Re: svn commit: r1836445 [1/3] - in /apr/apr-util/branches/1.7.x: ./ crypto/ include/ include/private/ test/

Graham Leggett Tue, 10 Mar 2020 17:10:11 -0700

On 07 Aug 2019, at 00:55, Rainer Jung <rainer.j...@kippdata.de> wrote:


> Solaris(10) provides NSS support but it is somewhat outdated. Especially it 
> does not know about SEC_OID_SHA224, so compilation (linking) fails.
> 
> So currently APR trunk and APR-UTIL 1.7.x no longer compile on Solaris (1.7.x 
> has more problems outside of crypto).
> 
> We might need to detect SEC_OID_SHA224 during configure and find a way to 
> cope with its nonexistence in the code.

Something like this?

Index: build/crypto.m4
===================================================================
--- build/crypto.m4     (revision 1872051)
+++ build/crypto.m4     (working copy)
@@ -185,6 +185,7 @@
       AC_CHECK_HEADERS(prerror.h, [nss_have_prerrorh=1])
       AC_CHECK_HEADERS(nss/nss.h nss.h, [nss_have_nssh=1])
       AC_CHECK_HEADERS(nss/pk11pub.h pk11pub.h, [nss_have_pk11pubh=1])
+      AC_CHECK_HEADERS(nss/secoidt.h secoidt.h)
       nss_have_headers=${nss_have_prerrorh}${nss_have_nssh}${nss_have_pk11pubh}
       AC_CHECK_LIB(nspr4, PR_Initialize, AC_CHECK_LIB(nss3, 
PK11_CreatePBEV2AlgorithmID, [nss_have_libs=1],,-lnspr4))
       if test "$nss_have_headers" = "111" && test "$nss_have_libs" != "0"; then
@@ -207,6 +208,7 @@
       AC_CHECK_HEADERS(prerror.h, [nss_have_prerrorh=1])
       AC_CHECK_HEADERS(nss/nss.h nss.h, [nss_have_nssh=1])
       AC_CHECK_HEADERS(nss/pk11pub.h pk11pub.h, [nss_have_pk11pubh=1])
+      AC_CHECK_HEADERS(nss/secoidt.h secoidt.h)
       nss_have_headers=${nss_have_prerrorh}${nss_have_nssh}${nss_have_pk11pubh}
       AC_CHECK_LIB(nspr4, PR_Initialize, AC_CHECK_LIB(nss3, 
PK11_CreatePBEV2AlgorithmID, [nss_have_libs=1],,-lnspr4))
       if test "$nss_have_headers" = "111" && test "$nss_have_libs" != "0"; then
@@ -232,9 +234,52 @@
   AC_SUBST(LDADD_crypto_nss)
   AC_SUBST(apu_have_crypto)
 
+  AC_TRY_COMPILE([#include <secoidt.h>],[  int p; p = SEC_OID_MD5;] ,
+    AC_DEFINE(HAVE_SEC_OID_MD5,1,
+        [Define 1 if SEC_OID_MD5 is defined.]))
+  AC_TRY_COMPILE([#include <nss/secoidt.h>],[  int p; p = SEC_OID_MD5;] ,
+    AC_DEFINE(HAVE_SEC_OID_MD5,1,
+        [Define 1 if SEC_OID_MD5 is defined.]))
+
+  AC_TRY_COMPILE([#include <secoidt.h>],[  int p; p = SEC_OID_SHA1;] ,
+    AC_DEFINE(HAVE_SEC_OID_SHA1,1,
+        [Define 1 if SEC_OID_SHA1 is defined.]))
+  AC_TRY_COMPILE([#include <nss/secoidt.h>],[  int p; p = SEC_OID_SHA1;] ,
+    AC_DEFINE(HAVE_SEC_OID_SHA1,1,
+        [Define 1 if SEC_OID_SHA1 is defined.]))
+
+  AC_TRY_COMPILE([#include <secoidt.h>],[  int p; p = SEC_OID_SHA224;] ,
+    AC_DEFINE(HAVE_SEC_OID_SHA224,1,
+        [Define 1 if SEC_OID_SHA224 is defined.]))
+  AC_TRY_COMPILE([#include <nss/secoidt.h>],[  int p; p = SEC_OID_SHA224;] ,
+    AC_DEFINE(HAVE_SEC_OID_SHA224,1,
+        [Define 1 if SEC_OID_SHA224 is defined.]))
+
+  AC_TRY_COMPILE([#include <secoidt.h>],[  int p; p = SEC_OID_SHA256;] ,
+    AC_DEFINE(HAVE_SEC_OID_SHA256,1,
+        [Define 1 if SEC_OID_SHA256 is defined.]))
+  AC_TRY_COMPILE([#include <nss/secoidt.h>],[  int p; p = SEC_OID_SHA256;] ,
+    AC_DEFINE(HAVE_SEC_OID_SHA256,1,
+        [Define 1 if SEC_OID_SHA256 is defined.]))
+
+  AC_TRY_COMPILE([#include <secoidt.h>],[  int p; p = SEC_OID_SHA384;] ,
+    AC_DEFINE(HAVE_SEC_OID_SHA384,1,
+        [Define 1 if SEC_OID_SHA384 is defined.]))
+  AC_TRY_COMPILE([#include <nss/secoidt.h>],[  int p; p = SEC_OID_SHA384;] ,
+    AC_DEFINE(HAVE_SEC_OID_SHA384,1,
+        [Define 1 if SEC_OID_SHA384 is defined.]))
+
+  AC_TRY_COMPILE([#include <secoidt.h>],[  int p; p = SEC_OID_SHA512;] ,
+    AC_DEFINE(HAVE_SEC_OID_SHA512,1,
+        [Define 1 if SEC_OID_SHA512 is defined.]))
+  AC_TRY_COMPILE([#include <nss/secoidt.h>],[  int p; p = SEC_OID_SHA512;] ,
+    AC_DEFINE(HAVE_SEC_OID_SHA512,1,
+        [Define 1 if SEC_OID_SHA512 is defined.]))
+
   LIBS="$old_libs"
   CPPFLAGS="$old_cppflags"
   LDFLAGS="$old_ldflags"
+
 ])
 
