openssl 2.1.0 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +35 -45
- data/History.md +426 -0
- data/README.md +38 -21
- data/ext/openssl/extconf.rb +132 -72
- data/ext/openssl/openssl_missing.c +0 -66
- data/ext/openssl/openssl_missing.h +62 -46
- data/ext/openssl/ossl.c +177 -252
- data/ext/openssl/ossl.h +39 -17
- data/ext/openssl/ossl_asn1.c +53 -14
- data/ext/openssl/ossl_bn.c +288 -146
- data/ext/openssl/ossl_bn.h +2 -1
- data/ext/openssl/ossl_cipher.c +42 -32
- data/ext/openssl/ossl_config.c +412 -41
- data/ext/openssl/ossl_config.h +4 -7
- data/ext/openssl/ossl_digest.c +32 -63
- data/ext/openssl/ossl_engine.c +19 -28
- data/ext/openssl/ossl_hmac.c +61 -146
- data/ext/openssl/ossl_kdf.c +15 -23
- data/ext/openssl/ossl_ns_spki.c +2 -2
- data/ext/openssl/ossl_ocsp.c +17 -70
- data/ext/openssl/ossl_ocsp.h +3 -3
- data/ext/openssl/ossl_pkcs12.c +23 -4
- data/ext/openssl/ossl_pkcs7.c +49 -81
- data/ext/openssl/ossl_pkcs7.h +16 -0
- data/ext/openssl/ossl_pkey.c +1508 -195
- data/ext/openssl/ossl_pkey.h +41 -78
- data/ext/openssl/ossl_pkey_dh.c +153 -348
- data/ext/openssl/ossl_pkey_dsa.c +157 -413
- data/ext/openssl/ossl_pkey_ec.c +257 -343
- data/ext/openssl/ossl_pkey_rsa.c +166 -490
- data/ext/openssl/ossl_provider.c +211 -0
- data/ext/openssl/ossl_provider.h +5 -0
- data/ext/openssl/ossl_rand.c +2 -40
- data/ext/openssl/ossl_ssl.c +666 -456
- data/ext/openssl/ossl_ssl_session.c +29 -30
- data/ext/openssl/ossl_ts.c +1539 -0
- data/ext/openssl/ossl_ts.h +16 -0
- data/ext/openssl/ossl_x509.c +86 -1
- data/ext/openssl/ossl_x509attr.c +1 -1
- data/ext/openssl/ossl_x509cert.c +170 -14
- data/ext/openssl/ossl_x509crl.c +14 -11
- data/ext/openssl/ossl_x509ext.c +29 -9
- data/ext/openssl/ossl_x509name.c +24 -12
- data/ext/openssl/ossl_x509req.c +14 -11
- data/ext/openssl/ossl_x509revoked.c +4 -4
- data/ext/openssl/ossl_x509store.c +205 -96
- data/lib/openssl/bn.rb +1 -1
- data/lib/openssl/buffering.rb +42 -20
- data/lib/openssl/cipher.rb +1 -1
- data/lib/openssl/digest.rb +10 -16
- data/lib/openssl/hmac.rb +78 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs5.rb +1 -1
- data/lib/openssl/pkey.rb +447 -1
- data/lib/openssl/ssl.rb +68 -24
- data/lib/openssl/version.rb +5 -0
- data/lib/openssl/x509.rb +177 -1
- data/lib/openssl.rb +24 -9
- metadata +18 -71
- data/ext/openssl/deprecation.rb +0 -23
- data/ext/openssl/ossl_version.h +0 -15
- data/ext/openssl/ruby_missing.h +0 -24
- data/lib/openssl/config.rb +0 -474
data/ext/openssl/extconf.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
# -*- coding: us-ascii -*-
|
2
|
-
# frozen_string_literal:
|
2
|
+
# frozen_string_literal: true
|
3
3
|
=begin
|
4
4
|
= Info
|
5
5
|
'OpenSSL for Ruby 2' project
|
@@ -12,30 +12,56 @@
|
|
12
12
|
=end
|
13
13
|
|
14
14
|
require "mkmf"
|
15
|
-
require File.expand_path('../deprecation', __FILE__)
|
16
15
|
|
17
|
-
|
16
|
+
ssl_dirs = nil
|
17
|
+
if defined?(::TruffleRuby)
|
18
|
+
# Always respect the openssl prefix chosen by truffle/openssl-prefix
|
19
|
+
require 'truffle/openssl-prefix'
|
20
|
+
ssl_dirs = dir_config("openssl", ENV["OPENSSL_PREFIX"])
|
21
|
+
else
|
22
|
+
ssl_dirs = dir_config("openssl")
|
23
|
+
end
|
24
|
+
dir_config_given = ssl_dirs.any?
