openssl 2.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +35 -45
  3. data/History.md +426 -0
  4. data/README.md +38 -21
  5. data/ext/openssl/extconf.rb +132 -72
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +62 -46
  8. data/ext/openssl/ossl.c +177 -252
  9. data/ext/openssl/ossl.h +39 -17
  10. data/ext/openssl/ossl_asn1.c +53 -14
  11. data/ext/openssl/ossl_bn.c +288 -146
  12. data/ext/openssl/ossl_bn.h +2 -1
  13. data/ext/openssl/ossl_cipher.c +42 -32
  14. data/ext/openssl/ossl_config.c +412 -41
  15. data/ext/openssl/ossl_config.h +4 -7
  16. data/ext/openssl/ossl_digest.c +32 -63
  17. data/ext/openssl/ossl_engine.c +19 -28
  18. data/ext/openssl/ossl_hmac.c +61 -146
  19. data/ext/openssl/ossl_kdf.c +15 -23
  20. data/ext/openssl/ossl_ns_spki.c +2 -2
  21. data/ext/openssl/ossl_ocsp.c +17 -70
  22. data/ext/openssl/ossl_ocsp.h +3 -3
  23. data/ext/openssl/ossl_pkcs12.c +23 -4
  24. data/ext/openssl/ossl_pkcs7.c +49 -81
  25. data/ext/openssl/ossl_pkcs7.h +16 -0
  26. data/ext/openssl/ossl_pkey.c +1508 -195
  27. data/ext/openssl/ossl_pkey.h +41 -78
  28. data/ext/openssl/ossl_pkey_dh.c +153 -348
  29. data/ext/openssl/ossl_pkey_dsa.c +157 -413
  30. data/ext/openssl/ossl_pkey_ec.c +257 -343
  31. data/ext/openssl/ossl_pkey_rsa.c +166 -490
  32. data/ext/openssl/ossl_provider.c +211 -0
  33. data/ext/openssl/ossl_provider.h +5 -0
  34. data/ext/openssl/ossl_rand.c +2 -40
  35. data/ext/openssl/ossl_ssl.c +666 -456
  36. data/ext/openssl/ossl_ssl_session.c +29 -30
  37. data/ext/openssl/ossl_ts.c +1539 -0
  38. data/ext/openssl/ossl_ts.h +16 -0
  39. data/ext/openssl/ossl_x509.c +86 -1
  40. data/ext/openssl/ossl_x509attr.c +1 -1
  41. data/ext/openssl/ossl_x509cert.c +170 -14
  42. data/ext/openssl/ossl_x509crl.c +14 -11
  43. data/ext/openssl/ossl_x509ext.c +29 -9
  44. data/ext/openssl/ossl_x509name.c +24 -12
  45. data/ext/openssl/ossl_x509req.c +14 -11
  46. data/ext/openssl/ossl_x509revoked.c +4 -4
  47. data/ext/openssl/ossl_x509store.c +205 -96
  48. data/lib/openssl/bn.rb +1 -1
  49. data/lib/openssl/buffering.rb +42 -20
  50. data/lib/openssl/cipher.rb +1 -1
  51. data/lib/openssl/digest.rb +10 -16
  52. data/lib/openssl/hmac.rb +78 -0
  53. data/lib/openssl/marshal.rb +30 -0
  54. data/lib/openssl/pkcs5.rb +1 -1
  55. data/lib/openssl/pkey.rb +447 -1
  56. data/lib/openssl/ssl.rb +68 -24
  57. data/lib/openssl/version.rb +5 -0
  58. data/lib/openssl/x509.rb +177 -1
  59. data/lib/openssl.rb +24 -9
  60. metadata +18 -71
  61. data/ext/openssl/deprecation.rb +0 -23
  62. data/ext/openssl/ossl_version.h +0 -15
  63. data/ext/openssl/ruby_missing.h +0 -24
  64. data/lib/openssl/config.rb +0 -474
@@ -1,5 +1,5 @@
1
1
  # -*- coding: us-ascii -*-
2
- # frozen_string_literal: false
2
+ # frozen_string_literal: true
3
3
  =begin
4
4
  = Info
5
5
  'OpenSSL for Ruby 2' project
@@ -12,30 +12,56 @@
12
12
  =end
13
13
 
