diff --git a/CHANGELOG b/CHANGELOG index 5e3fc3136..61c3feec6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +o [GH#543] Restored compatibility with LibreSSL, which was lost in adding + library version checks for OpenSSL 1.1. [Wonko7] + o [Zenmap] Fixed a bug in the Compare Scans window of Zenmap on OS X resulting in this message instead of Ndiff output: ImportError: dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so, 2): no suitable image found. Did find: diff --git a/ncat/ncat_ssl.c b/ncat/ncat_ssl.c index 700896ab7..6b77a8d57 100644 --- a/ncat/ncat_ssl.c +++ b/ncat/ncat_ssl.c @@ -315,7 +315,7 @@ static int cert_match_dnsname(X509 *cert, const char *hostname, /* We must copy this address into a temporary variable because ASN1_item_d2i increments it. We don't want it to corrupt ext->value->data. */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if HAVE_OPAQUE_STRUCTS data = ext->value->data; #else ASN1_OCTET_STRING* asn1_str = X509_EXTENSION_get_data(ext); diff --git a/nping/Crypto.cc b/nping/Crypto.cc index e747d40b3..5725fda53 100644 --- a/nping/Crypto.cc +++ b/nping/Crypto.cc @@ -130,8 +130,13 @@ #include #include #include + +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER +#define HAVE_OPAQUE_EVP_PKEY 1 #endif +#endif /* HAVE_OPENSSL */ + extern NpingOps o; Crypto::Crypto(){ @@ -178,23 +183,7 @@ int Crypto::aes128_cbc_encrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key, #ifdef HAVE_OPENSSL if( o.doCrypto() ){ int flen=0, flen2=0; - #if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_CIPHER_CTX_set_padding(&ctx, 0); - int result=OP_SUCCESS; - if( EVP_EncryptInit(&ctx, EVP_aes_128_cbc(), key, iv)==0 ){ - nping_print(DBG_4, "EVP_EncryptInit() failed"); - result=OP_FAILURE; - }else if( EVP_EncryptUpdate(&ctx, dst_buff, &flen, inbuff, (int)inlen)==0 ){ - nping_print(DBG_4, "EVP_EncryptUpdate() failed"); - result=OP_FAILURE; - }else if( EVP_EncryptFinal(&ctx, dst_buff+flen, &flen2)==0 ){ - nping_print(DBG_4, "EVP_EncryptFinal() failed"); - result=OP_FAILURE; - } - EVP_CIPHER_CTX_cleanup(&ctx); - #else + #if HAVE_OPAQUE_EVP_PKEY EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX_reset(ctx); EVP_CIPHER_CTX_set_padding(ctx, 0); @@ -210,6 +199,22 @@ int Crypto::aes128_cbc_encrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key, result=OP_FAILURE; } EVP_CIPHER_CTX_cleanup(ctx); + #else + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + EVP_CIPHER_CTX_set_padding(&ctx, 0); + int result=OP_SUCCESS; + if( EVP_EncryptInit(&ctx, EVP_aes_128_cbc(), key, iv)==0 ){ + nping_print(DBG_4, "EVP_EncryptInit() failed"); + result=OP_FAILURE; + }else if( EVP_EncryptUpdate(&ctx, dst_buff, &flen, inbuff, (int)inlen)==0 ){ + nping_print(DBG_4, "EVP_EncryptUpdate() failed"); + result=OP_FAILURE; + }else if( EVP_EncryptFinal(&ctx, dst_buff+flen, &flen2)==0 ){ + nping_print(DBG_4, "EVP_EncryptFinal() failed"); + result=OP_FAILURE; + } + EVP_CIPHER_CTX_cleanup(&ctx); #endif return result; } @@ -231,21 +236,7 @@ int Crypto::aes128_cbc_decrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key, #ifdef HAVE_OPENSSL if( o.doCrypto() ){ int flen1=0, flen2=0; - #if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_CIPHER_CTX_set_padding(&ctx, 0); - int result=OP_SUCCESS; - if( EVP_DecryptInit(&ctx, EVP_aes_128_cbc(), key, iv)==0 ){ - nping_print(DBG_4, "EVP_DecryptInit() failed"); - result=OP_FAILURE; - }else if( EVP_DecryptUpdate(&ctx, dst_buff, &flen1, inbuff, (int)inlen)==0 ){ - nping_print(DBG_4, "EVP_DecryptUpdate() failed"); - result=OP_FAILURE; - }else if( EVP_DecryptFinal(&ctx, dst_buff+flen1, &flen2)==0 ){ - nping_print(DBG_4, "OpenSSL bug: it says EVP_DecryptFinal() failed when it didn't (%s).", - ERR_error_string(ERR_peek_last_error(), NULL)); - #else + #if HAVE_OPAQUE_EVP_PKEY EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX_reset(ctx); EVP_CIPHER_CTX_set_padding(ctx, 0); @@ -259,6 +250,20 @@ int Crypto::aes128_cbc_decrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key, }else if( EVP_DecryptFinal(ctx, dst_buff+flen1, &flen2)==0 ){ nping_print(DBG_4, "OpenSSL bug: it says EVP_DecryptFinal() failed when it didn't (%s).", ERR_error_string(ERR_peek_last_error(), NULL)); + #else + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + EVP_CIPHER_CTX_set_padding(&ctx, 0); + int result=OP_SUCCESS; + if( EVP_DecryptInit(&ctx, EVP_aes_128_cbc(), key, iv)==0 ){ + nping_print(DBG_4, "EVP_DecryptInit() failed"); + result=OP_FAILURE; + }else if( EVP_DecryptUpdate(&ctx, dst_buff, &flen1, inbuff, (int)inlen)==0 ){ + nping_print(DBG_4, "EVP_DecryptUpdate() failed"); + result=OP_FAILURE; + }else if( EVP_DecryptFinal(&ctx, dst_buff+flen1, &flen2)==0 ){ + nping_print(DBG_4, "OpenSSL bug: it says EVP_DecryptFinal() failed when it didn't (%s).", + ERR_error_string(ERR_peek_last_error(), NULL)); #endif /* We do not return OP_FAILURE in this case because the * EVP_DecryptFinal() function seems to be buggy and fails when it shouldn't. @@ -286,10 +291,10 @@ int Crypto::aes128_cbc_decrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key, //ERR_free_strings(); //ERR_pop_to_mark(); } - #if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX_cleanup(&ctx); - #else + #if HAVE_OPAQUE_EVP_PKEY EVP_CIPHER_CTX_reset(ctx); + #else + EVP_CIPHER_CTX_cleanup(&ctx); #endif return result; } @@ -327,31 +332,7 @@ u8 *Crypto::deriveKey(const u8 *from, size_t fromlen, size_t *final_len){ static u8 hash[MAX(SHA256_HASH_LEN, EVP_MAX_MD_SIZE)]; static u8 next[MAX(SHA256_HASH_LEN, EVP_MAX_MD_SIZE)]; unsigned int lastlen; - #if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_MD_CTX ctx; - EVP_MD_CTX_init(&ctx); - - if( EVP_MD_size(EVP_sha256()) != SHA256_HASH_LEN ) - nping_fatal(QT_2, "OpenSSL is broken. SHA256 len is %d\n", EVP_MD_size(EVP_sha256()) ); - - /* Compute the SHA256 hash of the supplied buffer */ - EVP_DigestInit(&ctx, EVP_sha256()); - EVP_DigestUpdate(&ctx, from, fromlen); - EVP_DigestFinal(&ctx, hash, &lastlen); - - /* Now compute the 1000th hash of that hash */ - for(int i=0; i #include +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER +#define HAVE_OPAQUE_STRUCTS 1 +#endif + extern "C" { #include "lua.h" #include "lauxlib.h" @@ -281,17 +285,32 @@ static int l_digest(lua_State *L) /** digest(string algorithm, string messag const unsigned char *msg = (unsigned char *) luaL_checklstring( L, 2, &msg_len ); unsigned char digest[EVP_MAX_MD_SIZE]; const EVP_MD * evp_md; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_MD_CTX mdctx; -#else +#if HAVE_OPAQUE_STRUCTS EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); +#else + EVP_MD_CTX mdctx; #endif evp_md = EVP_get_digestbyname( algorithm ); if (!evp_md) return luaL_error( L, "Unknown digest algorithm: %s", algorithm ); -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if HAVE_OPAQUE_STRUCTS + EVP_MD_CTX_reset(mdctx); + if (!( + EVP_DigestInit_ex( mdctx, evp_md, NULL ) && + EVP_DigestUpdate( mdctx, msg, msg_len ) && + EVP_DigestFinal_ex( mdctx, digest, &digest_len ))) { + /* EVP_MD_CTX_cleanup deprecated in OpenSSL 1.1 _ EVP_MD_CTX_reset() + should be called instead to reinitialise an already created structure. */ + EVP_MD_CTX_reset( mdctx ); + unsigned long e = ERR_get_error(); + return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e), + ERR_func_error_string(e), ERR_reason_error_string(e)); + } + /* EVP_MD_CTX_cleanup deprecated in OpenSSL 1.1 */ + EVP_MD_CTX_reset( mdctx ); +#else EVP_MD_CTX_init(&mdctx); if (!