[libcrypt-openssl-x509-perl] 01/04: Cherry-pick two commits from upstream Git repo for OpenSSL 1.1.0
gregor herrmann
gregoa at debian.org
Wed Nov 2 00:17:07 UTC 2016
This is an automated email from the git hooks/post-receive script.
gregoa pushed a commit to branch master
in repository libcrypt-openssl-x509-perl.
commit 5fde51ed9473454f3350b3d949600a6675773e8d
Author: gregor herrmann <gregoa at debian.org>
Date: Wed Nov 2 01:12:12 2016 +0100
Cherry-pick two commits from upstream Git repo for OpenSSL 1.1.0
compatibility (and 1.0.2 backwards compatibility).
Closes: #828388
---
...enssl-x509-perl-compile-against-openssl-1.patch | 475 +++++++++++++++++++++
...F-OPENSSL_STRING-conflicts-with-OpenSSL-1.patch | 44 ++
debian/patches/series | 2 +
3 files changed, 521 insertions(+)
diff --git a/debian/patches/0001-libcrypt-openssl-x509-perl-compile-against-openssl-1.patch b/debian/patches/0001-libcrypt-openssl-x509-perl-compile-against-openssl-1.patch
new file mode 100644
index 0000000..d885aad
--- /dev/null
+++ b/debian/patches/0001-libcrypt-openssl-x509-perl-compile-against-openssl-1.patch
@@ -0,0 +1,475 @@
+From 669bf5ce0ccdac2b5d121cf693f65c4b1db81862 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
+Date: Sat, 8 Oct 2016 22:21:32 +0000
+Subject: [PATCH] libcrypt-openssl-x509-perl: compile against openssl 1.1.0
+
+and keep it working against openssl 1.0.2j
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
+---
+ X509.pm | 6 +-
+ X509.xs | 238 +++++++++++++++++++++++++++++++++++++++++++++-------------------
+ 2 files changed, 172 insertions(+), 72 deletions(-)
+
+diff --git a/X509.pm b/X509.pm
+index 538679d..c8c17ad 100644
+--- a/X509.pm
++++ b/X509.pm
+@@ -8,7 +8,7 @@ use base qw(Exporter);
+ $VERSION = '1.807';
+
+ @EXPORT_OK = qw(
+- FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM FORMAT_NETSCAPE
++ FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM
+ FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC OPENSSL_VERSION_NUMBER
+ );
+
+@@ -161,7 +161,7 @@ None by default.
+
+ On request:
+
+- FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM FORMAT_NETSCAPE
++ FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM
+ FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC
+
+
+@@ -249,7 +249,7 @@ Return Boolean value if subject and issuer name are the same.
+
+ =item as_string ( [ FORMAT ] )
+
+-Return the certificate as a string in the specified format. C<FORMAT> can be one of C<FORMAT_PEM> (the default), C<FORMAT_ASN1>, or C<FORMAT_NETSCAPE>.
++Return the certificate as a string in the specified format. C<FORMAT> can be one of C<FORMAT_PEM> (the default) or C<FORMAT_ASN1>.
+
+ =item modulus ( )
+
+diff --git a/X509.xs b/X509.xs
+index 8380ff9..9d11f03 100644
+--- a/X509.xs
++++ b/X509.xs
+@@ -21,14 +21,11 @@
+ #define FORMAT_ASN1 1
+ #define FORMAT_TEXT 2
+ #define FORMAT_PEM 3
+-#define FORMAT_NETSCAPE 4
+ #define FORMAT_PKCS12 5
+ #define FORMAT_SMIME 6
+ #define FORMAT_ENGINE 7
+ #define FORMAT_IISSGC 8
+
+-#define NETSCAPE_CERT_HDR "certificate"
+-
+ /* fake our package name */