14
14
  require "mkmf"
15
- require File.expand_path('../deprecation', __FILE__)
16
15
 
17
- dir_config("openssl")
16
+ ssl_dirs = nil
17
+ if defined?(::TruffleRuby)
18
+ # Always respect the openssl prefix chosen by truffle/openssl-prefix
19
+ require 'truffle/openssl-prefix'
20
+ ssl_dirs = dir_config("openssl", ENV["OPENSSL_PREFIX"])
21
+ else
22
+ ssl_dirs = dir_config("openssl")
23
+ end
24
+ dir_config_given = ssl_dirs.any?
25
+
26
+ _, ssl_ldir = ssl_dirs
27
+ if ssl_ldir&.split(File::PATH_SEPARATOR)&.none? { |dir| File.directory?(dir) }
28
+ # According to the `mkmf.rb#dir_config`, the `--with-openssl-dir=<dir>` uses
29
+ # the value of the `File.basename(RbConfig::MAKEFILE_CONFIG["libdir"])` as a
30
+ # loaded library directory name.
31
+ ruby_ldir_name = File.basename(RbConfig::MAKEFILE_CONFIG["libdir"])
32
+
33
+ raise "OpenSSL library directory could not be found in '#{ssl_ldir}'. " \
34
+ "You might want to fix this error in one of the following ways.\n" \
35
+ " * Recompile OpenSSL by configuring it with --libdir=#{ruby_ldir_name} " \
36
+ " to specify the OpenSSL library directory.\n" \
37
+ " * Recompile Ruby by configuring it with --libdir=<dir> to specify the " \
38
+ "Ruby library directory.\n" \
39
+ " * Compile this openssl gem with --with-openssl-include=<dir> and " \
40
+ "--with-openssl-lib=<dir> options to specify the OpenSSL include and " \
41
+ "library directories."
42
+ end
43
+
18
44
  dir_config("kerberos")
19
45
 
20
46
  Logging::message "=== OpenSSL for Ruby configurator ===\n"
21
47
 
22
- # Add -Werror=deprecated-declarations to $warnflags if available
23
- OpenSSL.deprecated_warning_flag
48
+ $defs.push("-D""OPENSSL_SUPPRESS_DEPRECATED")
24
49
 
25
- ##
26
- # Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
27
- # To turn it on, use: --with-debug or --enable-debug
28
- #
29
- if with_config("debug") or enable_config("debug")
30
- $defs.push("-DOSSL_DEBUG")
31
- end
50
+ have_func("rb_io_descriptor")
51
+ have_func("rb_io_maybe_wait(0, Qnil, Qnil, Qnil)", "ruby/io.h") # Ruby 3.1
32
52
 
33
53
  Logging::message "=== Checking for system dependent stuff... ===\n"
34
54
  have_library("nsl", "t_open")
35
55
  have_library("socket", "socket")
56
+ if $mswin || $mingw
57
+ have_library("ws2_32")
58
+ end
36
59
 
37
- Logging::message "=== Checking for required stuff... ===\n"
38
- result = pkg_config("openssl") && have_header("openssl/ssl.h")
60
+ if $mingw
61
+ append_cflags '-D_FORTIFY_SOURCE=2'
62
+ append_ldflags '-fstack-protector'
63
+ have_library 'ssp'
64
+ end
39
65
 
40
66
  def find_openssl_library
41
67
  if $mswin || $mingw
@@ -87,77 +113,111 @@ def find_openssl_library
87
113
  return false
88
114
  end
89
115
 