( EVP_DigestInit_ex( &mdctx, evp_md, NULL ) && @@ -303,21 +322,6 @@ static int l_digest(lua_State *L) /** digest(string algorithm, string messag ERR_func_error_string(e), ERR_reason_error_string(e)); } EVP_MD_CTX_cleanup( &mdctx ); -#else - EVP_MD_CTX_reset(mdctx); - if (!( - EVP_DigestInit_ex( mdctx, evp_md, NULL ) && - EVP_DigestUpdate( mdctx, msg, msg_len ) && - EVP_DigestFinal_ex( mdctx, digest, &digest_len ))) { - /* EVP_MD_CTX_cleanup deprecated in OpenSSL 1.1 _ EVP_MD_CTX_reset() - should be called instead to reinitialise an already created structure. */ - EVP_MD_CTX_reset( mdctx ); - unsigned long e = ERR_get_error(); - return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e), - ERR_func_error_string(e), ERR_reason_error_string(e)); - } - /* EVP_MD_CTX_cleanup deprecated in OpenSSL 1.1 */ - EVP_MD_CTX_reset( mdctx ); #endif lua_pushlstring( L, (char *) digest, digest_len ); @@ -394,7 +398,51 @@ static int l_encrypt(lua_State *L) /** encrypt( string algorithm, string key, st if (iv[0] == '\0') iv = NULL; -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if HAVE_OPAQUE_STRUCTS + EVP_CIPHER_CTX *cipher_ctx = EVP_CIPHER_CTX_new(); + /* EVP_CIPHER_CTX_init remains as an alias for EVP_CIPHER_CTX_reset() + in OpenSSL 1.1.0. As this symbol was missing in the static library, + I replaced it with EVP_CIPHER_CTX_reset */ + EVP_CIPHER_CTX_reset( cipher_ctx ); + + /* First create the cipher context, then set the key length and padding, and + check the iv length. Below we set the key and iv. */ + if (!( + EVP_EncryptInit_ex( cipher_ctx, evp_cipher, NULL, NULL, NULL ) && + EVP_CIPHER_CTX_set_key_length( cipher_ctx, key_len ) && + EVP_CIPHER_CTX_set_padding( cipher_ctx, padding ))) { + unsigned long e = ERR_get_error(); + return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e), + ERR_func_error_string(e), ERR_reason_error_string(e)); + } + + if (iv != NULL && (int) iv_len != EVP_CIPHER_CTX_iv_length( cipher_ctx )) { + return luaL_error( L, "Length of iv is %d; should be %d", + (int) iv_len, EVP_CIPHER_CTX_iv_length( cipher_ctx )); + } + + int out_len, final_len; + unsigned char * out = (unsigned char *) malloc( data_len + EVP_MAX_BLOCK_LENGTH ); + if (!out) return luaL_error( L, "Couldn't allocate memory."); + + if (!( + EVP_EncryptInit_ex( cipher_ctx, NULL, NULL, key, iv ) && + EVP_EncryptUpdate( cipher_ctx, out, &out_len, data, data_len ) && + EVP_EncryptFinal_ex( cipher_ctx, out + out_len, &final_len ) )) { + /* EVP_CIPHER_CTX_cleanup is now deprecated in OpenSSL 1.1 _ replaced by + EVP_CIPHER_CTX_reset (same args & return value) */ + EVP_CIPHER_CTX_reset( cipher_ctx ); + free( out ); + unsigned long e = ERR_get_error(); + return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e), + ERR_func_error_string(e), ERR_reason_error_string(e)); + } + + lua_pushlstring( L, (char *) out, out_len + final_len ); + + /* EVP_CIPHER_CTX_cleanup deprecated in OpenSSL 1.1 */ + EVP_CIPHER_CTX_reset( cipher_ctx ); +#else EVP_CIPHER_CTX cipher_ctx; EVP_CIPHER_CTX_init( &cipher_ctx ); @@ -432,50 +480,6 @@ static int l_encrypt(lua_State *L) /** encrypt( string algorithm, string key, st lua_pushlstring( L, (char *) out, out_len + final_len ); EVP_CIPHER_CTX_cleanup( &cipher_ctx ); -#else - EVP_CIPHER_CTX *cipher_ctx = EVP_CIPHER_CTX_new(); - /* EVP_CIPHER_CTX_init remains as an alias for EVP_CIPHER_CTX_reset() - in OpenSSL 1.1.0. As this symbol was missing in the static library, - I replaced it with EVP_CIPHER_CTX_reset */ - EVP_CIPHER_CTX_reset( cipher_ctx ); - - /* First create the cipher context, then set the key length and padding, and - check the iv length. Below we set the key and iv. */ - if (!