NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dc819438f6
kumquat-buildroot/package/libest/0001-java-jni-client.c-add-support-for-OpenSSL-1.1.patch
Aleksandr Makarov f6f0e1e581 package/libest: new package 
libest is a C implementation of RFC 7030 (Enrollment over
Secure Transport).

It can be used to provision public key certificates from
a certificate authority (CA) or registration authority (RA)
to end-user devices and network infrastructure devices.

https://github.com/cisco/libest

Notes on patches included in this package:

- libest bundles a stubbed version of libsafec, and has no provision
  to build against a system-installed full (non-stubbed) libsafec.
  We add a patch to make that possible.

- Added a configuration option --{enable,disable}-examples to toggle
  examples build by a separate patch.

- There's a configuration option `--enable-jni` which allows to build
  a JNI library for binding libest to Java programs. And that library
  would be using an outdated version of OpenSSL 1.0.
  We fix that by adding support for OpenSSL 1.1 API for that library.

- Fixed a bug when specifying either `--enable-FEATURE` or `--disable-FEATURE`
  has always been enabling the feature.

Signed-off-by: Aleksandr Makarov <aleksandr.o.makarov@gmail.com>
[Thomas:
- Added comments about the upstream status in existing patches
- Added a patch fixing an autoreconf issue
- Added a patch adding a missing "extern" on a variable to fix build
  with gcc 10
- Removed the glibc dependency by using the new libexecinfo package
- Drastically simplified the complex libcoap disabling and client-only
  mode vs. OpenJDK issue. libcoap support is now forcefully disabled,
  and client-mode only option is made invisible when OpenJDK is
  enabled.
- Fixed the license information;
- Added missing host-pkgconf
]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-01-08 14:29:27 +01:00

113 lines
3.9 KiB
Diff
Raw Blame History

From 8f152a6e47484056968973a71a16e4f2142213a9 Mon Sep 17 00:00:00 2001
From: Aleksandr Makarov <aleksandr.o.makarov@gmail.com>
Date: Mon, 13 Jul 2020 23:05:26 +0000
Subject: [PATCH] java/jni/client.c: add support for OpenSSL 1.1
This shall allow the java/jni to build with and link against OpenSSL 1.1.
Additionally, the configuration program will not attempt to process the
java/jni/ subdirectory if no --enable-jni has been specified.
Upstream: https://github.com/cisco/libest/pull/81/. It was merged
upstream in commit 4fd7e74dc556519132b9ea4c8a0f022bd1254a31, but this
commit mixes multiple patches in one.
Signed-off-by: Aleksandr Makarov <aleksandr.o.makarov@gmail.com>
---
Makefile.am | 8 ++++++--
configure.ac | 10 ++++++----
java/jni/client.c | 21 ++++++++++++++++-----
3 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 10e38fd..9601de6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,9 +1,13 @@
ACLOCAL_AMFLAGS = -I m4
+if ENABLE_JNI
+libest_jni = java/jni
+endif
+
if ENABLE_CLIENT_ONLY
-SUBDIRS = safe_c_stub src java/jni example/client example/client-simple example/client-brski
+SUBDIRS = safe_c_stub src $(libest_jni) example/client example/client-simple example/client-brski
else
-SUBDIRS = safe_c_stub src java/jni example/client example/client-simple example/server example/proxy example/client-brski
+SUBDIRS = safe_c_stub src $(libest_jni) example/client example/client-simple example/server example/proxy example/client-brski
endif
EXTRA_DIST = autogen.sh example/util LICENSE README.brski $(srcdir)/build.gradle $(srcdir)/example/build_examples.gradle
diff --git a/configure.ac b/configure.ac
index e02a54d..d648030 100644
--- a/configure.ac
+++ b/configure.ac
@@ -35,9 +35,9 @@ AM_COND_IF([FREEBSD], AC_MSG_RESULT([Skipping libdl check]),
AC_ARG_ENABLE([jni],
[AS_HELP_STRING([--enable-jni],
[Enable support for JNI library])],
- [jni_on=1],
- [jni_on=0])
-AM_CONDITIONAL([ENABLE_JNI], [test x$jni_on = x1])
+ [],
+ [enable_jni="no"])
+AM_CONDITIONAL([ENABLE_JNI], [test "$enable_jni" = "yes"])
AM_COND_IF([ENABLE_JNI],
AC_MSG_RESULT([JNI support enabled])
AC_DEFINE([ENABLE_JNI]),
@@ -198,5 +198,7 @@ AC_PREFIX_DEFAULT([/usr/local/est])
cp confdefs.h est_config.h
-AC_CONFIG_FILES([Makefile version safe_c_stub/Makefile safe_c_stub/lib/Makefile java/jni/Makefile src/Makefile src/est/Makefile example/client/Makefile example/client-simple/Makefile example/client-brski/Makefile example/server/Makefile example/proxy/Makefile])
+AC_CONFIG_FILES([Makefile version safe_c_stub/Makefile safe_c_stub/lib/Makefile src/Makefile src/est/Makefile example/client/Makefile example/client-simple/Makefile example/client-brski/Makefile example/server/Makefile example/proxy/Makefile])
+AM_COND_IF([ENABLE_JNI],
+ [AC_CONFIG_FILES([java/jni/Makefile])])
AC_OUTPUT
diff --git a/java/jni/client.c b/java/jni/client.c
index 9a8a34e..f7aeefc 100644
--- a/java/jni/client.c
+++ b/java/jni/client.c
@@ -130,11 +130,18 @@ static int jni_est_client_X509_REQ_sign (X509_REQ *x, EVP_PKEY *pkey, const EVP_
{
int rv;
EVP_PKEY_CTX *pkctx = NULL;
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx;
- EVP_MD_CTX_init(&mctx);
+#ifdef HAVE_OLD_OPENSSL
+ EVP_MD_CTX md_ctx;
+ mctx = &md_ctx;
- if (!EVP_DigestSignInit(&mctx, &pkctx, md, NULL, pkey)) {
+ EVP_MD_CTX_init(mctx);
+#else
+ mctx = EVP_MD_CTX_new();
+#endif
+
+ if (!EVP_DigestSignInit(mctx, &pkctx, md, NULL, pkey)) {
return 0;
}
@@ -150,9 +157,13 @@ static int jni_est_client_X509_REQ_sign (X509_REQ *x, EVP_PKEY *pkey, const EVP_
x->req_info->enc.modified = 1;
#endif
- rv = X509_REQ_sign_ctx(x, &mctx);
+ rv = X509_REQ_sign_ctx(x, mctx);
- EVP_MD_CTX_cleanup(&mctx);
+#ifdef HAVE_OLD_OPENSSL
+ EVP_MD_CTX_cleanup(mctx);
+#else
+ EVP_MD_CTX_free(mctx);
+#endif
return (rv);
}
--
2.17.1
Reference in New Issue View Git Blame Copy Permalink