Attachment #521054 for bug #648796

View | Details | Raw Unified | Return to bug 648796
Collapse All | Expand All

Lines 38-43 Link Here

(-)a/tool/util.c (+1 lines)
38	#endif	38	#endif
39		39
40	#include "openssl-compat.h"	40	#include "openssl-compat.h"
		41	#include <openssl/bn.h>
41	#include <openssl/evp.h>	42	#include <openssl/evp.h>
42	#include <openssl/x509.h>	43	#include <openssl/x509.h>
43	#include <openssl/rsa.h>	44	#include <openssl/rsa.h>




#endif

#include "openssl-compat.h"
#include <openssl/bn.h>
#include <openssl/des.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>

#include "cmdline.h"
#include "util.h"

    fprintf(stderr, "Failed to set certificate serial.\n");
    goto selfsign_out;
  }
#if OPENSSL_VERSION_NUMBER < 0x10100000L
  if(!X509_gmtime_adj(X509_get_notBefore(x509), 0)) {
#else
  if(!X509_gmtime_adj(X509_getm_notBefore(x509), 0)) {
#endif
    fprintf(stderr, "Failed to set certificate notBefore.\n");
    goto selfsign_out;
  }
#if OPENSSL_VERSION_NUMBER < 0x10100000L
  if(!X509_gmtime_adj(X509_get_notAfter(x509), 60L * 60L * 24L * validDays)) {
#else
  if(!X509_gmtime_adj(X509_getm_notAfter(x509), 60L * 60L * 24L * validDays)) {
#endif
    fprintf(stderr, "Failed to set certificate notAfter.\n");
    goto selfsign_out;
  }


  if(*ptr++ == 0x70) {
    unsigned int md_len = sizeof(data);
    const ASN1_TIME *not_before, *not_after;

    ptr += get_length(ptr, &cert_len);
    x509 = X509_new();

    dump_data(data, md_len, output, false, format_arg_hex);

    bio = BIO_new_fp(output, BIO_NOCLOSE | BIO_FP_TEXT);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
    not_before = X509_get_notBefore(x509);
#else
    not_before = X509_get0_notBefore(x509);
#endif
    if(not_before) {
      fprintf(output, "\tNot Before:\t");
      ASN1_TIME_print(bio, not_before);
      fprintf(output, "\n");
    }
#if OPENSSL_VERSION_NUMBER < 0x10100000L
    not_after = X509_get_notAfter(x509);
#else
    not_after = X509_get0_notAfter(x509);
#endif
    if(not_after) {
      fprintf(output, "\tNot After:\t");
      ASN1_TIME_print(bio, not_after);



  /* openssl setup.. */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
  OpenSSL_add_all_algorithms();
#endif


  for(i = 0; i < args_info.action_given; i++) {

  }

  ykpiv_done(state);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
  EVP_cleanup();
#endif
  return ret;
}

Lines 31-36 Link Here

(-)a/ykcs11/openssl_types.h (+1 lines)
31	#ifndef OPENSSL_TYPES_H	31	#ifndef OPENSSL_TYPES_H
32	#define OPENSSL_TYPES_H	32	#define OPENSSL_TYPES_H
33		33
		34	#include <openssl/bn.h>
34	#include <openssl/x509.h>	35	#include <openssl/x509.h>
35	#include <openssl/evp.h>	36	#include <openssl/evp.h>
36	#include <openssl/rsa.h>	37	#include <openssl/rsa.h>

