openssl 2.1.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +35 -45
- data/History.md +426 -0
- data/README.md +38 -21
- data/ext/openssl/extconf.rb +132 -72
- data/ext/openssl/openssl_missing.c +0 -66
- data/ext/openssl/openssl_missing.h +62 -46
- data/ext/openssl/ossl.c +177 -252
- data/ext/openssl/ossl.h +39 -17
- data/ext/openssl/ossl_asn1.c +53 -14
- data/ext/openssl/ossl_bn.c +288 -146
- data/ext/openssl/ossl_bn.h +2 -1
- data/ext/openssl/ossl_cipher.c +42 -32
- data/ext/openssl/ossl_config.c +412 -41
- data/ext/openssl/ossl_config.h +4 -7
- data/ext/openssl/ossl_digest.c +32 -63
- data/ext/openssl/ossl_engine.c +19 -28
- data/ext/openssl/ossl_hmac.c +61 -146
- data/ext/openssl/ossl_kdf.c +15 -23
- data/ext/openssl/ossl_ns_spki.c +2 -2
- data/ext/openssl/ossl_ocsp.c +17 -70
- data/ext/openssl/ossl_ocsp.h +3 -3
- data/ext/openssl/ossl_pkcs12.c +23 -4
- data/ext/openssl/ossl_pkcs7.c +49 -81
- data/ext/openssl/ossl_pkcs7.h +16 -0
- data/ext/openssl/ossl_pkey.c +1508 -195
- data/ext/openssl/ossl_pkey.h +41 -78
- data/ext/openssl/ossl_pkey_dh.c +153 -348
- data/ext/openssl/ossl_pkey_dsa.c +157 -413
- data/ext/openssl/ossl_pkey_ec.c +257 -343
- data/ext/openssl/ossl_pkey_rsa.c +166 -490
- data/ext/openssl/ossl_provider.c +211 -0
- data/ext/openssl/ossl_provider.h +5 -0
- data/ext/openssl/ossl_rand.c +2 -40
- data/ext/openssl/ossl_ssl.c +666 -456
- data/ext/openssl/ossl_ssl_session.c +29 -30
- data/ext/openssl/ossl_ts.c +1539 -0
- data/ext/openssl/ossl_ts.h +16 -0
- data/ext/openssl/ossl_x509.c +86 -1
- data/ext/openssl/ossl_x509attr.c +1 -1
- data/ext/openssl/ossl_x509cert.c +170 -14
- data/ext/openssl/ossl_x509crl.c +14 -11
- data/ext/openssl/ossl_x509ext.c +29 -9
- data/ext/openssl/ossl_x509name.c +24 -12
- data/ext/openssl/ossl_x509req.c +14 -11
- data/ext/openssl/ossl_x509revoked.c +4 -4
- data/ext/openssl/ossl_x509store.c +205 -96
- data/lib/openssl/bn.rb +1 -1
- data/lib/openssl/buffering.rb +42 -20
- data/lib/openssl/cipher.rb +1 -1
- data/lib/openssl/digest.rb +10 -16
- data/lib/openssl/hmac.rb +78 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs5.rb +1 -1
- data/lib/openssl/pkey.rb +447 -1
- data/lib/openssl/ssl.rb +68 -24
- data/lib/openssl/version.rb +5 -0
- data/lib/openssl/x509.rb +177 -1
- data/lib/openssl.rb +24 -9
- metadata +18 -71
- data/ext/openssl/deprecation.rb +0 -23
- data/ext/openssl/ossl_version.h +0 -15
- data/ext/openssl/ruby_missing.h +0 -24
- data/lib/openssl/config.rb +0 -474
data/ext/openssl/extconf.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
# -*- coding: us-ascii -*-
|
2
|
-
# frozen_string_literal:
|
2
|
+
# frozen_string_literal: true
|
3
3
|
=begin
|
4
4
|
= Info
|
5
5
|
'OpenSSL for Ruby 2' project
|
@@ -12,30 +12,56 @@
|
|
12
12
|
=end
|
13
13
|
|
14
14
|
require "mkmf"
|
15
|
-
require File.expand_path('../deprecation', __FILE__)
|
16
15
|
|
17
|
-
|
16
|
+
ssl_dirs = nil
|
17
|
+
if defined?(::TruffleRuby)
|
18
|
+
# Always respect the openssl prefix chosen by truffle/openssl-prefix
|
19
|
+
require 'truffle/openssl-prefix'
|
20
|
+
ssl_dirs = dir_config("openssl", ENV["OPENSSL_PREFIX"])
|
21
|
+
else
|
22
|
+
ssl_dirs = dir_config("openssl")
|
23
|
+
end
|
24
|
+
dir_config_given = ssl_dirs.any?