|
25
|
+
|
26
|
+
_, ssl_ldir = ssl_dirs
|
27
|
+
if ssl_ldir&.split(File::PATH_SEPARATOR)&.none? { |dir| File.directory?(dir) }
|
28
|
+
# According to the `mkmf.rb#dir_config`, the `--with-openssl-dir=<dir>` uses
|
29
|
+
# the value of the `File.basename(RbConfig::MAKEFILE_CONFIG["libdir"])` as a
|
30
|
+
# loaded library directory name.
|
31
|
+
ruby_ldir_name = File.basename(RbConfig::MAKEFILE_CONFIG["libdir"])
|
32
|
+
|
33
|
+
raise "OpenSSL library directory could not be found in '#{ssl_ldir}'. " \
|
34
|
+
"You might want to fix this error in one of the following ways.\n" \
|
35
|
+
" * Recompile OpenSSL by configuring it with --libdir=#{ruby_ldir_name} " \
|
36
|
+
" to specify the OpenSSL library directory.\n" \
|
37
|
+
" * Recompile Ruby by configuring it with --libdir=<dir> to specify the " \
|
38
|
+
"Ruby library directory.\n" \
|
39
|
+
" * Compile this openssl gem with --with-openssl-include=<dir> and " \
|
40
|
+
"--with-openssl-lib=<dir> options to specify the OpenSSL include and " \
|
41
|
+
"library directories."
|
42
|
+
end
|
43
|
+
|
18
44
|
dir_config("kerberos")
|
19
45
|
|
20
46
|
Logging::message "=== OpenSSL for Ruby configurator ===\n"
|
21
47
|
|
22
|
-
|
23
|
-
OpenSSL.deprecated_warning_flag
|
48
|
+
$defs.push("-D""OPENSSL_SUPPRESS_DEPRECATED")
|
24
49
|
|
25
|
-
|
26
|
-
|
27
|
-
# To turn it on, use: --with-debug or --enable-debug
|
28
|
-
#
|
29
|
-
if with_config("debug") or enable_config("debug")
|
30
|
-
$defs.push("-DOSSL_DEBUG")
|
31
|
-
end
|
50
|
+
have_func("rb_io_descriptor")
|
51
|
+
have_func("rb_io_maybe_wait(0, Qnil, Qnil, Qnil)", "ruby/io.h") # Ruby 3.1
|
32
52
|
|
33
53
|
Logging::message "=== Checking for system dependent stuff... ===\n"
|
34
54
|
have_library("nsl", "t_open")
|
35
55
|
have_library("socket", "socket")
|
56
|
+
if $mswin || $mingw
|
57
|
+
have_library("ws2_32")
|
58
|
+
end
|
36
59
|
|
37
|
-
|
38
|
-
|
60
|
+
if $mingw
|
61
|
+
append_cflags '-D_FORTIFY_SOURCE=2'
|
62
|
+
append_ldflags '-fstack-protector'
|
63
|
+
have_library 'ssp'
|
64
|
+
end
|
39
65
|
|
40
66
|
def find_openssl_library
|
41
67
|
if $mswin || $mingw
|
@@ -87,77 +113,111 @@ def find_openssl_library
|
|
87
113
|
return false
|
88
114
|
end
|
89
115
|
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
116
|
+
Logging::message "=== Checking for required stuff... ===\n"
|
117
|
+
pkg_config_found = !dir_config_given && pkg_config("openssl") && have_header("openssl/ssl.h")
|
118
|
+
|
119
|
+
if !pkg_config_found && !find_openssl_library
|
120
|
+
Logging::message "=== Checking for required stuff failed. ===\n"
|
121
|
+
Logging::message "Makefile wasn't created. Fix the errors above.\n"
|
122
|
+
raise "OpenSSL library could not be found. You might want to use " \
|
123
|
+
"--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
|
124
|
+
"is installed."