( - EVP_EncryptInit_ex( cipher_ctx, evp_cipher, NULL, NULL, NULL ) && - EVP_CIPHER_CTX_set_key_length( cipher_ctx, key_len ) && - EVP_CIPHER_CTX_set_padding( cipher_ctx, padding ))) { - unsigned long e = ERR_get_error(); - return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e), - ERR_func_error_string(e), ERR_reason_error_string(e)); - } - - if (iv != NULL && (int) iv_len != EVP_CIPHER_CTX_iv_length( cipher_ctx )) { - return luaL_error( L, "Length of iv is %d; should be %d", - (int) iv_len, EVP_CIPHER_CTX_iv_length( cipher_ctx )); - } - - int out_len, final_len; - unsigned char * out = (unsigned char *) malloc( data_len + EVP_MAX_BLOCK_LENGTH ); - if (!out) return luaL_error( L, "Couldn't allocate memory."); - - if (!( - EVP_EncryptInit_ex( cipher_ctx, NULL, NULL, key, iv ) && - EVP_EncryptUpdate( cipher_ctx, out, &out_len, data, data_len ) && - EVP_EncryptFinal_ex( cipher_ctx, out + out_len, &final_len ) )) { - /* EVP_CIPHER_CTX_cleanup is now deprecated in OpenSSL 1.1 _ replaced by - EVP_CIPHER_CTX_reset (same args & return value) */ - EVP_CIPHER_CTX_reset( cipher_ctx ); - free( out ); - unsigned long e = ERR_get_error(); - return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e), - ERR_func_error_string(e), ERR_reason_error_string(e)); - } - - lua_pushlstring( L, (char *) out, out_len + final_len ); - - /* EVP_CIPHER_CTX_cleanup deprecated in OpenSSL 1.1 */ - EVP_CIPHER_CTX_reset( cipher_ctx ); #endif free( out ); @@ -496,45 +500,9 @@ static int l_decrypt(lua_State *L) /** decrypt( string algorithm, string key, st if (iv[0] == '\0') iv = NULL; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX cipher_ctx; - EVP_CIPHER_CTX_init( &cipher_ctx ); - - if (!( - EVP_DecryptInit_ex( &cipher_ctx, evp_cipher, NULL, NULL, NULL ) && - EVP_CIPHER_CTX_set_key_length( &cipher_ctx, key_len ) && - EVP_CIPHER_CTX_set_padding( &cipher_ctx, padding ))) { - unsigned long e = ERR_get_error(); - return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e), - ERR_func_error_string(e), ERR_reason_error_string(e)); - } - - if (iv != NULL && (int) iv_len != EVP_CIPHER_CTX_iv_length( &cipher_ctx )) { - return luaL_error( L, "Length of iv is %d; should be %d", - (int) iv_len, EVP_CIPHER_CTX_iv_length( &cipher_ctx )); - } - - int out_len, final_len; - unsigned char * out = (unsigned char *) malloc( data_len ); - if (!out) return luaL_error( L, "Couldn't allocate memory."); - - if (!( - EVP_DecryptInit_ex( &cipher_ctx, NULL, NULL, key, iv ) && - EVP_DecryptUpdate( &cipher_ctx, out, &out_len, data, data_len ) && - EVP_DecryptFinal_ex( &cipher_ctx, out + out_len, &final_len ) )) { - EVP_CIPHER_CTX_cleanup( &cipher_ctx ); - free( out ); - unsigned long e = ERR_get_error(); - return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e), - ERR_func_error_string(e), ERR_reason_error_string(e)); - } - - lua_pushlstring( L, (char *) out, out_len + final_len ); - - EVP_CIPHER_CTX_cleanup( &cipher_ctx ); -#else +#if HAVE_OPAQUE_STRUCTS EVP_CIPHER_CTX *cipher_ctx = EVP_CIPHER_CTX_new(); - /* EVP_CIPHER_CTX_init remains as an alias for EVP_CIPHER_CTX_reset() + /* EVP_CIPHER_CTX_init remains as an alias for EVP_CIPHER_CTX_reset() in OpenSSL 1.1.0. As this symbol was missing in the static library, I replaced it with EVP_CIPHER_CTX_reset */ EVP_CIPHER_CTX_reset( cipher_ctx ); @@ -573,6 +541,42 @@ static int l_decrypt(lua_State *L) /** decrypt( string algorithm, string key, st /* EVP_CIPHER_CTX_cleanup deprecated in OpenSSL 1.1 */ EVP_CIPHER_CTX_reset( cipher_ctx ); +#else + EVP_CIPHER_CTX cipher_ctx; + EVP_CIPHER_CTX_init( &cipher_ctx ); + + if (!