Re: mod_md in 2.4.61 fails to compile with openssl < 1.1.1

Fri, 05 Jul 2024 06:27:58 -0700 

On Fri, Jul 5, 2024 at 3:16 PM Yann Ylavic <ylavic....@gmail.com> wrote:
>
> On Fri, Jul 5, 2024 at 3:05 PM Ruediger Pluem <rpl...@apache.org> wrote:
> >
> >
> >
> > On 7/5/24 2:14 PM, Ruediger Pluem wrote:
> > >
> > >
> > > On 7/5/24 2:11 PM, Ruediger Pluem wrote:
> > >>
> > >>
> > >> On 7/5/24 2:04 PM, Stefan Eissing via dev wrote:
> > >>>
> > >>>
> > >>>> Am 05.07.2024 um 13:51 schrieb Ruediger Pluem <rpl...@apache.org>:
> > >>>>
> > >>>> I just noticed that mod_md in 2.4.61 fails to compile with openssl < 
> > >>>> 1.1.1. Below is the output against openssl 1.0.2 on RedHat 7:
> > >>>>
> > >>>> md_crypt.c: In function 'md_pkey_get_rsa_e64':
> > >>>> md_crypt.c:982:5: warning: implicit declaration of function 
> > >>>> 'EVP_PKEY_get0_RSA' [-Wimplicit-function-declaration]
> > >>>>     const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
> > >>>>     ^
> > >>>> md_crypt.c:982:22: warning: initialization makes pointer from integer 
> > >>>> without a cast [enabled by default]
> > >>>>     const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
> > >>>>                      ^
> > >>>> md_crypt.c: In function 'md_pkey_get_rsa_n64':
> > >>>> md_crypt.c:1002:22: warning: initialization makes pointer from integer 
> > >>>> without a cast [enabled by default]
> > >>>>     const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
> > >>>>                      ^
> >
> > This was already the case with 2.4.59 and openssl 1.0.2. Hence we did not 
> > fail to compile but loading of mod_md likely would fail
> > as the symbol EVP_PKEY_get0_RSA is not available with openssl 1.0.2.
>
> This probably comes from r1913912 (2.4.x) which backported r1913616
> (trunk) which changed EVP_PKEY_get1_RSA() => EVP_PKEY_get0_RSA(), the
> former being probably available in < 1.1.1.
> So the check for using EVP_PKEY_get{0,1}_RSA() or the new openssl >= 3
> API should probably be something like:
>
> #if OPENSSL_VERSION_NUMBER < 0x10101000L
>     RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey);
>     if (rsa) {
>         const char *ret;
>         const BIGNUM *e;
>         RSA_get0_key(rsa, NULL, &e, NULL);
>         ret = bn64(e, p);
>         RSA_free(rsa);
>         return ret;
>     }
> #elif OPENSSL_VERSION_NUMBER < 0x30000000L
>     ...
> #else
>     ...
> #endif
>
> ?

Patch attached.

>
>
> Regards;
> Yann.

Index: modules/md/md_crypt.c
===================================================================
--- modules/md/md_crypt.c	(revision 1918881)
+++ modules/md/md_crypt.c	(working copy)
@@ -978,7 +978,17 @@ static const char *bn64(const BIGNUM *b, apr_pool_
 
 const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p)
 {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
+    RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey);
+    if (rsa) {
+        const char *ret;
+        const BIGNUM *e;
+        RSA_get0_key(rsa, NULL, &e, NULL);
+        ret = bn64(e, p);
+        RSA_free(rsa);
+        return ret;
+    }
+#elif OPENSSL_VERSION_NUMBER < 0x30000000L
     const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
     if (rsa) {
         const BIGNUM *e;
@@ -998,7 +1008,17 @@ const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, a
 
 const char *md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p)
 {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
+    RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey);
+    if (rsa) {
+        const char *ret;
+        const BIGNUM *n;
+        RSA_get0_key(rsa, &n, NULL, NULL);
+        ret = bn64(n, p);
+        RSA_free(rsa);
+        return ret;
+    }
+#elif OPENSSL_VERSION_NUMBER < 0x30000000L
     const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
     if (rsa) {
         const BIGNUM *n;

Reply via email to