 AC_DEFUN([APU_CHECK_CRYPTO_COMMONCRYPTO], [
Index: crypto/apr_crypto_nss.c
===================================================================
--- crypto/apr_crypto_nss.c     (revision 1872051)
+++ crypto/apr_crypto_nss.c     (working copy)
@@ -382,12 +382,25 @@
     if (!f->digests) {
         return APR_ENOMEM;
     }
-    apr_hash_set(f->digests, "md5", APR_HASH_KEY_STRING, &(key_digests[i = 
0]));
+    i = 0;
+#if HAVE_SEC_OID_MD5
+    apr_hash_set(f->digests, "md5", APR_HASH_KEY_STRING, &(key_digests[i++]));
+#endif
+#if HAVE_SEC_OID_SHA1
     apr_hash_set(f->digests, "sha1", APR_HASH_KEY_STRING, &(key_digests[++i]));
+#endif
+#if HAVE_SEC_OID_SHA224
     apr_hash_set(f->digests, "sha224", APR_HASH_KEY_STRING, 
&(key_digests[++i]));
+#endif
+#if HAVE_SEC_OID_SHA256
     apr_hash_set(f->digests, "sha256", APR_HASH_KEY_STRING, 
&(key_digests[++i]));
+#endif
+#if HAVE_SEC_OID_SHA384
     apr_hash_set(f->digests, "sha384", APR_HASH_KEY_STRING, 
&(key_digests[++i]));
+#endif
+#if HAVE_SEC_OID_SHA512
     apr_hash_set(f->digests, "sha512", APR_HASH_KEY_STRING, 
&(key_digests[++i]));
+#endif
 
     f->types = apr_hash_make(pool);
     if (!f->types) {
@@ -730,22 +743,46 @@
 
         switch (rec->k.hash.digest) {
         case APR_CRYPTO_DIGEST_MD5:
+#if HAVE_SEC_OID_MD5
             key->hashAlg = SEC_OID_MD5;
+#else
+            return APR_ENODIGEST;
+#endif
             break;
         case APR_CRYPTO_DIGEST_SHA1:
+#if HAVE_SEC_OID_SHA1
             key->hashAlg = SEC_OID_SHA1;
+#else
+            return APR_ENODIGEST;
+#endif
             break;
         case APR_CRYPTO_DIGEST_SHA224:
+#if HAVE_SEC_OID_SHA224
             key->hashAlg = SEC_OID_SHA224;
+#else
+            return APR_ENODIGEST;
+#endif
             break;
         case APR_CRYPTO_DIGEST_SHA256:
+#if HAVE_SEC_OID_SHA256
             key->hashAlg = SEC_OID_SHA256;
+#else
+            return APR_ENODIGEST;
+#endif
             break;
         case APR_CRYPTO_DIGEST_SHA384:
+#if HAVE_SEC_OID_SHA384
             key->hashAlg = SEC_OID_SHA384;
+#else
+            return APR_ENODIGEST;
+#endif
             break;
         case APR_CRYPTO_DIGEST_SHA512:
+#if HAVE_SEC_OID_SHA512
             key->hashAlg = SEC_OID_SHA512;
+#else
+            return APR_ENODIGEST;
+#endif
             break;
         default:
             return APR_ENODIGEST;
@@ -757,22 +794,46 @@
 
         switch (rec->k.hmac.digest) {
         case APR_CRYPTO_DIGEST_MD5:
+#ifdef CKM_MD5_HMAC
             key->hashMech = CKM_MD5_HMAC;
+#else
+            return APR_ENODIGEST;
+#endif
             break;
         case APR_CRYPTO_DIGEST_SHA1:
+#ifdef CKM_SHA_1_HMAC
             key->hashMech = CKM_SHA_1_HMAC;
+#else
+            return APR_ENODIGEST;
+#endif
             break;
         case APR_CRYPTO_DIGEST_SHA224:
+#ifdef CKM_SHA224_HMAC
             key->hashMech = CKM_SHA224_HMAC;
+#else
+            return APR_ENODIGEST;
+#endif
             break;
         case APR_CRYPTO_DIGEST_SHA256:
+#ifdef CKM_SHA256_HMAC
             key->hashMech = CKM_SHA256_HMAC;
+#else
+            return APR_ENODIGEST;
+#endif
             break;
         case APR_CRYPTO_DIGEST_SHA384:
+#ifdef CKM_SHA384_HMAC
             key->hashMech = CKM_SHA384_HMAC;
+#else
+            return APR_ENODIGEST;
+#endif
             break;
         case APR_CRYPTO_DIGEST_SHA512:
+#ifdef CKM_SHA512_HMAC
             key->hashMech = CKM_SHA512_HMAC;
+#else
+            return APR_ENODIGEST;
+#endif
             break;
         default:
             return APR_ENODIGEST;


Regards,
Graham
—

smime.p7s
Description: S/MIME cryptographic signature

Re: svn commit: r1836445 [1/3] - in /apr/apr-util/branches/1.7.x: ./ crypto/ include/ include/private/ test/

Reply via email to