90
- unless result
91
- unless find_openssl_library
92
- Logging::message "=== Checking for required stuff failed. ===\n"
93
- Logging::message "Makefile wasn't created. Fix the errors above.\n"
94
- raise "OpenSSL library could not be found. You might want to use " \
95
- "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
96
- "is installed."
97
- end
116
+ Logging::message "=== Checking for required stuff... ===\n"
117
+ pkg_config_found = !dir_config_given && pkg_config("openssl") && have_header("openssl/ssl.h")
118
+
119
+ if !pkg_config_found && !find_openssl_library
120
+ Logging::message "=== Checking for required stuff failed. ===\n"
121
+ Logging::message "Makefile wasn't created. Fix the errors above.\n"
122
+ raise "OpenSSL library could not be found. You might want to use " \
123
+ "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
124
+ "is installed."
125
+ end
126
+
127
+ version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
128
+ is_libressl = true
129
+ checking_for("LibreSSL version >= 3.1.0") {
130
+ try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x30100000L", "openssl/opensslv.h") }
131
+ else
132
+ checking_for("OpenSSL version >= 1.0.2") {
133
+ try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10002000L", "openssl/opensslv.h") }
134
+ end
135
+ unless version_ok
136
+ raise "OpenSSL >= 1.0.2 or LibreSSL >= 3.1.0 is required"
98
137
  end
99
138
 
100
- unless checking_for("OpenSSL version is 1.0.1 or later") {
101
- try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") }
102
- raise "OpenSSL >= 1.0.1 or LibreSSL is required"
139
+ # Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
140
+ if is_libressl && ($mswin || $mingw)
141
+ $defs.push("-DNOCRYPT")
103
142
  end
104
143
 
105
144
  Logging::message "=== Checking for OpenSSL features... ===\n"
145
+ evp_h = "openssl/evp.h".freeze
146
+ x509_h = "openssl/x509.h".freeze
147
+ ts_h = "openssl/ts.h".freeze
148
+ ssl_h = "openssl/ssl.h".freeze
149
+
106
150
  # compile options
107
- have_func("RAND_egd")
108
- engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
109
- cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
151
+ have_func("RAND_egd()", "openssl/rand.h")
152
+ engines = %w{dynamic 4758cca aep atalla chil
153
+ cswift nuron sureware ubsec padlock capi gmp gost cryptodev}
110
154
  engines.each { |name|
111
- OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
155
+ have_func("ENGINE_load_#{name}()", "openssl/engine.h")
112
156
  }
113
157
 
