ykpivmgr: rebuild for libressl-2.9.2.
This commit is contained in:
Johannes
parent
7691ade65d
commit
766c9e0353
2 changed files with 58 additions and 32 deletions
|
|
@ -1,47 +1,54 @@
|
|||
diff --git tool/openssl-compat.c tool/openssl-compat.c
|
||||
index a51af90..bb37dfc 100644
|
||||
--- tool/openssl-compat.c
|
||||
+++ tool/openssl-compat.c
|
||||
@@ -8,7 +8,7 @@
|
||||
*/
|
||||
@@ -71,6 +71,10 @@
|
||||
*iqmp = r->iqmp;
|
||||
}
|
||||
|
||||
#include "openssl-compat.h"
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
||||
#include <string.h>
|
||||
#include <openssl/engine.h>
|
||||
@@ -80,4 +80,4 @@ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
|
||||
+#endif /* OPENSSL_VERSION_NUMBER */
|
||||
+
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+
|
||||
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
|
||||
ASN1_OCTET_STRING **pdigest)
|
||||
{
|
||||
@@ -80,4 +84,4 @@
|
||||
*pdigest = sig->digest;
|
||||
}
|
||||
|
||||
-#endif /* OPENSSL_VERSION_NUMBER */
|
||||
+#endif /* OPENSSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER */
|
||||
diff --git tool/openssl-compat.h tool/openssl-compat.h
|
||||
index 3700bea..bd1967b 100644
|
||||
+#endif /* OPENSSL_VERSION_NUMBER || defined(LIBRESSL_VERSION_NUMBER) */
|
||||
|
||||
--- tool/openssl-compat.h
|
||||
+++ tool/openssl-compat.h
|
||||
@@ -13,7 +13,7 @@
|
||||
#ifndef _WINDOWS
|
||||
@@ -20,7 +20,6 @@
|
||||
#include <openssl/ecdsa.h>
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/evp.h>
|
||||
-#include <openssl/x509.h>
|
||||
|
||||
#include <openssl/opensslv.h>
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/dsa.h>
|
||||
@@ -33,5 +33,5 @@ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
|
||||
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
|
||||
void RSA_get0_key(const RSA *r,
|
||||
@@ -29,9 +28,15 @@
|
||||
void RSA_get0_crt_params(const RSA *r,
|
||||
const BIGNUM **dmp1, const BIGNUM **dmq1,
|
||||
const BIGNUM **iqmp);
|
||||
+#endif /* OPENSSL_VERSION_NUMBER */
|
||||
+
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+
|
||||
+#include <openssl/x509.h>
|
||||
+
|
||||
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
|
||||
ASN1_OCTET_STRING **pdigest);
|
||||
|
||||
+#endif /* OPENSSL_VERSION_NUMBER || defined(LIBRESSL_VERSION_NUMBER) */
|
||||
#endif /* _WINDOWS */
|
||||
-#endif /* OPENSSL_VERSION_NUMBER */
|
||||
+#endif /* OPENSSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER */
|
||||
#endif /* LIBCRYPTO_COMPAT_H */
|
||||
diff --git tool/yubico-piv-tool.c tool/yubico-piv-tool.c
|
||||
index 89daa79..c8b3b84 100644
|
||||
|
||||
--- tool/yubico-piv-tool.c
|
||||
+++ tool/yubico-piv-tool.c
|
||||
@@ -124,7 +124,7 @@ static bool sign_data(ykpiv_state *state, const unsigned char *in, size_t len, u
|
||||
@@ -124,7 +124,7 @@
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -50,7 +57,7 @@ index 89daa79..c8b3b84 100644
|
|||
static int ec_key_ex_data_idx = -1;
|
||||
|
||||
struct internal_key {
|
||||
@@ -688,7 +688,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
|
||||
@@ -688,7 +688,7 @@
|
||||
goto request_out;
|
||||
}
|
||||
|
||||
|
|
@ -59,7 +66,16 @@ index 89daa79..c8b3b84 100644
|
|||
memcpy(digest, oid, oid_len);
|
||||
/* XXX: this should probably use X509_REQ_digest() but that's buggy */
|
||||
if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info,
|
||||
@@ -751,7 +751,7 @@ request_out:
|
||||
@@ -721,7 +721,7 @@
|
||||
fprintf(stderr, "Failed signing request.\n");
|
||||
goto request_out;
|
||||
}
|
||||
- M_ASN1_BIT_STRING_set(req->signature, signature, sig_len);
|
||||
+ ASN1_BIT_STRING_set(req->signature, signature, sig_len);
|
||||
/* mark that all bits should be used. */
|
||||
req->signature->flags = ASN1_STRING_FLAG_BITS_LEFT;
|
||||
}
|
||||
@@ -751,7 +751,7 @@
|
||||
EVP_PKEY_free(public_key);
|
||||
}
|
||||
if(req) {
|
||||
|
|
@ -68,7 +84,7 @@ index 89daa79..c8b3b84 100644
|
|||
if(req->sig_alg->parameter) {
|
||||
req->sig_alg->parameter = NULL;
|
||||
}
|
||||
@@ -884,7 +884,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
|
||||
@@ -884,7 +884,7 @@
|
||||
if(nid == 0) {
|
||||
goto selfsign_out;
|
||||
}
|
||||
|
|
@ -77,7 +93,16 @@ index 89daa79..c8b3b84 100644
|
|||
if(YKPIV_IS_RSA(algorithm)) {
|
||||
signinput = digest;
|
||||
len = oid_len + md_len;
|
||||
@@ -941,7 +941,7 @@ selfsign_out:
|
||||
@@ -912,7 +912,7 @@
|
||||
fprintf(stderr, "Failed signing certificate.\n");
|
||||
goto selfsign_out;
|
||||
}
|
||||
- M_ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
|
||||
+ ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
|
||||
/* setting flags to ASN1_STRING_FLAG_BITS_LEFT here marks that no bits
|
||||
* should be subtracted from the bit string, thus making sure that the
|
||||
* certificate can be validated. */
|
||||
@@ -941,7 +941,7 @@
|
||||
fclose(output_file);
|
||||
}
|
||||
if(x509) {
|
||||
|
|
@ -86,6 +111,7 @@ index 89daa79..c8b3b84 100644
|
|||
if(x509->sig_alg->parameter) {
|
||||
x509->sig_alg->parameter = NULL;
|
||||
x509->cert_info->signature->parameter = NULL;
|
||||
|
||||
diff --git ykcs11/openssl_utils.c ykcs11/openssl_utils.c
|
||||
index 68fb29a..5a7f85d 100644
|
||||
--- ykcs11/openssl_utils.c
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ _libykcs_desc="Yubikey PIV pkcs11 library"
|
|||
|
||||
pkgname=ykpivmgr
|
||||
version=1.5.0
|
||||
revision=4
|
||||
revision=5
|
||||
wrksrc="${_real_name}-${version}"
|
||||
build_style=gnu-configure
|
||||
configure_args="--enable-doxygen-man --program-transform-name='s/^yubico-piv-tool$/ykpivmgr/'"
|
||||
|
|
|
|||
Loading…
Reference in a new issue