|
25
|
+
|
26
|
+
_, ssl_ldir = ssl_dirs
|
27
|
+
if ssl_ldir&.split(File::PATH_SEPARATOR)&.none? { |dir| File.directory?(dir) }
|
28
|
+
# According to the `mkmf.rb#dir_config`, the `--with-openssl-dir=<dir>` uses
|
29
|
+
# the value of the `File.basename(RbConfig::MAKEFILE_CONFIG["libdir"])` as a
|
30
|
+
# loaded library directory name.
|
31
|
+
ruby_ldir_name = File.basename(RbConfig::MAKEFILE_CONFIG["libdir"])
|
32
|
+
|
33
|
+
raise "OpenSSL library directory could not be found in '#{ssl_ldir}'. " \
|
34
|
+
"You might want to fix this error in one of the following ways.\n" \
|
35
|
+
" * Recompile OpenSSL by configuring it with --libdir=#{ruby_ldir_name} " \
|
36
|
+
" to specify the OpenSSL library directory.\n" \
|
37
|
+
" * Recompile Ruby by configuring it with --libdir=<dir> to specify the " \
|
38
|
+
"Ruby library directory.\n" \
|
39
|
+
" * Compile this openssl gem with --with-openssl-include=<dir> and " \
|
40
|
+
"--with-openssl-lib=<dir> options to specify the OpenSSL include and " \
|
41
|
+
"library directories."
|
42
|
+
end
|
43
|
+
|
18
44
|
dir_config("kerberos")
|
19
45
|
|
20
46
|
Logging::message "=== OpenSSL for Ruby configurator ===\n"
|
21
47
|
|
22
|
-
|
23
|
-
OpenSSL.deprecated_warning_flag
|
48
|
+
$defs.push("-D""OPENSSL_SUPPRESS_DEPRECATED")
|
24
49
|
|
25
|
-
|
26
|
-
|
27
|
-
# To turn it on, use: --with-debug or --enable-debug
|
28
|
-
#
|
29
|
-
if with_config("debug") or enable_config("debug")
|
30
|
-
$defs.push("-DOSSL_DEBUG")
|
31
|
-
end
|
50
|
+
have_func("rb_io_descriptor")
|
51
|
+
have_func("rb_io_maybe_wait(0, Qnil, Qnil, Qnil)", "ruby/io.h") # Ruby 3.1
|
32
52
|
|
33
53
|
Logging::message "=== Checking for system dependent stuff... ===\n"
|
34
54
|
have_library("nsl", "t_open")
|
35
55
|
have_library("socket", "socket")
|
56
|
+
if $mswin || $mingw
|
57
|
+
have_library("ws2_32")
|
58
|
+
end
|
36
59
|
|
37
|
-
|
38
|
-
|
60
|
+
if $mingw
|
61
|
+
append_cflags '-D_FORTIFY_SOURCE=2'
|
62
|
+
append_ldflags '-fstack-protector'
|
63
|
+
have_library 'ssp'
|
64
|
+
end
|
39
65
|
|
40
66
|
def find_openssl_library
|
41
67
|
if $mswin || $mingw
|
@@ -87,77 +113,111 @@ def find_openssl_library
|
|
87
113
|
return false
|
88
114
|
end
|
89
115
|
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
116
|
+
Logging::message "=== Checking for required stuff... ===\n"
|
117
|
+
pkg_config_found = !dir_config_given && pkg_config("openssl") && have_header("openssl/ssl.h")
|
118
|
+
|
119
|
+
if !pkg_config_found && !find_openssl_library
|
120
|
+
Logging::message "=== Checking for required stuff failed. ===\n"
|
121
|
+
Logging::message "Makefile wasn't created. Fix the errors above.\n"
|
122
|
+
raise "OpenSSL library could not be found. You might want to use " \
|
123
|
+
"--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
|
124
|
+
"is installed."
