OpenSSL changes for version differences

timlegge · timlegge · commit 9c21224959b4 · 2023-06-25T14:31:25.000-03:00
diff --git a/Makefile.PL b/Makefile.PL
@@ -10,9 +10,11 @@ use ExtUtils::MakeMaker;
 
 use Config;
 use File::Spec;
-
+use Crypt::OpenSSL::Guess;
 my %args;
 
+my ($major, $minor, $patch) = openssl_version();
+print "Installed OpenSSL: $major.$minor.$patch\n";
 if ($^O ne 'MSWin32' and my $prefix = `brew --prefix --installed openssl\@1.1 2>@{[File::Spec->devnull]}`) {
   chomp $prefix;
   $args{INC} = "-I$prefix/include";
@@ -32,7 +34,7 @@ if ($^O eq 'MSWin32') {
   }
 }
 
-my $cc_option_flags = ' -DOPENSSL_API_COMPAT=0x10100000L';
+my $cc_option_flags = $major ge 3 ? ' -DOPENSSL_API_COMPAT=30000' : ' -DOPENSSL_API_COMPAT=10100';
 
 if ($Config::Config{cc} =~ /gcc/i) {
   $cc_option_flags .= $ENV{AUTHOR_TESTING} ? ' -Wall -Werror' : ' -Wall';
@@ -79,7 +81,7 @@ my %WriteMakefileArgs = (
     "File::Slurper" => "0.012",
     "File::Which" => 0
   },
-  "VERSION" => "0.03",
+  "VERSION" => "0.04",
   "test" => {
     "TESTS" => "t/*.t"
   }
diff --git a/SignCSR.xs b/SignCSR.xs
@@ -31,7 +31,9 @@
 # define SERIAL_RAND_BITS 159
 
 BIO *bio_err;
+#if OPENSSL_API_COMPAT >= 30000
 OSSL_LIB_CTX *libctx = NULL;
+#endif
 static const char *propq = NULL;
 static unsigned long nmflag = 0;
 static char nmflag_set = 0;
@@ -165,7 +167,11 @@ int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vf
     int rv = 0;
 
     if (do_x509_req_init(x, vfyopts) > 0){
+#if OPENSSL_API_COMPAT <= 10100
+        rv = X509_REQ_verify(x, pkey);
+#else
         rv = X509_REQ_verify_ex(x, pkey, libctx, propq);
+#endif
     }
     else
         rv = -1;
@@ -242,25 +248,42 @@ unsigned long get_nameopt(void)
         nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | ASN1_STRFLGS_UTF8_CONVERT;
 }
 
+#if OPENSSL_API_COMPAT >= 30000
 static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, const char *md, STACK_OF(OPENSSL_STRING) *sigopts)
+#else
+static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
+#endif
 {
     EVP_PKEY_CTX *pkctx = NULL;
+#if OPENSSL_API_COMPAT >= 30000
     char def_md[80];
+#else
+    int def_nid;
+#endif
 
     if (ctx == NULL)
         return 0;
     /*
      * EVP_PKEY_get_default_digest_name() returns 2 if the digest is mandatory
      * for this algorithm.
      */
+#if OPENSSL_API_COMPAT >= 30000
     if (EVP_PKEY_get_default_digest_name(pkey, def_md, sizeof(def_md)) == 2
             && strcmp(def_md, "UNDEF") == 0) {
+#else
+    if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) == 2
+        && def_nid == NID_undef) {
+#endif
         /* The signing algorithm requires there to be no digest */
         md = NULL;
     }
 
+#if OPENSSL_API_COMPAT >= 30000
     int val = EVP_DigestSignInit_ex(ctx, &pkctx, md, libctx,
                                  propq, pkey, NULL);
+#else
+    int val = EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey);
+#endif
     return val
         && do_pkey_ctx_init(pkctx, sigopts);
 }
@@ -412,7 +435,11 @@ SV * sign(self, request_SV, days, name_SV, text, sigopts)
 
         // Create a new certificate store
         X509 * x;
+#if OPENSSL_API_COMPAT <= 10100
+        if ((x = X509_new()) == NULL)
+#else
         if ((x = X509_new_ex(libctx, propq)) == NULL)
+#endif
             croak("X509_new_ex failed ...\n");
 
         // FIXME need to look at this
@@ -460,18 +487,30 @@ SV * sign(self, request_SV, days, name_SV, text, sigopts)
 
         // Create the X509 v3 extensions for the certificate
         X509V3_CTX ext_ctx;
-        X509V3_set_ctx(&ext_ctx, issuer_cert, x, csr /*NULL*/, NULL, X509V3_CTX_REPLACE);
 