+ typedef X509* Crypt__OpenSSL__X509;
+ typedef X509_EXTENSION* Crypt__OpenSSL__X509__Extension;
+@@ -46,6 +43,79 @@ typedef X509_CRL* Crypt__OpenSSL__X509__CRL;
+ #define sk_OPENSSL_STRING_value sk_value
+ #endif
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000
++#define const_ossl11
++
++static ASN1_INTEGER *X509_get0_serialNumber(const X509 *a)
++{
++ return a->cert_info->serialNumber;
++}
++
++static void RSA_get0_key(const RSA *r,
++ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
++{
++ if (n != NULL)
++ *n = r->n;
++ if (e != NULL)
++ *e = r->e;
++ if (d != NULL)
++ *d = r->d;
++}
++
++static RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
++{
++ if (pkey->type != EVP_PKEY_RSA)
++ return NULL;
++ return pkey->pkey.rsa;
++}
++
++static void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
++ X509_ALGOR **palg)
++{
++ if (psig != NULL)
++ *psig = crl->signature;
++ if (palg != NULL)
++ *palg = crl->sig_alg;
++}
++
++static void DSA_get0_pqg(const DSA *d,
++ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++ if (p != NULL)
++ *p = d->p;
++ if (q != NULL)
++ *q = d->q;
++ if (g != NULL)
++ *g = d->g;
++}
++
++static void DSA_get0_key(const DSA *d,
++ const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++ if (pub_key != NULL)
++ *pub_key = d->pub_key;
++ if (priv_key != NULL)
++ *priv_key = d->priv_key;
++}
++
++static DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
++{
++ if (pkey->type != EVP_PKEY_DSA)
++ return NULL;
++ return pkey->pkey.dsa;
++}
++
++static EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
++{
++ if (pkey->type != EVP_PKEY_EC)
++ return NULL;
++ return pkey->pkey.ec;
++}
++
++#else
++#define const_ossl11 const
++#endif
++
+ /* Unicode 0xfffd */
+ static U8 utf8_substitute_char[3] = { 0xef, 0xbf, 0xbd };
+
+@@ -211,35 +281,6 @@ static HV* hv_exts(X509* x509, int no_name) {
+ return RETVAL;
+ }
+
+-void _decode_netscape(BIO *bio, X509 *x509) {
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+-
+- NETSCAPE_X509 nx;
+- ASN1_OCTET_STRING os;
+-
+- os.data = (unsigned char *)NETSCAPE_CERT_HDR;
+- os.length = strlen(NETSCAPE_CERT_HDR);
+- nx.header = &os;
+- nx.cert = x509;
+-
+- ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), bio, &nx);
+-
+-#else
+-
+- ASN1_HEADER ah;
+- ASN1_OCTET_STRING os;
+-
+- os.data = (unsigned char *)NETSCAPE_CERT_HDR;
+- os.length = strlen(NETSCAPE_CERT_HDR);
+- ah.header = &os;
+- ah.data = (char *)x509;
+- ah.meth = X509_asn1_meth();
+-
+- ASN1_i2d_bio((i2d_of_void *)i2d_ASN1_HEADER, bio, (unsigned char *)&ah);
+-
+-#endif
+-}
+-
+ MODULE = Crypt::OpenSSL::X509 PACKAGE = Crypt::OpenSSL::X509
+
+ PROTOTYPES: DISABLE
+@@ -255,7 +296,6 @@ BOOT:
+ {"FORMAT_ASN1", FORMAT_ASN1},
+ {"FORMAT_TEXT", FORMAT_TEXT},
+ {"FORMAT_PEM", FORMAT_PEM},
+- {"FORMAT_NETSCAPE", FORMAT_NETSCAPE},
+ {"FORMAT_PKCS12", FORMAT_PKCS12},
+ {"FORMAT_SMIME", FORMAT_SMIME},
+ {"FORMAT_ENGINE", FORMAT_ENGINE},
+@@ -354,7 +394,9 @@ __X509_cleanup(void)
+
+ CRYPTO_cleanup_all_ex_data();
+ ERR_free_strings();
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ ERR_remove_state(0);
