenSSL supports cms.])])
   ;;
 nss)
   if test "${PKINIT_CRYPTO_IMPL_CFLAGS+set}" != set; then
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 4d9b5e5..0c2d173 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -156,8 +156,8 @@ static char *
 pkinit_pkcs11_code_to_text(int err);
 
 
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-/* Use CMS support present in OpenSSL 1.0 and later. */
+#ifdef HAVE_OPENSSL_CMS
+/* Use CMS support present in OpenSSL. */
 #include <openssl/cms.h>
 #define pkinit_CMS_get0_content_signed(_cms) CMS_get0_content(_cms)
 #define pkinit_CMS_get0_content_data(_cms) CMS_get0_content(_cms)


More information about the cvs-krb5 mailing list