         // Set the certificate issuer from the private key
+#if OPENSSL_API_COMPAT >= 30000
+        X509V3_set_ctx(&ext_ctx, issuer_cert, x, NULL, NULL, X509V3_CTX_REPLACE);
         if (!X509V3_set_issuer_pkey(&ext_ctx, private_key))
             croak("X509V3_set_issuer_pkey cannot set issuer private key\n");
+#else
+        X509V3_set_ctx(&ext_ctx, issuer_cert, x, csr, NULL, X509V3_CTX_REPLACE);
+#endif
 
         // Set the X509 version of the certificate
+#if OPENSSL_API_COMPAT >= 30000
         if (!X509_set_version(x, X509_VERSION_3))
+#else
+        if (!X509_set_version(x, 2))
+#endif
             croak("X509_set_version cannot set version 3\n");
 
         // Get digestname parameter - verify that it is valid
+#if OPENSSL_API_COMPAT >= 30300
+        const EVP_MD *dgst;
+#else
         EVP_MD * md;
+#endif
         digestname = (unsigned char*) SvPV(name_SV, digestname_length);
         md = (EVP_MD *)EVP_get_digestbyname(digestname);
         if (md != NULL)
@@ -483,7 +522,11 @@ SV * sign(self, request_SV, days, name_SV, text, sigopts)
         mctx = EVP_MD_CTX_new();
 
         // Sign the new certificate
+#if OPENSSL_API_COMPAT >= 30000
         if (mctx != NULL && do_sign_init(mctx, private_key, digestname, NULL /*sigopts*/) > 0)
+#else
+        if (mctx != NULL && do_sign_init(mctx, private_key, md, NULL /*sigopts*/) > 0)
+#endif
             rv = (X509_sign_ctx(x, mctx) > 0);
 
         if (rv == 0)
diff --git a/cpanfile b/cpanfile
@@ -0,0 +1,22 @@
+# This file is generated by Dist::Zilla::Plugin::CPANFile v6.030
+# Do not edit this file directly. To change prereqs, edit the `dist.ini` file.
+
+requires "perl" => "5.008";
+
+on 'test' => sub {
+  requires "Crypt::OpenSSL::PKCS10" => "0.19";
+  requires "Crypt::OpenSSL::RSA" => "0";
+  requires "File::Slurper" => "0.012";
+  requires "File::Which" => "0";
+};
+
+on 'configure' => sub {
+  requires "ExtUtils::MakeMaker" => "0";
+};
+
+on 'develop' => sub {
+  requires "Test::CPAN::Meta::JSON" => "0.16";
+  requires "Test::Kwalitee" => "1.21";
+  requires "Test::Pod" => "1.41";
+  requires "Test::Spelling" => "0.12";
+};
diff --git a/lib/Crypt/OpenSSL/SignCSR.pm b/lib/Crypt/OpenSSL/SignCSR.pm
@@ -1,13 +1,13 @@
 # ABSTRACT OpenSSL Self Sign a Certificate Signing Request in XS.
 package Crypt::OpenSSL::SignCSR;
 
-use 5.036001;
+use 5.008;
 use strict;
 use warnings;
 
 require Exporter;
 
-our $VERSION  = "0.03";
+our $VERSION  = "0.04";
 
 our @ISA = qw(Exporter);
 
diff --git a/maint/Makefile_header.PL b/maint/Makefile_header.PL
@@ -1,8 +1,10 @@
 use Config;
 use File::Spec;
-
+use Crypt::OpenSSL::Guess;
 my %args;
 
+my ($major, $minor, $patch) = openssl_version();
+print "Installed OpenSSL: $major.$minor.$patch\n";
 if ($^O ne 'MSWin32' and my $prefix = `brew --prefix --installed openssl\@1.1 2>@{[File::Spec->devnull]}`) {
   chomp $prefix;
   $args{INC} = "-I$prefix/include";
@@ -22,7 +24,7 @@ if ($^O eq 'MSWin32') {
   }
 }
 
-my $cc_option_flags = ' -DOPENSSL_API_COMPAT=0x10100000L';
+my $cc_option_flags = $major ge 3 ? ' -DOPENSSL_API_COMPAT=30000' : ' -DOPENSSL_API_COMPAT=10100';
 
 if ($Config::Config{cc} =~ /gcc/i) {
   $cc_option_flags .= $ENV{AUTHOR_TESTING} ? ' -Wall -Werror' : ' -Wall';