++#endif
+ EVP_cleanup();
+
+ SV*
+@@ -398,7 +440,7 @@ accessor(x509)
+
+ } else if (ix == 3) {
+
+- i2a_ASN1_INTEGER(bio, x509->cert_info->serialNumber);
++ i2a_ASN1_INTEGER(bio, X509_get0_serialNumber(x509));
+
+ } else if (ix == 4) {
+
+@@ -425,14 +467,24 @@ accessor(x509)
+
+ } else if (ix == 8) {
+
+- i2a_ASN1_INTEGER(bio, x509->cert_info->version);
++ BIO_printf(bio, "%02ld", X509_get_version(x509));
+
+ } else if (ix == 9) {
++ const_ossl11 X509_ALGOR *palg;
++ const_ossl11 ASN1_OBJECT *paobj;
+
+- i2a_ASN1_OBJECT(bio, x509->sig_alg->algorithm);
++ X509_get0_signature(NULL, &palg, x509);
++ X509_ALGOR_get0(&paobj, NULL, NULL, palg);
++
++ i2a_ASN1_OBJECT(bio, paobj);
+ } else if ( ix == 10 ) {
++ X509_PUBKEY *pkey;
++ ASN1_OBJECT *ppkalg;
++
++ pkey = X509_get_X509_PUBKEY(x509);
++ X509_PUBKEY_get0_param(&ppkalg, NULL, NULL, NULL, pkey);
+
+- i2a_ASN1_OBJECT(bio, x509->cert_info->key->algor->algorithm);
++ i2a_ASN1_OBJECT(bio, ppkalg);
+ }
+
+ RETVAL = sv_bio_final(bio);
+@@ -465,12 +517,14 @@ sig_print(x509)
+ PREINIT:
+ BIO *bio;
+ unsigned char *s;
++ const_ossl11 ASN1_BIT_STRING *psig;
+ int n,i;
+
+ CODE:
+
+- n = x509->signature->length;
+- s = x509->signature->data;
++ X509_get0_signature(&psig, NULL, x509);
++ n = psig->length;
++ s = psig->data;
+ bio = sv_bio_create();
+
+ for (i=0; i<n; i++) {
+@@ -503,9 +557,6 @@ as_string(x509, format = FORMAT_PEM)
+
+ i2d_X509_bio(bio, x509);
+
+- } else if (format == FORMAT_NETSCAPE) {
+-
+- _decode_netscape(bio, x509);
+ }
+
+ RETVAL = sv_bio_final(bio);
+@@ -519,6 +570,11 @@ bit_length(x509)
+
+ PREINIT:
+ EVP_PKEY *pkey;
++ DSA *dsa_pkey;
++ RSA *rsa_pkey;
++ EC_KEY *ec_pkey;
++ const BIGNUM *p;
++ const BIGNUM *n;
+ int length;
+
+ CODE:
+@@ -528,12 +584,16 @@ bit_length(x509)
+ croak("Public key is unavailable\n");
+ }
+
+- switch(pkey->type) {
++ switch(EVP_PKEY_base_id(pkey)) {
+ case EVP_PKEY_RSA:
+- length = BN_num_bits(pkey->pkey.rsa->n);
++ rsa_pkey = EVP_PKEY_get0_RSA(pkey);
++ RSA_get0_key(rsa_pkey, &n, NULL, NULL);
++ length = BN_num_bits(n);
+ break;
+ case EVP_PKEY_DSA:
+- length = BN_num_bits(pkey->pkey.dsa->p);
++ dsa_pkey = EVP_PKEY_get0_DSA(pkey);
++ DSA_get0_pqg(dsa_pkey, &p, NULL, NULL);
++ length = BN_num_bits(p);
+ break;
+ #ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+@@ -545,8 +605,8 @@ bit_length(x509)
+ EVP_PKEY_free(pkey);
+ croak("Could not malloc bignum");
+ }
+- //
+- if ( (group = EC_KEY_get0_group(pkey->pkey.ec)) == NULL) {
++ ec_pkey = EVP_PKEY_get0_EC_KEY(pkey);
++ if ( (group = EC_KEY_get0_group(ec_pkey)) == NULL) {
+ EVP_PKEY_free(pkey);
+ croak("No EC group");
+ }
+@@ -590,10 +650,12 @@ curve(x509)
+ EVP_PKEY_free(pkey);
+ croak("Public key is unavailable\n");
+ }
+- if ( pkey->type == EVP_PKEY_EC ) {
++ if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_EC ) {
+ const EC_GROUP *group;
++ EC_KEY *ec_pkey;
+ int nid;
+- if ( (group = EC_KEY_get0_group(pkey->pkey.ec)) == NULL) {
++ ec_pkey = EVP_PKEY_get0_EC_KEY(pkey);
++ if ( (group = EC_KEY_get0_group(ec_pkey)) == NULL) {