Lines 35-40 Link Here

(-)a/ykcs11/openssl_utils.c (+11 lines)
35	#include "debug.h"	35	#include "debug.h"
36	#include <string.h>	36	#include <string.h>
37		37
		38	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		39	# define X509_set_notBefore X509_set1_notBefore
		40	# define X509_set_notAfter X509_set1_notAfter
		41	#endif
		42
38	CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert) {	43	CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert) {
39		44
40	const unsigned char *p = data; // Mandatory temp variable required by OpenSSL	45	const unsigned char *p = data; // Mandatory temp variable required by OpenSSL
Lines 580-586 CK_RV do_pkcs_pss(ykcs11_rsa_key_t *key, CK_BYTE_PTR in, CK_ULONG in_len, Link Here
580	int nid, CK_BYTE_PTR out, CK_ULONG_PTR out_len) {	585	int nid, CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
581	unsigned char em[RSA_size(key)];	586	unsigned char em[RSA_size(key)];
582		587
		588	#if OPENSSL_VERSION_NUMBER < 0x10100000L
583	OpenSSL_add_all_digests();	589	OpenSSL_add_all_digests();
		590	#endif
584		591
585	DBG("Apply PSS padding to %lu bytes and get %d", in_len, RSA_size(key));	592	DBG("Apply PSS padding to %lu bytes and get %d", in_len, RSA_size(key));
586		593
Lines 590-603 CK_RV do_pkcs_pss(ykcs11_rsa_key_t *key, CK_BYTE_PTR in, CK_ULONG in_len, Link Here
590		597
591	// In case of raw PSS (no hash) this function will fail because OpenSSL requires an MD	598	// In case of raw PSS (no hash) this function will fail because OpenSSL requires an MD
592	if (RSA_padding_add_PKCS1_PSS(key, em, out, EVP_get_digestbynid(nid), -2) == 0) {	599	if (RSA_padding_add_PKCS1_PSS(key, em, out, EVP_get_digestbynid(nid), -2) == 0) {
		600	#if OPENSSL_VERSION_NUMBER < 0x10100000L
593	EVP_cleanup();	601	EVP_cleanup();
		602	#endif
594	return CKR_FUNCTION_FAILED;	603	return CKR_FUNCTION_FAILED;
595	}	604	}
596		605
597	memcpy(out, em, sizeof(em));	606	memcpy(out, em, sizeof(em));
598	*out_len = (CK_ULONG) sizeof(em);	607	*out_len = (CK_ULONG) sizeof(em);
599		608
		609	#if OPENSSL_VERSION_NUMBER < 0x10100000L
600	EVP_cleanup();	610	EVP_cleanup();
		611	#endif
601		612
602	return CKR_OK;	613	return CKR_OK;
603	}	614	}