|
125
|
+
end
|
126
|
+
|
127
|
+
version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
|
128
|
+
is_libressl = true
|
129
|
+
checking_for("LibreSSL version >= 3.1.0") {
|
130
|
+
try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x30100000L", "openssl/opensslv.h") }
|
131
|
+
else
|
132
|
+
checking_for("OpenSSL version >= 1.0.2") {
|
133
|
+
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10002000L", "openssl/opensslv.h") }
|
134
|
+
end
|
135
|
+
unless version_ok
|
136
|
+
raise "OpenSSL >= 1.0.2 or LibreSSL >= 3.1.0 is required"
|
98
137
|
end
|
99
138
|
|
100
|
-
|
101
|
-
|
102
|
-
|
139
|
+
# Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
|
140
|
+
if is_libressl && ($mswin || $mingw)
|
141
|
+
$defs.push("-DNOCRYPT")
|
103
142
|
end
|
104
143
|
|
105
144
|
Logging::message "=== Checking for OpenSSL features... ===\n"
|
145
|
+
evp_h = "openssl/evp.h".freeze
|
146
|
+
x509_h = "openssl/x509.h".freeze
|
147
|
+
ts_h = "openssl/ts.h".freeze
|
148
|
+
ssl_h = "openssl/ssl.h".freeze
|
149
|
+
|
106
150
|
# compile options
|
107
|
-
have_func("RAND_egd")
|
108
|
-
engines = %w{
|
109
|
-
cswift nuron sureware ubsec padlock capi gmp gost cryptodev
|
151
|
+
have_func("RAND_egd()", "openssl/rand.h")
|
152
|
+
engines = %w{dynamic 4758cca aep atalla chil
|
153
|
+
cswift nuron sureware ubsec padlock capi gmp gost cryptodev}
|
110
154
|
engines.each { |name|
|
111
|
-
|
155
|
+
have_func("ENGINE_load_#{name}()", "openssl/engine.h")
|
112
156
|
}
|
113
157
|
|
114
|
-
# added in 1.0.2
|
115
|
-
have_func("EC_curve_nist2nid")
|
116
|
-
have_func("X509_REVOKED_dup")
|
117
|
-
have_func("X509_STORE_CTX_get0_store")
|
118
|
-
have_func("SSL_CTX_set_alpn_select_cb")
|
119
|
-
OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
|
120
|
-
OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
|
121
|
-
OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
|
122
|
-
have_func("SSL_is_server")
|
123
|
-
|
124
158
|
# added in 1.1.0
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
have_func("
|
129
|
-
have_func("
|
130
|
-
have_func("
|
131
|
-
have_func("
|
132
|
-
have_func("
|
133
|
-
have_func("
|
134
|
-
|
135
|
-
have_func("
|
136
|
-
have_func("
|
137
|
-
have_func("
|
138
|
-
have_func("
|
139
|
-
have_func("
|
140
|
-
have_func("
|
141
|
-
have_func("
|
142
|
-
have_func("
|
143
|
-
have_func("
|
144
|
-
have_func("
|
145
|
-
have_func("
|
146
|
-
have_func("
|
147
|
-
have_func("
|
148
|
-
have_func("
|
149
|
-
have_func("
|
150
|
-
have_func("
|
151
|
-
have_func("
|
152
|
-
|
153
|
-
|
154
|
-
have_func("
|
155
|
-
have_func("
|
156
|
-
have_func("
|
157
|
-
have_func("
|
159
|
+
if !have_struct_member("SSL", "ctx", "openssl/ssl.h") || is_libressl
|
160
|
+
$defs.push("-DHAVE_OPAQUE_OPENSSL")
|
161
|
+
end
|
162
|
+
have_func("EVP_MD_CTX_new()", evp_h)
|
163
|
+
have_func("EVP_MD_CTX_free(NULL)", evp_h)
|
164
|
+
have_func("EVP_MD_CTX_pkey_ctx(NULL)", evp_h)
|
165
|
+