114
- # added in 1.0.2
115
- have_func("EC_curve_nist2nid")
116
- have_func("X509_REVOKED_dup")
117
- have_func("X509_STORE_CTX_get0_store")
118
- have_func("SSL_CTX_set_alpn_select_cb")
119
- OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
120
- OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
121
- OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
122
- have_func("SSL_is_server")
123
-
124
158
  # added in 1.1.0
125
- have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
126
- have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
127
- have_func("BN_GENCB_new")
128
- have_func("BN_GENCB_free")
129
- have_func("BN_GENCB_get_arg")
130
- have_func("EVP_MD_CTX_new")
131
- have_func("EVP_MD_CTX_free")
132
- have_func("HMAC_CTX_new")
133
- have_func("HMAC_CTX_free")
134
- OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
135
- have_func("X509_STORE_get_ex_data")
136
- have_func("X509_STORE_set_ex_data")
137
- have_func("X509_CRL_get0_signature")
138
- have_func("X509_REQ_get0_signature")
139
- have_func("X509_REVOKED_get0_serialNumber")
140
- have_func("X509_REVOKED_get0_revocationDate")
141
- have_func("X509_get0_tbs_sigalg")
142
- have_func("X509_STORE_CTX_get0_untrusted")
143
- have_func("X509_STORE_CTX_get0_cert")
144
- have_func("X509_STORE_CTX_get0_chain")
145
- have_func("OCSP_SINGLERESP_get0_id")
146
- have_func("SSL_CTX_get_ciphers")
147
- have_func("X509_up_ref")
148
- have_func("X509_CRL_up_ref")
149
- have_func("X509_STORE_up_ref")
150
- have_func("SSL_SESSION_up_ref")
151
- have_func("EVP_PKEY_up_ref")
152
- OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed
153
- OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
154
- have_func("SSL_CTX_get_security_level")
155
- have_func("X509_get0_notBefore")
156
- have_func("SSL_SESSION_get_protocol_version")
157
- have_func("EVP_PBE_scrypt")
159
+ if !have_struct_member("SSL", "ctx", "openssl/ssl.h") || is_libressl
160
+ $defs.push("-DHAVE_OPAQUE_OPENSSL")
161
+ end
162
+ have_func("EVP_MD_CTX_new()", evp_h)
163
+ have_func("EVP_MD_CTX_free(NULL)", evp_h)
164
+ have_func("EVP_MD_CTX_pkey_ctx(NULL)", evp_h)
165
+ have_func("X509_STORE_get_ex_data(NULL, 0)", x509_h)
166
+ have_func("X509_STORE_set_ex_data(NULL, 0, NULL)", x509_h)
167
+ have_func("X509_STORE_get_ex_new_index(0, NULL, NULL, NULL, NULL)", x509_h)
168
+ have_func("X509_CRL_get0_signature(NULL, NULL, NULL)", x509_h)
169
+ have_func("X509_REQ_get0_signature(NULL, NULL, NULL)", x509_h)
170
+ have_func("X509_REVOKED_get0_serialNumber(NULL)", x509_h)
171
+ have_func("X509_REVOKED_get0_revocationDate(NULL)", x509_h)
172
+ have_func("X509_get0_tbs_sigalg(NULL)", x509_h)
173
+ have_func("X509_STORE_CTX_get0_untrusted(NULL)", x509_h)
174
+ have_func("X509_STORE_CTX_get0_cert(NULL)", x509_h)
175
+ have_func("X509_STORE_CTX_get0_chain(NULL)", x509_h)
176
+ have_func("OCSP_SINGLERESP_get0_id(NULL)", "openssl/ocsp.h")
177
+ have_func("SSL_CTX_get_ciphers(NULL)", ssl_h)
178
+ have_func("X509_up_ref(NULL)", x509_h)
179
+ have_func("X509_CRL_up_ref(NULL)", x509_h)
180
+ have_func("X509_STORE_up_ref(NULL)", x509_h)
181
+ have_func("SSL_SESSION_up_ref(NULL)", ssl_h)
182
+ have_func("EVP_PKEY_up_ref(NULL)", evp_h)
183
+ have_func("SSL_CTX_set_min_proto_version(NULL, 0)", ssl_h)
184
+ have_func("SSL_CTX_get_security_level(NULL)", ssl_h)
185
+ have_func("X509_get0_notBefore(NULL)", x509_h)
186
+ have_func("SSL_SESSION_get_protocol_version(NULL)", ssl_h)
187
+ have_func("TS_STATUS_INFO_get0_status(NULL)", ts_h)
188
+ have_func("TS_STATUS_INFO_get0_text(NULL)", ts_h)
189
+ have_func("TS_STATUS_INFO_get0_failure_info(NULL)", ts_h)
190
+ have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", ts_h)
191
+ have_func("TS_VERIFY_CTX_set_store(NULL, NULL)", ts_h)
192
+ have_func("TS_VERIFY_CTX_add_flags(NULL, 0)", ts_h)
193
+ have_func("TS_RESP_CTX_set_time_cb(NULL, NULL, NULL)", ts_h)
194
+ have_func("EVP_PBE_scrypt(\"\", 0, (unsigned char *)\"\", 0, 0, 0, 0, 0, NULL, 0)", evp_h)
195
+ have_func("SSL_CTX_set_post_handshake_auth(NULL, 0)", ssl_h)
196
+
197
+ # added in 1.1.1
198
+ have_func("EVP_PKEY_check(NULL)", evp_h)
199
+ have_func("EVP_PKEY_new_raw_private_key(0, NULL, (unsigned char *)\"\", 0)", evp_h)
200
+ have_func("SSL_CTX_set_ciphersuites(NULL, \"\")", ssl_h)
201
+
202
+ # added in 3.0.0
203
+ have_func("SSL_set0_tmp_dh_pkey(NULL, NULL)", ssl_h)
204
+ have_func("ERR_get_error_all(NULL, NULL, NULL, NULL, NULL)", "openssl/err.h")
205
+ have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", ts_h)
206
+ have_func("SSL_CTX_load_verify_file(NULL, \"\")", ssl_h)
207
+ have_func("BN_check_prime(NULL, NULL, NULL)", "openssl/bn.h")
208
+ have_func("EVP_MD_CTX_get0_md(NULL)", evp_h)
209
+ have_func("EVP_MD_CTX_get_pkey_ctx(NULL)", evp_h)
210
+ have_func("EVP_PKEY_eq(NULL, NULL)", evp_h)
211
+ have_func("EVP_PKEY_dup(NULL)", evp_h)
158
212
 