|
125
|
+
end
|
126
|
+
|
127
|
+
version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
|
128
|
+
is_libressl = true
|
129
|
+
checking_for("LibreSSL version >= 3.1.0") {
|
130
|
+
try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x30100000L", "openssl/opensslv.h") }
|
131
|
+
else
|
132
|
+
checking_for("OpenSSL version >= 1.0.2") {
|
133
|
+
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10002000L", "openssl/opensslv.h") }
|
134
|
+
end
|
135
|
+
unless version_ok
|
136
|
+
raise "OpenSSL >= 1.0.2 or LibreSSL >= 3.1.0 is required"
|
98
137
|
end
|
99
138
|
|
100
|
-
|
101
|
-
|
102
|
-
|
139
|
+
# Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
|
140
|
+
if is_libressl && ($mswin || $mingw)
|
141
|
+
$defs.push("-DNOCRYPT")
|
103
142
|
end
|
104
143
|
|
105
144
|
Logging::message "=== Checking for OpenSSL features... ===\n"
|
145
|
+
evp_h = "openssl/evp.h".freeze
|
146
|
+
x509_h = "openssl/x509.h".freeze
|
147
|
+
ts_h = "openssl/ts.h".freeze
|
148
|
+
ssl_h = "openssl/ssl.h".freeze
|
149
|
+
|
106
150
|
# compile options
|
107
|
-
have_func("RAND_egd")
|
108
|
-
engines = %w{
|
109
|
-
cswift nuron sureware ubsec padlock capi gmp gost cryptodev
|
151
|
+
have_func("RAND_egd()", "openssl/rand.h")
|
152
|
+
engines = %w{dynamic 4758cca aep atalla chil
|
153
|
+
cswift nuron sureware ubsec padlock capi gmp gost cryptodev}
|
110
154
|
engines.each { |name|
|
111
|
-
|
155
|
+
have_func("ENGINE_load_#{name}()", "openssl/engine.h")
|
112
156
|
}
|
113
157
|
|
114
|
-
# added in 1.0.2
|
115
|
-
have_func("EC_curve_nist2nid")
|
116
|
-
have_func("X509_REVOKED_dup")
|
117
|
-
have_func("X509_STORE_CTX_get0_store")
|
118
|
-
have_func("SSL_CTX_set_alpn_select_cb")
|
119
|
-
OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
|
120
|
-
OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
|
121
|
-
OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
|
122
|
-
have_func("SSL_is_server")
|
123
|
-
|
124
158
|
# added in 1.1.0
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
have_func("
|
129
|
-
have_func("
|
130
|
-
have_func("
|
131
|
-
have_func("
|
132
|
-
have_func("
|
133
|
-
have_func("
|
134
|
-
|
135
|
-
have_func("
|
136
|
-
have_func("
|
137
|
-
have_func("
|
138
|
-
have_func("
|
139
|
-
have_func("
|
140
|
-
have_func("
|
141
|
-
have_func("
|
142
|
-
have_func("
|
143
|
-
have_func("
|
144
|
-
have_func("
|
145
|
-
have_func("
|
146
|
-
have_func("
|
147
|
-
have_func("
|
148
|
-
have_func("
|
149
|
-
have_func("
|
150
|
-
have_func("
|
151
|
-
have_func("
|
152
|
-
|
153
|
-
|
154
|
-
have_func("
|
155
|
-
have_func("
|
156
|
-
have_func("
|
157
|
-
have_func("
|
159
|
+
if !have_struct_member("SSL", "ctx", "openssl/ssl.h") || is_libressl
|
160
|
+
$defs.push("-DHAVE_OPAQUE_OPENSSL")
|
161
|
+
end
|
162
|
+
have_func("EVP_MD_CTX_new()", evp_h)
|
163
|
+
have_func("EVP_MD_CTX_free(NULL)", evp_h)
|
164
|
+
have_func("EVP_MD_CTX_pkey_ctx(NULL)", evp_h)
|
165
|
+