Return to bug 648796

Lines 43-52 Link Here

(-)a/tool/yubico-piv-tool.c (-1 / +23 lines)
43	#endif	43	#endif
44		44
45	#include "openssl-compat.h"	45	#include "openssl-compat.h"
		46	#include <openssl/bn.h>
46	#include <openssl/des.h>	47	#include <openssl/des.h>
47	#include <openssl/pem.h>	48	#include <openssl/pem.h>
48	#include <openssl/pkcs12.h>	49	#include <openssl/pkcs12.h>
49	#include <openssl/rand.h>	50	#include <openssl/rand.h>
		51	#include <openssl/rsa.h>
50		52
51	#include "cmdline.h"	53	#include "cmdline.h"
52	#include "util.h"	54	#include "util.h"
Lines 859-869 static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo Link Here
859	fprintf(stderr, "Failed to set certificate serial.\n");	861	fprintf(stderr, "Failed to set certificate serial.\n");
860	goto selfsign_out;	862	goto selfsign_out;
861	}	863	}
		864	#if OPENSSL_VERSION_NUMBER < 0x10100000L
862	if(!X509_gmtime_adj(X509_get_notBefore(x509), 0)) {	865	if(!X509_gmtime_adj(X509_get_notBefore(x509), 0)) {
		866	#else
		867	if(!X509_gmtime_adj(X509_getm_notBefore(x509), 0)) {
		868	#endif
863	fprintf(stderr, "Failed to set certificate notBefore.\n");	869	fprintf(stderr, "Failed to set certificate notBefore.\n");
864	goto selfsign_out;	870	goto selfsign_out;
865	}	871	}
		872	#if OPENSSL_VERSION_NUMBER < 0x10100000L
866	if(!X509_gmtime_adj(X509_get_notAfter(x509), 60L * 60L * 24L * validDays)) {	873	if(!X509_gmtime_adj(X509_get_notAfter(x509), 60L * 60L * 24L * validDays)) {
		874	#else
		875	if(!X509_gmtime_adj(X509_getm_notAfter(x509), 60L * 60L * 24L * validDays)) {
		876	#endif
867	fprintf(stderr, "Failed to set certificate notAfter.\n");	877	fprintf(stderr, "Failed to set certificate notAfter.\n");
868	goto selfsign_out;	878	goto selfsign_out;
869	}	879	}
Lines 1232-1238 static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_M Link Here
1232		1242
1233	if(*ptr++ == 0x70) {	1243	if(*ptr++ == 0x70) {
1234	unsigned int md_len = sizeof(data);	1244	unsigned int md_len = sizeof(data);
1235	ASN1_TIME not_before, not_after;	1245	const ASN1_TIME not_before, not_after;
1236		1246
1237	ptr += get_length(ptr, &cert_len);	1247	ptr += get_length(ptr, &cert_len);
1238	x509 = X509_new();	1248	x509 = X509_new();
Lines 1290-1302 static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_M Link Here
1290	dump_data(data, md_len, output, false, format_arg_hex);	1300	dump_data(data, md_len, output, false, format_arg_hex);
1291		1301
1292	bio = BIO_new_fp(output, BIO_NOCLOSE \| BIO_FP_TEXT);	1302	bio = BIO_new_fp(output, BIO_NOCLOSE \| BIO_FP_TEXT);
		1303	#if OPENSSL_VERSION_NUMBER < 0x10100000L
1293	not_before = X509_get_notBefore(x509);	1304	not_before = X509_get_notBefore(x509);
		1305	#else
		1306	not_before = X509_get0_notBefore(x509);
		1307	#endif
1294	if(not_before) {	1308	if(not_before) {
1295	fprintf(output, "\tNot Before:\t");	1309	fprintf(output, "\tNot Before:\t");
1296	ASN1_TIME_print(bio, not_before);	1310	ASN1_TIME_print(bio, not_before);
1297	fprintf(output, "\n");	1311	fprintf(output, "\n");
1298	}	1312	}
		1313	#if OPENSSL_VERSION_NUMBER < 0x10100000L
1299	not_after = X509_get_notAfter(x509);	1314	not_after = X509_get_notAfter(x509);
		1315	#else
		1316	not_after = X509_get0_notAfter(x509);
		1317	#endif
1300	if(not_after) {	1318	if(not_after) {
1301	fprintf(output, "\tNot After:\t");	1319	fprintf(output, "\tNot After:\t");
1302	ASN1_TIME_print(bio, not_after);	1320	ASN1_TIME_print(bio, not_after);
Lines 1941-1947 int main(int argc, char *argv[]) { Link Here
1941		1959
1942		1960
1943	/* openssl setup.. */	1961	/* openssl setup.. */
		1962	#if OPENSSL_VERSION_NUMBER < 0x10100000L
1944	OpenSSL_add_all_algorithms();	1963	OpenSSL_add_all_algorithms();
		1964	#endif
1945		1965
1946		1966
1947	for(i = 0; i < args_info.action_given; i++) {	1967	for(i = 0; i < args_info.action_given; i++) {
Lines 2182-2187 int main(int argc, char *argv[]) { Link Here
2182	}	2202	}
2183		2203
2184	ykpiv_done(state);	2204	ykpiv_done(state);
		2205	#if OPENSSL_VERSION_NUMBER < 0x10100000L
2185	EVP_cleanup();	2206	EVP_cleanup();
		2207	#endif
2186	return ret;	2208	return ret;
2187	}	2209	}