159
213
  Logging::message "=== Checking done. ===\n"
160
214
 
215
+ # Append flags from environment variables.
216
+ extcflags = ENV["RUBY_OPENSSL_EXTCFLAGS"]
217
+ append_cflags(extcflags.split) if extcflags
218
+ extldflags = ENV["RUBY_OPENSSL_EXTLDFLAGS"]
219
+ append_ldflags(extldflags.split) if extldflags
220
+
161
221
  create_header
162
222
  create_makefile("openssl")
163
223
  Logging::message "Done.\n"
@@ -10,77 +10,11 @@
10
10
  #include RUBY_EXTCONF_H
11
11
 
12
12
  #include <string.h> /* memcpy() */
13
- #if !defined(OPENSSL_NO_ENGINE)
14
- # include <openssl/engine.h>
15
- #endif
16
- #if !defined(OPENSSL_NO_HMAC)
17
- # include <openssl/hmac.h>
18
- #endif
19
13
  #include <openssl/x509_vfy.h>
20
14
 
21
15
  #include "openssl_missing.h"
22
16
 
23
- /* added in 1.0.2 */
24
- #if !defined(OPENSSL_NO_EC)
25
- #if !defined(HAVE_EC_CURVE_NIST2NID)
26
- static struct {
27
- const char *name;
28
- int nid;
29
- } nist_curves[] = {
30
- {"B-163", NID_sect163r2},
31
- {"B-233", NID_sect233r1},
32
- {"B-283", NID_sect283r1},
33
- {"B-409", NID_sect409r1},
34
- {"B-571", NID_sect571r1},
35
- {"K-163", NID_sect163k1},
36
- {"K-233", NID_sect233k1},
37
- {"K-283", NID_sect283k1},
38
- {"K-409", NID_sect409k1},
39
- {"K-571", NID_sect571k1},
40
- {"P-192", NID_X9_62_prime192v1},
41
- {"P-224", NID_secp224r1},
42
- {"P-256", NID_X9_62_prime256v1},
43
- {"P-384", NID_secp384r1},
44
- {"P-521", NID_secp521r1}
45
- };
46
-
47
- int
48
- ossl_EC_curve_nist2nid(const char *name)
49
- {
50
- size_t i;
51
- for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) {
52
- if (!strcmp(nist_curves[i].name, name))
53
- return nist_curves[i].nid;
54
- }
55
- return NID_undef;
56
- }
57
- #endif
58
- #endif
59
-
60
17
  /*** added in 1.1.0 ***/
61
- #if !defined(HAVE_HMAC_CTX_NEW)
62
- HMAC_CTX *
63
- ossl_HMAC_CTX_new(void)
64
- {
65
- HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
66
- if (!ctx)
67
- return NULL;
68
- HMAC_CTX_init(ctx);
69
- return ctx;
70
- }
71
- #endif
72
-
73
- #if !defined(HAVE_HMAC_CTX_FREE)
74
- void
75
- ossl_HMAC_CTX_free(HMAC_CTX *ctx)
76
- {
77
- if (ctx) {
78
- HMAC_CTX_cleanup(ctx);
79
- OPENSSL_free(ctx);
80
- }
81
- }
82
- #endif
83
-
84
18
  #if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
85
19
  void
86
20
  ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
@@ -12,40 +12,7 @@
12
12
 