have_func("X509_STORE_get_ex_data(NULL, 0)", x509_h)
|
166
|
+
have_func("X509_STORE_set_ex_data(NULL, 0, NULL)", x509_h)
|
167
|
+
have_func("X509_STORE_get_ex_new_index(0, NULL, NULL, NULL, NULL)", x509_h)
|
168
|
+
have_func("X509_CRL_get0_signature(NULL, NULL, NULL)", x509_h)
|
169
|
+
have_func("X509_REQ_get0_signature(NULL, NULL, NULL)", x509_h)
|
170
|
+
have_func("X509_REVOKED_get0_serialNumber(NULL)", x509_h)
|
171
|
+
have_func("X509_REVOKED_get0_revocationDate(NULL)", x509_h)
|
172
|
+
have_func("X509_get0_tbs_sigalg(NULL)", x509_h)
|
173
|
+
have_func("X509_STORE_CTX_get0_untrusted(NULL)", x509_h)
|
174
|
+
have_func("X509_STORE_CTX_get0_cert(NULL)", x509_h)
|
175
|
+
have_func("X509_STORE_CTX_get0_chain(NULL)", x509_h)
|
176
|
+
have_func("OCSP_SINGLERESP_get0_id(NULL)", "openssl/ocsp.h")
|
177
|
+
have_func("SSL_CTX_get_ciphers(NULL)", ssl_h)
|
178
|
+
have_func("X509_up_ref(NULL)", x509_h)
|
179
|
+
have_func("X509_CRL_up_ref(NULL)", x509_h)
|
180
|
+
have_func("X509_STORE_up_ref(NULL)", x509_h)
|
181
|
+
have_func("SSL_SESSION_up_ref(NULL)", ssl_h)
|
182
|
+
have_func("EVP_PKEY_up_ref(NULL)", evp_h)
|
183
|
+
have_func("SSL_CTX_set_min_proto_version(NULL, 0)", ssl_h)
|
184
|
+
have_func("SSL_CTX_get_security_level(NULL)", ssl_h)
|
185
|
+
have_func("X509_get0_notBefore(NULL)", x509_h)
|
186
|
+
have_func("SSL_SESSION_get_protocol_version(NULL)", ssl_h)
|
187
|
+
have_func("TS_STATUS_INFO_get0_status(NULL)", ts_h)
|
188
|
+
have_func("TS_STATUS_INFO_get0_text(NULL)", ts_h)
|
189
|
+
have_func("TS_STATUS_INFO_get0_failure_info(NULL)", ts_h)
|
190
|
+
have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", ts_h)
|
191
|
+
have_func("TS_VERIFY_CTX_set_store(NULL, NULL)", ts_h)
|
192
|
+
have_func("TS_VERIFY_CTX_add_flags(NULL, 0)", ts_h)
|
193
|
+
have_func("TS_RESP_CTX_set_time_cb(NULL, NULL, NULL)", ts_h)
|
194
|
+
have_func("EVP_PBE_scrypt(\"\", 0, (unsigned char *)\"\", 0, 0, 0, 0, 0, NULL, 0)", evp_h)
|
195
|
+
have_func("SSL_CTX_set_post_handshake_auth(NULL, 0)", ssl_h)
|
196
|
+
|
197
|
+
# added in 1.1.1
|
198
|
+
have_func("EVP_PKEY_check(NULL)", evp_h)
|
199
|
+
have_func("EVP_PKEY_new_raw_private_key(0, NULL, (unsigned char *)\"\", 0)", evp_h)
|
200
|
+
have_func("SSL_CTX_set_ciphersuites(NULL, \"\")", ssl_h)
|
201
|
+
|
202
|
+
# added in 3.0.0
|
203
|
+
have_func("SSL_set0_tmp_dh_pkey(NULL, NULL)", ssl_h)
|
204
|
+
have_func("ERR_get_error_all(NULL, NULL, NULL, NULL, NULL)", "openssl/err.h")
|
205
|
+
have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", ts_h)
|
206
|
+
have_func("SSL_CTX_load_verify_file(NULL, \"\")", ssl_h)
|
207
|
+
have_func("BN_check_prime(NULL, NULL, NULL)", "openssl/bn.h")
|
208
|
+
have_func("EVP_MD_CTX_get0_md(NULL)", evp_h)
|
209
|
+
have_func("EVP_MD_CTX_get_pkey_ctx(NULL)", evp_h)
|
210
|
+
have_func("EVP_PKEY_eq(NULL, NULL)", evp_h)
|
211
|
+
have_func("EVP_PKEY_dup(NULL)", evp_h)
|
158
212
|
|
159
213
|
Logging::message "=== Checking done. ===\n"
