From a2b5a1a5f922b48dc34ac276a706c7e68eb8e65a Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 2 Aug 2016 12:20:06 +0000 Subject: [PATCH] Check for EVP_PKEY_get1_EC_KEY(), based on @jer-gentoo's work --- configure | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 6 ++++++ nmap_config.h.in | 2 ++ nse_ssl_cert.cc | 6 +++--- 4 files changed, 59 insertions(+), 3 deletions(-) diff --git a/configure b/configure index f4c06345e..5677bbe3a 100755 --- a/configure +++ b/configure @@ -6015,6 +6015,54 @@ $as_echo "$as_me: WARNING: Failed to find libssl so OpenSSL will not be used. If fi fi + + if test "$use_openssl" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_PKEY_get1_EC_KEY in -lcrypto" >&5 +$as_echo_n "checking for EVP_PKEY_get1_EC_KEY in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_EVP_PKEY_get1_EC_KEY+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char EVP_PKEY_get1_EC_KEY (); +int +main () +{ +return EVP_PKEY_get1_EC_KEY (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_crypto_EVP_PKEY_get1_EC_KEY=yes +else + ac_cv_lib_crypto_EVP_PKEY_get1_EC_KEY=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_PKEY_get1_EC_KEY" >&5 +$as_echo "$ac_cv_lib_crypto_EVP_PKEY_get1_EC_KEY" >&6; } +if test "x$ac_cv_lib_crypto_EVP_PKEY_get1_EC_KEY" = xyes; then : + +$as_echo "#define HAVE_OPENSSL_EC 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Disabling support for EC crypto" >&5 +$as_echo "$as_me: WARNING: Disabling support for EC crypto" >&2;} +fi + + fi fi OPENSSL_LIBS= diff --git a/configure.ac b/configure.ac index 929d6bb07..8391fa4d9 100644 --- a/configure.ac +++ b/configure.ac @@ -387,6 +387,12 @@ if test "$use_openssl" = "yes" -a -z "$specialssldir"; then AC_MSG_WARN([Failed to find libssl so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) ], [ -lcrypto ]) fi + + if test "$use_openssl" = "yes"; then + AC_CHECK_LIB(crypto, EVP_PKEY_get1_EC_KEY, + [AC_DEFINE(HAVE_OPENSSL_EC, 1, [Have EVP_PKEY_get1_EC_KEY])], + [AC_MSG_WARN([Disabling support for EC crypto])]) + fi fi OPENSSL_LIBS= diff --git a/nmap_config.h.in b/nmap_config.h.in index a2642589f..094532daa 100644 --- a/nmap_config.h.in +++ b/nmap_config.h.in @@ -187,6 +187,8 @@ #undef HAVE_OPENSSL +#undef HAVE_OPENSSL_EC + #undef STUPID_SOLARIS_CHECKSUM_BUG #undef SOLARIS_BPF_PCAP_CAPTURE diff --git a/nse_ssl_cert.cc b/nse_ssl_cert.cc index 09ac69d61..8446d0be6 100644 --- a/nse_ssl_cert.cc +++ b/nse_ssl_cert.cc @@ -425,7 +425,7 @@ static const char *pkey_type_to_string(int type) return "dsa"; case EVP_PKEY_DH: return "dh"; -#ifdef EVP_PKEY_EC +#ifdef HAVE_OPENSSL_EC case EVP_PKEY_EC: return "ec"; #endif @@ -435,7 +435,7 @@ static const char *pkey_type_to_string(int type) } int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) { -#ifdef EVP_PKEY_EC +#ifdef HAVE_OPENSSL_EC EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(pubkey); const EC_GROUP *group = EC_KEY_get0_group(ec_key); int nid; @@ -555,7 +555,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert) #else pkey_type = EVP_PKEY_base_id(pubkey); #endif -#ifdef EVP_PKEY_EC +#ifdef HAVE_OPENSSL_EC if (pkey_type == EVP_PKEY_EC) { lua_push_ecdhparams(L, pubkey); lua_setfield(L, -2, "ecdhparams");