+ EVP_PKEY_free(pkey);
+ croak("No EC group");
+ }
+@@ -621,6 +683,7 @@ modulus(x509)
+ PREINIT:
+ EVP_PKEY *pkey;
+ BIO *bio;
++ int pkey_id;
+
+ CODE:
+
+@@ -634,25 +697,38 @@ modulus(x509)
+ croak("Modulus is unavailable\n");
+ }
+
+- if (pkey->type == EVP_PKEY_RSA) {
++ pkey_id = EVP_PKEY_base_id(pkey);
++ if (pkey_id == EVP_PKEY_RSA) {
++ RSA *rsa_pkey;
++ const BIGNUM *n;
+
+- BN_print(bio, pkey->pkey.rsa->n);
++ rsa_pkey = EVP_PKEY_get0_RSA(pkey);
++ RSA_get0_key(rsa_pkey, &n, NULL, NULL);
+
+- } else if (pkey->type == EVP_PKEY_DSA) {
++ BN_print(bio, n);
+
+- BN_print(bio, pkey->pkey.dsa->pub_key);
++ } else if (pkey_id == EVP_PKEY_DSA) {
++ DSA *dsa_pkey;
++ const BIGNUM *pub_key;
++
++ dsa_pkey = EVP_PKEY_get0_DSA(pkey);
++ DSA_get0_key(dsa_pkey, &pub_key, NULL);
++ BN_print(bio, pub_key);
+ #ifndef OPENSSL_NO_EC
+- } else if ( pkey->type == EVP_PKEY_EC ) {
++ } else if ( pkey_id == EVP_PKEY_EC ) {
+ const EC_POINT *public_key;
+ const EC_GROUP *group;
++ EC_KEY *ec_pkey;
+ BIGNUM *pub_key=NULL;
+- if ( (group = EC_KEY_get0_group(pkey->pkey.ec)) == NULL) {
++
++ ec_pkey = EVP_PKEY_get0_EC_KEY(pkey);
++ if ( (group = EC_KEY_get0_group(ec_pkey)) == NULL) {
+ BIO_free_all(bio);
+ EVP_PKEY_free(pkey);
+ croak("No EC group");
+ }
+- public_key = EC_KEY_get0_public_key(pkey->pkey.ec);
+- if ((pub_key = EC_POINT_point2bn(group, public_key, EC_KEY_get_conv_form(pkey->pkey.ec), NULL, NULL)) == NULL) {
++ public_key = EC_KEY_get0_public_key(ec_pkey);
++ if ((pub_key = EC_POINT_point2bn(group, public_key, EC_KEY_get_conv_form(ec_pkey), NULL, NULL)) == NULL) {
+ BIO_free_all(bio);
+ EVP_PKEY_free(pkey);
+ croak("EC library error");
+@@ -697,8 +773,14 @@ exponent(x509)
+ croak("Exponent is unavailable\n");
+ }
+
+- if (pkey->type == EVP_PKEY_RSA) {
+- BN_print(bio, pkey->pkey.rsa->e);
++ if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) {
++ RSA *rsa_pkey;
++ const BIGNUM *e;
++
++ rsa_pkey = EVP_PKEY_get0_RSA(pkey);
++ RSA_get0_key(rsa_pkey, NULL, &e, NULL);
++
++ BN_print(bio, e);
+ } else {
+ BIO_free_all(bio);
+ EVP_PKEY_free(pkey);
+@@ -780,6 +862,7 @@ pubkey(x509)
+ PREINIT:
+ EVP_PKEY *pkey;
+ BIO *bio;
++ int pkey_id;
+
+ CODE:
+
+@@ -793,16 +876,25 @@ pubkey(x509)
+ croak("Public Key is unavailable\n");
+ }
+
+- if (pkey->type == EVP_PKEY_RSA) {
++ pkey_id = EVP_PKEY_base_id(pkey);
++ if (pkey_id == EVP_PKEY_RSA) {
++ RSA *rsa_pkey;
++
++ rsa_pkey = EVP_PKEY_get0_RSA(pkey);
++ PEM_write_bio_RSAPublicKey(bio, rsa_pkey);
+
+- PEM_write_bio_RSAPublicKey(bio, pkey->pkey.rsa);
++ } else if (pkey_id == EVP_PKEY_DSA) {
++ DSA *dsa_pkey;
+
+- } else if (pkey->type == EVP_PKEY_DSA) {
++ dsa_pkey = EVP_PKEY_get0_DSA(pkey);
+
+- PEM_write_bio_DSA_PUBKEY(bio, pkey->pkey.dsa);
++ PEM_write_bio_DSA_PUBKEY(bio, dsa_pkey);
+ #ifndef OPENSSL_NO_EC
+- } else if ( pkey->type == EVP_PKEY_EC ) {
+- PEM_write_bio_EC_PUBKEY(bio, pkey->pkey.ec);
++ } else if (pkey_id == EVP_PKEY_EC ) {
++ EC_KEY *ec_pkey;
++
++ ec_pkey = EVP_PKEY_get0_EC_KEY(pkey);
++ PEM_write_bio_EC_PUBKEY(bio, ec_pkey);
+ #endif
+ } else {
+