|
160
214
|
|
215
|
+
# Append flags from environment variables.
|
216
|
+
extcflags = ENV["RUBY_OPENSSL_EXTCFLAGS"]
|
217
|
+
append_cflags(extcflags.split) if extcflags
|
218
|
+
extldflags = ENV["RUBY_OPENSSL_EXTLDFLAGS"]
|
219
|
+
append_ldflags(extldflags.split) if extldflags
|
220
|
+
|
161
221
|
create_header
|
162
222
|
create_makefile("openssl")
|
163
223
|
Logging::message "Done.\n"
|
@@ -10,77 +10,11 @@
|
|
10
10
|
#include RUBY_EXTCONF_H
|
11
11
|
|
12
12
|
#include <string.h> /* memcpy() */
|
13
|
-
#if !defined(OPENSSL_NO_ENGINE)
|
14
|
-
# include <openssl/engine.h>
|
15
|
-
#endif
|
16
|
-
#if !defined(OPENSSL_NO_HMAC)
|
17
|
-
# include <openssl/hmac.h>
|
18
|
-
#endif
|
19
13
|
#include <openssl/x509_vfy.h>
|
20
14
|
|
21
15
|
#include "openssl_missing.h"
|
22
16
|
|
23
|
-
/* added in 1.0.2 */
|
24
|
-
#if !defined(OPENSSL_NO_EC)
|
25
|
-
#if !defined(HAVE_EC_CURVE_NIST2NID)
|
26
|
-
static struct {
|
27
|
-
const char *name;
|
28
|
-
int nid;
|
29
|
-
} nist_curves[] = {
|
30
|
-
{"B-163", NID_sect163r2},
|
31
|
-
{"B-233", NID_sect233r1},
|
32
|
-
{"B-283", NID_sect283r1},
|
33
|
-
{"B-409", NID_sect409r1},
|
34
|
-
{"B-571", NID_sect571r1},
|
35
|
-
{"K-163", NID_sect163k1},
|
36
|
-
{"K-233", NID_sect233k1},
|
37
|
-
{"K-283", NID_sect283k1},
|
38
|
-
{"K-409", NID_sect409k1},
|
39
|
-
{"K-571", NID_sect571k1},
|
40
|
-
{"P-192", NID_X9_62_prime192v1},
|
41
|
-
{"P-224", NID_secp224r1},
|
42
|
-
{"P-256", NID_X9_62_prime256v1},
|
43
|
-
{"P-384", NID_secp384r1},
|
44
|
-
{"P-521", NID_secp521r1}
|
45
|
-
};
|
46
|
-
|
47
|
-
int
|
48
|
-
ossl_EC_curve_nist2nid(const char *name)
|
49
|
-
{
|
50
|
-
size_t i;
|
51
|
-
for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) {
|
52
|
-
if (!strcmp(nist_curves[i].name, name))
|
53
|
-
return nist_curves[i].nid;
|
54
|
-
}
|
55
|
-
return NID_undef;
|
56
|
-
}
|
57
|
-
#endif
|
58
|
-
#endif
|
59
|
-
|
60
17
|
/*** added in 1.1.0 ***/
|
61
|
-
#if !defined(HAVE_HMAC_CTX_NEW)
|
62
|
-
HMAC_CTX *
|
63
|
-
ossl_HMAC_CTX_new(void)
|
64
|
-
{
|
65
|
-
HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
|
66
|
-
if (!ctx)
|
67
|
-
return NULL;
|
68
|
-
HMAC_CTX_init(ctx);
|
69
|
-
return ctx;
|
70
|
-
}
|
71
|
-
#endif
|
72
|
-
|
73
|
-
#if !defined(HAVE_HMAC_CTX_FREE)
|
74
|
-
void
|
75
|
-
ossl_HMAC_CTX_free(HMAC_CTX *ctx)
|
76
|
-
{
|
77
|
-
if (ctx) {
|
78
|
-
HMAC_CTX_cleanup(ctx);
|
79
|
-
OPENSSL_free(ctx);
|
80
|
-
}
|
81
|
-
}
|
82
|
-
#endif
|
83
|
-
|
84
18
|
#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
|
85
19
|
void
|
86
20
|
ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
|
@@ -12,40 +12,7 @@
|
|
12
12
|
|
13
13
|
#include "ruby/config.h"
|
14
14
|
|
15
|
-
/* added in 1.0.2 */
|
16
|
-
#if !defined(OPENSSL_NO_EC)
|
17
|
-
#if !defined(HAVE_EC_CURVE_NIST2NID)
|
18
|
-
int ossl_EC_curve_nist2nid(const char *);
|
19
|
-
# define EC_curve_nist2nid ossl_EC_curve_nist2nid
|
20
|
-
#endif
|
21
|
-
#endif
|
22
|
-
|
23
|
-
#if !defined(HAVE_X509_REVOKED_DUP)
|
24
|
-
# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
|
25
|
-
(d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
|
26
|
-
#endif
|
27
|
-
|
28
|
-
#if !defined(HAVE_X509_STORE_CTX_GET0_STORE)
|
29
|
-
# define X509_STORE_CTX_get0_store(x) ((x)->ctx)
|
30
|
-
#endif
|
31
|
-
|
32
|
-
#if !defined(HAVE_SSL_IS_SERVER)
|
33
|
-
# define SSL_is_server(s) ((s)->server)
|
34
|
-
#endif
|
35
|
-
|
36
15
|
/* added in 1.1.0 */
|
37
|
-
#if !defined(HAVE_BN_GENCB_NEW)
|
38
|
-
# define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
|
39
|
-
#endif
|
40
|
-
|
41
|
-
#if !defined(HAVE_BN_GENCB_FREE)
|
42
|
-
# define BN_GENCB_free(cb) OPENSSL_free(cb)
|
43
|
-
#endif
|
44
|
-
|
45
|
-
#if !defined(HAVE_BN_GENCB_GET_ARG)
|
46
|
-
# define BN_GENCB_get_arg(cb) (cb)->arg
|
47
|
-
#endif
|
48
|
-
|
49
16
|
#if !defined(HAVE_EVP_MD_CTX_NEW)
|
50
17
|
# define EVP_MD_CTX_new EVP_MD_CTX_create
|
51
18
|
#endif
|
@@ -54,16 +21,6 @@ int ossl_EC_curve_nist2nid(const char *);
|
|
54
21
|
# define EVP_MD_CTX_free EVP_MD_CTX_destroy
|
55
22
|
#endif
|
56
23
|
|
57
|
-
#if !defined(HAVE_HMAC_CTX_NEW)
|
58
|
-
HMAC_CTX *ossl_HMAC_CTX_new(void);
|
59
|
-
# define HMAC_CTX_new ossl_HMAC_CTX_new
|
60
|
-
#endif
|
61
|
-
|
62
|
-
#if !defined(HAVE_HMAC_CTX_FREE)
|
63
|
-
void ossl_HMAC_CTX_free(HMAC_CTX *);
|
64
|
-
# define HMAC_CTX_free ossl_HMAC_CTX_free
|
65
|
-
#endif
|
66
|
-
|
67
24
|
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
|
68
25
|
# define X509_STORE_get_ex_data(x, idx) \
|
69
26
|
CRYPTO_get_ex_data(&(x)->ex_data, (idx))
|
@@ -72,6 +29,9 @@ void ossl_HMAC_CTX_free(HMAC_CTX *);
|
|
72
29
|
#if !defined(HAVE_X509_STORE_SET_EX_DATA)
|
73
30
|
# define X509_STORE_set_ex_data(x, idx, data) \
|
74
31
|
CRYPTO_set_ex_data(&(x)->ex_data, (idx), (data))
|
32
|
+
#endif
|
33
|
+
|
34
|
+
#if !defined(HAVE_X509_STORE_GET_EX_NEW_INDEX) && !defined(X509_STORE_get_ex_new_index)
|
75
35
|
# define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
|
76
36
|
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, (l), (p), \
|
77
37
|
(newf), (dupf), (freef))
|
@@ -149,7 +109,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
|
|
149
109
|
static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
|
150
110
|
return pkey->pkey._name; }
|
151
111
|
#define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
|
152
|
-
static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
|
112
|
+
static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
|
153
113
|
if (a1) *a1 = obj->a1; \
|
154
114
|
if (a2) *a2 = obj->a2; } \
|
155
115
|
static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
|
@@ -158,7 +118,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
|
|
158
118
|
BN_clear_free(obj->a2); obj->a2 = a2; \
|
159
119
|
return 1; }
|
160
120
|
#define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
|
161
|
-
static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
|
121
|
+
static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
|
162
122
|
if (a1) *a1 = obj->a1; \