13
13
  #include "ruby/config.h"
14
14
 
15
- /* added in 1.0.2 */
16
- #if !defined(OPENSSL_NO_EC)
17
- #if !defined(HAVE_EC_CURVE_NIST2NID)
18
- int ossl_EC_curve_nist2nid(const char *);
19
- # define EC_curve_nist2nid ossl_EC_curve_nist2nid
20
- #endif
21
- #endif
22
-
23
- #if !defined(HAVE_X509_REVOKED_DUP)
24
- # define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
25
- (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
26
- #endif
27
-
28
- #if !defined(HAVE_X509_STORE_CTX_GET0_STORE)
29
- # define X509_STORE_CTX_get0_store(x) ((x)->ctx)
30
- #endif
31
-
32
- #if !defined(HAVE_SSL_IS_SERVER)
33
- # define SSL_is_server(s) ((s)->server)
34
- #endif
35
-
36
15
  /* added in 1.1.0 */
37
- #if !defined(HAVE_BN_GENCB_NEW)
38
- # define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
39
- #endif
40
-
41
- #if !defined(HAVE_BN_GENCB_FREE)
42
- # define BN_GENCB_free(cb) OPENSSL_free(cb)
43
- #endif
44
-
45
- #if !defined(HAVE_BN_GENCB_GET_ARG)
46
- # define BN_GENCB_get_arg(cb) (cb)->arg
47
- #endif
48
-
49
16
  #if !defined(HAVE_EVP_MD_CTX_NEW)
50
17
  # define EVP_MD_CTX_new EVP_MD_CTX_create
51
18
  #endif
@@ -54,16 +21,6 @@ int ossl_EC_curve_nist2nid(const char *);
54
21
  # define EVP_MD_CTX_free EVP_MD_CTX_destroy
55
22
  #endif
56
23
 
57
- #if !defined(HAVE_HMAC_CTX_NEW)
58
- HMAC_CTX *ossl_HMAC_CTX_new(void);
59
- # define HMAC_CTX_new ossl_HMAC_CTX_new
60
- #endif
61
-
62
- #if !defined(HAVE_HMAC_CTX_FREE)
63
- void ossl_HMAC_CTX_free(HMAC_CTX *);
64
- # define HMAC_CTX_free ossl_HMAC_CTX_free
65
- #endif
66
-
67
24
  #if !defined(HAVE_X509_STORE_GET_EX_DATA)
68
25
  # define X509_STORE_get_ex_data(x, idx) \
69
26
  CRYPTO_get_ex_data(&(x)->ex_data, (idx))
@@ -72,6 +29,9 @@ void ossl_HMAC_CTX_free(HMAC_CTX *);
72
29
  #if !defined(HAVE_X509_STORE_SET_EX_DATA)
73
30
  # define X509_STORE_set_ex_data(x, idx, data) \
74
31
  CRYPTO_set_ex_data(&(x)->ex_data, (idx), (data))
32
+ #endif
33
+
34
+ #if !defined(HAVE_X509_STORE_GET_EX_NEW_INDEX) && !defined(X509_STORE_get_ex_new_index)
75
35
  # define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
76
36
  CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, (l), (p), \
77
37
  (newf), (dupf), (freef))
@@ -149,7 +109,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
149
109
  static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
150
110
  return pkey->pkey._name; }
151
111
  #define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
152
- static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
112
+ static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
153
113
  if (a1) *a1 = obj->a1; \
154
114
  if (a2) *a2 = obj->a2; } \
155
115
  static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
@@ -158,7 +118,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
158
118
  BN_clear_free(obj->a2); obj->a2 = a2; \
159
119
  return 1; }
160
120
  #define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
161
- static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
121
+ static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
162
122
  if (a1) *a1 = obj->a1; \
163
123
  if (a2) *a2 = obj->a2; \
164
124
  if (a3) *a3 = obj->a3; } \
@@ -185,7 +145,7 @@ IMPL_KEY_ACCESSOR3(DSA, pqg, p, q, g, (p == obj->p || q == obj->q || g == obj->g
185
145
  #if !defined(OPENSSL_NO_DH)
186
146
  IMPL_PKEY_GETTER(DH, dh)
187
147
  IMPL_KEY_ACCESSOR2(DH, key, pub_key, priv_key, (pub_key == obj->pub_key || (obj->priv_key && priv_key == obj->priv_key)))
188
- IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || obj->q && q == obj->q || g == obj->g))
148
+ IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || (obj->q && q == obj->q) || g == obj->g))
189
149
  static inline ENGINE *DH_get0_engine(DH *dh) { return dh->engine; }
190
150
  #endif
191
151
 