+@@ -823,6 +915,7 @@ pubkey_type(x509)
+ Crypt::OpenSSL::X509 x509;
+ PREINIT:
+ EVP_PKEY *pkey;
++ int pkey_id;
+ CODE:
+ RETVAL=NULL;
+ pkey = X509_get_pubkey(x509);
+@@ -830,13 +923,14 @@ pubkey_type(x509)
+ if(!pkey)
+ XSRETURN_UNDEF;
+
+- if (pkey->type == EVP_PKEY_DSA) {
++ pkey_id = EVP_PKEY_base_id(pkey);
++ if (pkey_id == EVP_PKEY_DSA) {
+ RETVAL="dsa";
+
+- } else if (pkey->type == EVP_PKEY_RSA) {
++ } else if (pkey_id == EVP_PKEY_RSA) {
+ RETVAL="rsa";
+ #ifndef OPENSSL_NO_EC
+- } else if ( pkey->type == EVP_PKEY_EC ) {
++ } else if (pkey_id == EVP_PKEY_EC ) {
+ RETVAL="ec";
+ #endif
+ }
+@@ -1479,7 +1573,13 @@ CRL_accessor(crl)
+ RETVAL = sv_bio_final(bio);
+
+ } else if (ix == 2) {
+- i2a_ASN1_OBJECT(bio, crl->sig_alg->algorithm);
++ const_ossl11 X509_ALGOR *palg;
++ const_ossl11 ASN1_OBJECT *paobj;
++
++ X509_CRL_get0_signature(crl, NULL, &palg);
++ X509_ALGOR_get0(&paobj, NULL, NULL, palg);
++
++ i2a_ASN1_OBJECT(bio, paobj);
+ }
+
+ RETVAL = sv_bio_final(bio);
+--
+2.10.2
+
diff --git a/debian/patches/0002-Fix-STACK_OF-OPENSSL_STRING-conflicts-with-OpenSSL-1.patch b/debian/patches/0002-Fix-STACK_OF-OPENSSL_STRING-conflicts-with-OpenSSL-1.patch
new file mode 100644
index 0000000..3e4f679
--- /dev/null
+++ b/debian/patches/0002-Fix-STACK_OF-OPENSSL_STRING-conflicts-with-OpenSSL-1.patch
@@ -0,0 +1,44 @@
+From 47a65ecd166526bbc43c86cb38c743e84b050eec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Thu, 27 Oct 2016 12:16:29 +0200
+Subject: [PATCH] Fix STACK_OF(OPENSSL_STRING) conflicts with OpenSSL 1.1.0
+
+Since OpenSSL 1.1.0, STACK_OF(OPENSSL_STRING) defines
+sk_OPENSSL_STRING_num() and other accessors as a functions, not
+macros. Thus the #ifndef sk_OPENSSL_STRING_num incorrectly redefined
+them and caused fatal warnings about incompatible types.
+
+This patch redefines the accessors only with OpenSSL older than 1.1.0.
+
+<https://github.com/dsully/perl-crypt-openssl-x509/issues/53>
+---
+ X509.xs | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/X509.xs b/X509.xs
+index 9d11f03..a08ed81 100644
+--- a/X509.xs
++++ b/X509.xs
+@@ -35,6 +35,9 @@ typedef X509_NAME_ENTRY* Crypt__OpenSSL__X509__Name_Entry;
+ typedef X509_CRL* Crypt__OpenSSL__X509__CRL;
+
+ /* 1.0 backwards compat */
++#if OPENSSL_VERSION_NUMBER < 0x10100000
++#define const_ossl11
++
+ #ifndef sk_OPENSSL_STRING_num
+ #define sk_OPENSSL_STRING_num sk_num
+ #endif
+@@ -43,9 +46,6 @@ typedef X509_CRL* Crypt__OpenSSL__X509__CRL;
+ #define sk_OPENSSL_STRING_value sk_value
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+-#define const_ossl11
+-
+ static ASN1_INTEGER *X509_get0_serialNumber(const X509 *a)
+ {
+ return a->cert_info->serialNumber;
+--
+2.10.2
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..d713b93
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,2 @@
+0001-libcrypt-openssl-x509-perl-compile-against-openssl-1.patch
+0002-Fix-STACK_OF-OPENSSL_STRING-conflicts-with-OpenSSL-1.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libcrypt-openssl-x509-perl.git
More information about the Pkg-perl-cvs-commits
mailing list