|
163
123
|
if (a2) *a2 = obj->a2; \
|
164
124
|
if (a3) *a3 = obj->a3; } \
|
@@ -185,7 +145,7 @@ IMPL_KEY_ACCESSOR3(DSA, pqg, p, q, g, (p == obj->p || q == obj->q || g == obj->g
|
|
185
145
|
#if !defined(OPENSSL_NO_DH)
|
186
146
|
IMPL_PKEY_GETTER(DH, dh)
|
187
147
|
IMPL_KEY_ACCESSOR2(DH, key, pub_key, priv_key, (pub_key == obj->pub_key || (obj->priv_key && priv_key == obj->priv_key)))
|
188
|
-
IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || obj->q && q == obj->q || g == obj->g))
|
148
|
+
IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || (obj->q && q == obj->q) || g == obj->g))
|
189
149
|
static inline ENGINE *DH_get0_engine(DH *dh) { return dh->engine; }
|
190
150
|
#endif
|
191
151
|
|
@@ -219,4 +179,60 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
|
|
219
179
|
# define SSL_SESSION_get_protocol_version(s) ((s)->ssl_version)
|
220
180
|
#endif
|
221
181
|
|
182
|
+
#if !defined(HAVE_TS_STATUS_INFO_GET0_STATUS)
|
183
|
+
# define TS_STATUS_INFO_get0_status(a) ((a)->status)
|
184
|
+
#endif
|
185
|
+
|
186
|
+
#if !defined(HAVE_TS_STATUS_INFO_GET0_TEXT)
|
187
|
+
# define TS_STATUS_INFO_get0_text(a) ((a)->text)
|
188
|
+
#endif
|
189
|
+
|
190
|
+
#if !defined(HAVE_TS_STATUS_INFO_GET0_FAILURE_INFO)
|
191
|
+
# define TS_STATUS_INFO_get0_failure_info(a) ((a)->failure_info)
|
192
|
+
#endif
|
193
|
+
|
194
|
+
#if !defined(HAVE_TS_VERIFY_CTS_SET_CERTS)
|
195
|
+
# define TS_VERIFY_CTS_set_certs(ctx, crts) ((ctx)->certs=(crts))
|
196
|
+
#endif
|
197
|
+
|
198
|
+
#if !defined(HAVE_TS_VERIFY_CTX_SET_STORE)
|
199
|
+
# define TS_VERIFY_CTX_set_store(ctx, str) ((ctx)->store=(str))
|
200
|
+
#endif
|
201
|
+
|
202
|
+
#if !defined(HAVE_TS_VERIFY_CTX_ADD_FLAGS)
|
203
|
+
# define TS_VERIFY_CTX_add_flags(ctx, f) ((ctx)->flags |= (f))
|
204
|
+
#endif
|
205
|
+
|
206
|
+
#if !defined(HAVE_TS_RESP_CTX_SET_TIME_CB)
|
207
|
+
# define TS_RESP_CTX_set_time_cb(ctx, callback, dta) do { \
|
208
|
+
(ctx)->time_cb = (callback); \
|
209
|
+
(ctx)->time_cb_data = (dta); \
|
210
|
+
} while (0)
|
211
|
+
#endif
|
212
|
+
|
213
|
+
/* added in 3.0.0 */
|
214
|
+
#if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
|
215
|
+
# define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
|
216
|
+
#endif
|
217
|
+
|
218
|
+
#ifndef HAVE_EVP_MD_CTX_GET0_MD
|
219
|
+
# define EVP_MD_CTX_get0_md(ctx) EVP_MD_CTX_md(ctx)
|
220
|
+
#endif
|
221
|
+
|
222
|
+
/*
|
223
|
+
* OpenSSL 1.1.0 added EVP_MD_CTX_pkey_ctx(), and then it was renamed to
|
224
|
+
* EVP_MD_CTX_get_pkey_ctx(x) in OpenSSL 3.0.
|
225
|
+
*/
|
226
|
+
#ifndef HAVE_EVP_MD_CTX_GET_PKEY_CTX
|
227
|
+
# ifdef HAVE_EVP_MD_CTX_PKEY_CTX
|
228
|
+
# define EVP_MD_CTX_get_pkey_ctx(x) EVP_MD_CTX_pkey_ctx(x)
|
229
|
+
# else
|
230
|
+
# define EVP_MD_CTX_get_pkey_ctx(x) (x)->pctx
|
231
|
+
# endif
|
232
|
+
#endif
|
233
|
+
|
234
|
+
#ifndef HAVE_EVP_PKEY_EQ
|
235
|
+
# define EVP_PKEY_eq(a, b) EVP_PKEY_cmp(a, b)
|
236
|
+
#endif
|
237
|
+
|
222
238
|
#endif /* _OSSL_OPENSSL_MISSING_H_ */
|