1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
https://bugs.gentoo.org/903001
https://github.com/radiator-software/p5-net-ssleay/pull/360
https://github.com/radiator-software/p5-net-ssleay/commit/4a886e06c1cac80e7fb3f8d52146a27ce557ba8c
https://github.com/radiator-software/p5-net-ssleay/pull/362
https://github.com/radiator-software/p5-net-ssleay/commit/88c3bbc45399c8ef2c8879aada8bfa91d8bc6c10
https://github.com/radiator-software/p5-net-ssleay/pull/363
https://github.com/radiator-software/p5-net-ssleay/commit/3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d
From 4a886e06c1cac80e7fb3f8d52146a27ce557ba8c Mon Sep 17 00:00:00 2001
From: Alexander Bluhm <alexander.bluhm@gmx.net>
Date: Wed, 19 Jan 2022 14:56:22 +0100
Subject: [PATCH] Use X509_get0_tbs_sigalg() for LibreSSL. (#360)
* Use X509_get0_tbs_sigalg() for LibreSSL.
LibreSSL 3.5.0 has removed access to internal data structures. Use
X509_get0_tbs_sigalg() like in OpenSSL 1.1.
* Start Changes for the next release.
Co-authored-by: Heikki Vatiainen <hvn@radiatorsoftware.com>
---
Changes | 5 +++++
SSLeay.xs | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
From 88c3bbc45399c8ef2c8879aada8bfa91d8bc6c10 Mon Sep 17 00:00:00 2001
From: Alexander Bluhm <alexander.bluhm@gmx.net>
Date: Wed, 19 Jan 2022 20:38:57 +0100
Subject: [PATCH] Use OCSP_SINGLERESP_get0_id() for LibreSSL. (#362)
LibreSSL 3.5.0 has removed access to internal ocsp data structures.
Use OCSP_SINGLERESP_get0_id() like in OpenSSL 1.1.
---
SSLeay.xs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
From 3dd2f101b8e15a59f66e22525b8d001d5ad6ce7d Mon Sep 17 00:00:00 2001
From: Alexander Bluhm <alexander.bluhm@gmx.net>
Date: Thu, 20 Jan 2022 19:15:27 +0100
Subject: [PATCH] Implement RSA_get_key_parameters() for newer LibreSSL. (#363)
LibreSSL 3.5.0 has removed access to internal rsa data structures.
Use RSA_get0... functions to provide RSA_get_key_parameters().
---
SSLeay.xs | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/SSLeay.xs b/SSLeay.xs
index b0667e2..58f1716 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -1914,7 +1914,7 @@ X509 * find_issuer(X509 *cert,X509_STORE *store, STACK_OF(X509) *chain) {
return issuer;
}
-SV* bn2sv(BIGNUM* p_bn)
+SV* bn2sv(const BIGNUM* p_bn)
{
return p_bn != NULL
? sv_2mortal(newSViv((IV) BN_dup(p_bn)))
@@ -6283,8 +6283,28 @@ RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
void
RSA_get_key_parameters(rsa)
RSA * rsa
+PREINIT:
+#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+ const BIGNUM *n, *e, *d;
+ const BIGNUM *p, *q;
+ const BIGNUM *dmp1, *dmq1, *iqmp;
+#endif
PPCODE:
{
+#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+ RSA_get0_key(rsa, &n, &e, &d);
+ RSA_get0_factors(rsa, &p, &q);
+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+ /* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
+ XPUSHs(bn2sv(n));
+ XPUSHs(bn2sv(e));
+ XPUSHs(bn2sv(d));
+ XPUSHs(bn2sv(p));
+ XPUSHs(bn2sv(q));
+ XPUSHs(bn2sv(dmp1));
+ XPUSHs(bn2sv(dmq1));
+ XPUSHs(bn2sv(iqmp));
+#else
/* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
XPUSHs(bn2sv(rsa->n));
XPUSHs(bn2sv(rsa->e));
@@ -6294,9 +6314,10 @@ PPCODE:
XPUSHs(bn2sv(rsa->dmp1));
XPUSHs(bn2sv(rsa->dmq1));
XPUSHs(bn2sv(rsa->iqmp));
+#endif
}
-#endif
+#endif /* OpenSSL < 1.1 or LibreSSL */
void
RSA_free(r)
@@ -7197,7 +7218,7 @@ ASN1_OBJECT *
P_X509_get_signature_alg(x)
X509 * x
CODE:
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
#else
RETVAL = (x->cert_info->signature->algorithm);
@@ -7690,7 +7711,7 @@ OCSP_response_results(rsp,...)
if (!idsv) {
/* getall: create new SV with OCSP_CERTID */
unsigned char *pi,*pc;
-#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
int len = i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),NULL);
#else
int len = i2d_OCSP_CERTID(sir->certId,NULL);
@@ -7699,7 +7720,7 @@ OCSP_response_results(rsp,...)
Newx(pc,len,unsigned char);
if (!pc) croak("out of memory");
pi = pc;
-#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),&pi);
#else
i2d_OCSP_CERTID(sir->certId,&pi);
|