( + EVP_DecryptInit_ex( &cipher_ctx, evp_cipher, NULL, NULL, NULL ) && + EVP_CIPHER_CTX_set_key_length( &cipher_ctx, key_len ) && + EVP_CIPHER_CTX_set_padding( &cipher_ctx, padding ))) { + unsigned long e = ERR_get_error(); + return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e), + ERR_func_error_string(e), ERR_reason_error_string(e)); + } + + if (iv != NULL && (int) iv_len != EVP_CIPHER_CTX_iv_length( &cipher_ctx )) { + return luaL_error( L, "Length of iv is %d; should be %d", + (int) iv_len, EVP_CIPHER_CTX_iv_length( &cipher_ctx )); + } + + int out_len, final_len; + unsigned char * out = (unsigned char *) malloc( data_len ); + if (!out) return luaL_error( L, "Couldn't allocate memory."); + + if (!( + EVP_DecryptInit_ex( &cipher_ctx, NULL, NULL, key, iv ) && + EVP_DecryptUpdate( &cipher_ctx, out, &out_len, data, data_len ) && + EVP_DecryptFinal_ex( &cipher_ctx, out + out_len, &final_len ) )) { + EVP_CIPHER_CTX_cleanup( &cipher_ctx ); + free( out ); + unsigned long e = ERR_get_error(); + return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e), + ERR_func_error_string(e), ERR_reason_error_string(e)); + } + + lua_pushlstring( L, (char *) out, out_len + final_len ); + + EVP_CIPHER_CTX_cleanup( &cipher_ctx ); #endif free( out ); @@ -687,9 +691,9 @@ LUALIB_API int luaopen_openssl(lua_State *L) { #if OPENSSL_VERSION_NUMBER < 0x10100000L ERR_load_crypto_strings(); #else - /* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation + /* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation or de-initialisation is necessary */ - // ERR_load_crypto_strings(); + // ERR_load_crypto_strings(); #endif luaL_newlib(L, openssllib); diff --git a/nse_ssl_cert.cc b/nse_ssl_cert.cc index 9f0875581..ab16c0e7d 100644 --- a/nse_ssl_cert.cc +++ b/nse_ssl_cert.cc @@ -137,6 +137,13 @@ #include #include +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER +/* Technically some of these things were added in 0x10100006 + * but that was pre-release. */ +#define HAVE_OPAQUE_STRUCTS 1 +#endif + + extern "C" { #include "lua.h" @@ -529,10 +536,10 @@ static int parse_ssl_cert(lua_State *L, X509 *cert) lua_setfield(L, -2, "subject"); } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - const char *sig_algo = OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm)); -#else +#if HAVE_OPAQUE_STRUCTS const char *sig_algo = OBJ_nid2ln(X509_get_signature_nid(cert)); +#else + const char *sig_algo = OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm)); #endif lua_pushstring(L, sig_algo); lua_setfield(L, -2, "sig_algorithm"); @@ -556,10 +563,10 @@ static int parse_ssl_cert(lua_State *L, X509 *cert) return 2; } lua_newtable(L); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - pkey_type = EVP_PKEY_type(pubkey->type); -#else +#if HAVE_OPAQUE_STRUCTS pkey_type = EVP_PKEY_base_id(pubkey); +#else + pkey_type = EVP_PKEY_type(pubkey->type); #endif #ifdef HAVE_OPENSSL_EC if (pkey_type == EVP_PKEY_EC) { @@ -573,16 +580,12 @@ static int parse_ssl_cert(lua_State *L, X509 *cert) bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t)); luaL_getmetatable( L, "BIGNUM" ); lua_setmetatable( L, -2 ); - #if OPENSSL_VERSION_NUMBER < 0x10100000L - data->bn = rsa->e; - #elif OPENSSL_VERSION_NUMBER < 0x10100006L - BIGNUM *n, *e, *d; - RSA_get0_key(rsa, &n, &e, &d); - data->bn = e; - #else + #if HAVE_OPAQUE_STRUCTS const BIGNUM *n, *e, *d; RSA_get0_key(rsa, &n, &e, &d); data->bn = (BIGNUM*) e; + #else + data->bn = rsa->e; #endif lua_setfield(L, -2, "exponent"); }