have_func("X509_STORE_get_ex_data(NULL, 0)", x509_h)
|
166
|
+
have_func("X509_STORE_set_ex_data(NULL, 0, NULL)", x509_h)
|
167
|
+
have_func("X509_STORE_get_ex_new_index(0, NULL, NULL, NULL, NULL)", x509_h)
|
168
|
+
have_func("X509_CRL_get0_signature(NULL, NULL, NULL)", x509_h)
|
169
|
+
have_func("X509_REQ_get0_signature(NULL, NULL, NULL)", x509_h)
|
170
|
+
have_func("X509_REVOKED_get0_serialNumber(NULL)", x509_h)
|
171
|
+
have_func("X509_REVOKED_get0_revocationDate(NULL)", x509_h)
|
172
|
+
have_func("X509_get0_tbs_sigalg(NULL)", x509_h)
|
173
|
+
have_func("X509_STORE_CTX_get0_untrusted(NULL)", x509_h)
|
174
|
+
have_func("X509_STORE_CTX_get0_cert(NULL)", x509_h)
|
175
|
+
have_func("X509_STORE_CTX_get0_chain(NULL)", x509_h)
|
176
|
+
have_func("OCSP_SINGLERESP_get0_id(NULL)", "openssl/ocsp.h")
|
177
|
+
have_func("SSL_CTX_get_ciphers(NULL)", ssl_h)
|
178
|
+
have_func("X509_up_ref(NULL)", x509_h)
|
179
|
+
have_func("X509_CRL_up_ref(NULL)", x509_h)
|
180
|
+
have_func("X509_STORE_up_ref(NULL)", x509_h)
|
181
|
+
have_func("SSL_SESSION_up_ref(NULL)", ssl_h)
|
182
|
+
have_func("EVP_PKEY_up_ref(NULL)", evp_h)
|
183
|
+
have_func("SSL_CTX_set_min_proto_version(NULL, 0)", ssl_h)
|
184
|
+
have_func("SSL_CTX_get_security_level(NULL)", ssl_h)
|
185
|
+
have_func("X509_get0_notBefore(NULL)", x509_h)
|
186
|
+
have_func("SSL_SESSION_get_protocol_version(NULL)", ssl_h)
|
187
|
+
have_func("TS_STATUS_INFO_get0_status(NULL)", ts_h)
|
188
|
+
have_func("TS_STATUS_INFO_get0_text(NULL)", ts_h)
|
189
|
+
have_func("TS_STATUS_INFO_get0_failure_info(NULL)", ts_h)
|
190
|
+
have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", ts_h)
|
191
|
+
have_func("TS_VERIFY_CTX_set_store(NULL, NULL)", ts_h)
|
192
|
+
have_func("TS_VERIFY_CTX_add_flags(NULL, 0)", ts_h)
|
193
|
+
have_func("TS_RESP_CTX_set_time_cb(NULL, NULL, NULL)", ts_h)
|
194
|
+
have_func("EVP_PBE_scrypt(\"\", 0, (unsigned char *)\"\", 0, 0, 0, 0, 0, NULL, 0)", evp_h)
|
195
|
+
have_func("SSL_CTX_set_post_handshake_auth(NULL, 0)", ssl_h)
|
196
|
+
|
197
|
+
# added in 1.1.1
|
198
|
+
have_func("EVP_PKEY_check(NULL)", evp_h)
|
199
|
+
have_func("EVP_PKEY_new_raw_private_key(0, NULL, (unsigned char *)\"\", 0)", evp_h)
|
200
|
+
have_func("SSL_CTX_set_ciphersuites(NULL, \"\")", ssl_h)
|
201
|
+
|
202
|
+
# added in 3.0.0
|
203
|
+
have_func("SSL_set0_tmp_dh_pkey(NULL, NULL)", ssl_h)
|
204
|
+
have_func("ERR_get_error_all(NULL, NULL, NULL, NULL, NULL)", "openssl/err.h")
|
205
|
+
have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", ts_h)
|
206
|
+
have_func("SSL_CTX_load_verify_file(NULL, \"\")", ssl_h)
|
207
|
+
have_func("BN_check_prime(NULL, NULL, NULL)", "openssl/bn.h")
|
208
|
+
have_func("EVP_MD_CTX_get0_md(NULL)", evp_h)
|
209
|
+
have_func("EVP_MD_CTX_get_pkey_ctx(NULL)", evp_h)
|
210
|
+
have_func("EVP_PKEY_eq(NULL, NULL)", evp_h)
|
211
|
+
have_func("EVP_PKEY_dup(NULL)", evp_h)
|
158
212
|
|
159
213
|
Logging::message "=== Checking done. ===\n"