@@ -219,4 +179,60 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
219
179
  # define SSL_SESSION_get_protocol_version(s) ((s)->ssl_version)
220
180
  #endif
221
181
 
182
+ #if !defined(HAVE_TS_STATUS_INFO_GET0_STATUS)
183
+ # define TS_STATUS_INFO_get0_status(a) ((a)->status)
184
+ #endif
185
+
186
+ #if !defined(HAVE_TS_STATUS_INFO_GET0_TEXT)
187
+ # define TS_STATUS_INFO_get0_text(a) ((a)->text)
188
+ #endif
189
+
190
+ #if !defined(HAVE_TS_STATUS_INFO_GET0_FAILURE_INFO)
191
+ # define TS_STATUS_INFO_get0_failure_info(a) ((a)->failure_info)
192
+ #endif
193
+
194
+ #if !defined(HAVE_TS_VERIFY_CTS_SET_CERTS)
195
+ # define TS_VERIFY_CTS_set_certs(ctx, crts) ((ctx)->certs=(crts))
196
+ #endif
197
+
198
+ #if !defined(HAVE_TS_VERIFY_CTX_SET_STORE)
199
+ # define TS_VERIFY_CTX_set_store(ctx, str) ((ctx)->store=(str))
200
+ #endif
201
+
202
+ #if !defined(HAVE_TS_VERIFY_CTX_ADD_FLAGS)
203
+ # define TS_VERIFY_CTX_add_flags(ctx, f) ((ctx)->flags |= (f))
204
+ #endif
205
+
206
+ #if !defined(HAVE_TS_RESP_CTX_SET_TIME_CB)
207
+ # define TS_RESP_CTX_set_time_cb(ctx, callback, dta) do { \
208
+ (ctx)->time_cb = (callback); \
209
+ (ctx)->time_cb_data = (dta); \
210
+ } while (0)
211
+ #endif
212
+
213
+ /* added in 3.0.0 */
214
+ #if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
215
+ # define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
216
+ #endif
217
+
218
+ #ifndef HAVE_EVP_MD_CTX_GET0_MD
219
+ # define EVP_MD_CTX_get0_md(ctx) EVP_MD_CTX_md(ctx)
220
+ #endif
221
+
222
+ /*
223
+ * OpenSSL 1.1.0 added EVP_MD_CTX_pkey_ctx(), and then it was renamed to
224
+ * EVP_MD_CTX_get_pkey_ctx(x) in OpenSSL 3.0.
225
+ */
226
+ #ifndef HAVE_EVP_MD_CTX_GET_PKEY_CTX
227
+ # ifdef HAVE_EVP_MD_CTX_PKEY_CTX
228
+ # define EVP_MD_CTX_get_pkey_ctx(x) EVP_MD_CTX_pkey_ctx(x)
229
+ # else
230
+ # define EVP_MD_CTX_get_pkey_ctx(x) (x)->pctx
231
+ # endif
232
+ #endif
233
+
234
+ #ifndef HAVE_EVP_PKEY_EQ
235
+ # define EVP_PKEY_eq(a, b) EVP_PKEY_cmp(a, b)
236
+ #endif
237
+
222
238
  #endif /* _OSSL_OPENSSL_MISSING_H_ */