|
160
214
|
|
215
|
+
# Append flags from environment variables.
|
216
|
+
extcflags = ENV["RUBY_OPENSSL_EXTCFLAGS"]
|
217
|
+
append_cflags(extcflags.split) if extcflags
|
218
|
+
extldflags = ENV["RUBY_OPENSSL_EXTLDFLAGS"]
|
219
|
+
append_ldflags(extldflags.split) if extldflags
|
220
|
+
|
161
221
|
create_header
|
162
222
|
create_makefile("openssl")
|
163
223
|
Logging::message "Done.\n"
|
@@ -10,77 +10,11 @@
|
|
10
10
|
#include RUBY_EXTCONF_H
|
11
11
|
|
12
12
|
#include <string.h> /* memcpy() */
|
13
|
-
#if !defined(OPENSSL_NO_ENGINE)
|
14
|
-
# include <openssl/engine.h>
|
15
|
-
#endif
|
16
|
-
#if !defined(OPENSSL_NO_HMAC)
|
17
|
-
# include <openssl/hmac.h>
|
18
|
-
#endif
|
19
13
|
#include <openssl/x509_vfy.h>
|
20
14
|
|
21
15
|
#include "openssl_missing.h"
|
22
16
|
|
23
|
-
/* added in 1.0.2 */
|
24
|
-
#if !defined(OPENSSL_NO_EC)
|
25
|
-
#if !defined(HAVE_EC_CURVE_NIST2NID)
|
26
|
-
static struct {
|
27
|
-
const char *name;
|
28
|
-
int nid;
|
29
|
-
} nist_curves[] = {
|
30
|
-
{"B-163", NID_sect163r2},
|
31
|
-
{"B-233", NID_sect233r1},
|
32
|
-
{"B-283", NID_sect283r1},
|
33
|
-
{"B-409", NID_sect409r1},
|
34
|
-
{"B-571", NID_sect571r1},
|
35
|
-
{"K-163", NID_sect163k1},
|
36
|
-
{"K-233", NID_sect233k1},
|
37
|
-
{"K-283", NID_sect283k1},
|
38
|
-
{"K-409", NID_sect409k1},
|
39
|
-
{"K-571", NID_sect571k1},
|
40
|
-
{"P-192", NID_X9_62_prime192v1},
|
41
|
-
{"P-224", NID_secp224r1},
|
42
|
-
{"P-256", NID_X9_62_prime256v1},
|
43
|
-
{"P-384", NID_secp384r1},
|
44
|
-
{"P-521", NID_secp521r1}
|
45
|
-
};
|
46
|
-
|
47
|
-
int
|
48
|
-
ossl_EC_curve_nist2nid(const char *name)
|
49
|
-
{
|
50
|
-
size_t i;
|
51
|
-
for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) {
|
52
|
-
if (!strcmp(nist_curves[i].name, name))
|
53
|
-
return nist_curves[i].nid;
|
54
|
-
}
|
55
|
-
return NID_undef;
|
56
|
-
}
|
57
|
-
#endif
|
58
|
-
#endif
|
59
|
-
|
60
17
|
/*** added in 1.1.0 ***/
|
61
|
-
#if !defined(HAVE_HMAC_CTX_NEW)
|
62
|
-
HMAC_CTX *
|
63
|
-
ossl_HMAC_CTX_new(void)
|
64
|
-
{
|
65
|
-
HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
|
66
|
-
if (!ctx)
|
67
|
-
return NULL;
|
68
|
-
HMAC_CTX_init(ctx);
|
69
|
-
return ctx;
|
70
|
-
}
|
71
|
-
#endif
|
72
|
-
|
73
|
-
#if !defined(HAVE_HMAC_CTX_FREE)
|
74
|
-
void
|
75
|
-
ossl_HMAC_CTX_free(HMAC_CTX *ctx)
|
76
|
-
{
|
77
|
-
if (ctx) {
|
78
|
-
HMAC_CTX_cleanup(ctx);
|
79
|
-
OPENSSL_free(ctx);
|
80
|
-
}
|
81
|
-
}
|
82
|
-
#endif
|
83
|
-
|
84
18
|
#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
|
85
19
|
void
|
86
20
|
ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
|
@@ -12,40 +12,7 @@
|
|
12
12
|
|
13
13
|
#include "ruby/config.h"
|
14
14
|
|
15
|
-
/* added in 1.0.2 */
|
16
|
-
#if !defined(OPENSSL_NO_EC)
|
17
|
-
#if !defined(HAVE_EC_CURVE_NIST2NID)
|
18
|
-
int ossl_EC_curve_nist2nid(const char *);
|
19
|
-
# define EC_curve_nist2nid ossl_EC_curve_nist2nid
|
20
|
-
#endif
|
21
|
-
#endif
|
22
|
-
|
23
|
-
#if !defined(HAVE_X509_REVOKED_DUP)
|
24
|
-
# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
|
25
|
-
(d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
|
26
|
-
#endif
|
27
|
-
|
28
|
-
#if !defined(HAVE_X509_STORE_CTX_GET0_STORE)
|
29
|
-
# define X509_STORE_CTX_get0_store(x) ((x)->ctx)
|
30
|
-
#endif
|
31
|
-
|
32
|
-
#if !defined(HAVE_SSL_IS_SERVER)
|
33
|
-
# define SSL_is_server(s) ((s)->server)
|
34
|
-
#endif
|
35
|
-
|
36
15
|
/* added in 1.1.0 */
|
37
|
-
#if !defined(HAVE_BN_GENCB_NEW)
|
38
|
-
# define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
|
39
|
-
#endif
|
40
|
-
|
41
|
-
#if !defined(HAVE_BN_GENCB_FREE)
|
42
|
-
# define BN_GENCB_free(cb) OPENSSL_free(cb)
|
43
|
-
#endif
|
44
|
-
|
45
|
-
#if !defined(HAVE_BN_GENCB_GET_ARG)
|
46
|
-
# define BN_GENCB_get_arg(cb) (cb)->arg
|
47
|
-
#endif
|
48
|
-
|
49
16
|
#if !defined(HAVE_EVP_MD_CTX_NEW)
|
50
17
|
# define EVP_MD_CTX_new EVP_MD_CTX_create
|
51
18
|
#endif
|
@@ -54,16 +21,6 @@ int ossl_EC_curve_nist2nid(const char *);
|
|
54
21
|
# define EVP_MD_CTX_free EVP_MD_CTX_destroy
|
55
22
|
#endif
|
56
23
|
|
57
|
-
#if !defined(HAVE_HMAC_CTX_NEW)
|
58
|
-
HMAC_CTX *ossl_HMAC_CTX_new(void);
|
59
|
-
# define HMAC_CTX_new ossl_HMAC_CTX_new
|
60
|
-
#endif
|
61
|
-
|
62
|
-
#if !defined(HAVE_HMAC_CTX_FREE)
|
63
|
-
void ossl_HMAC_CTX_free(HMAC_CTX *);
|
64
|
-
# define HMAC_CTX_free ossl_HMAC_CTX_free
|
65
|
-
#endif
|
66
|
-
|
67
24
|
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
|
68
25
|
# define X509_STORE_get_ex_data(x, idx) \
|
69
26
|
CRYPTO_get_ex_data(&(x)->ex_data, (idx))
|
@@ -72,6 +29,9 @@ void ossl_HMAC_CTX_free(HMAC_CTX *);
|
|
72
29
|
#if !defined(HAVE_X509_STORE_SET_EX_DATA)
|
73
30
|
# define X509_STORE_set_ex_data(x, idx, data) \
|
74
31
|
CRYPTO_set_ex_data(&(x)->ex_data, (idx), (data))
|
32
|
+
#endif
|
33
|
+
|
34
|
+
#if !defined(HAVE_X509_STORE_GET_EX_NEW_INDEX) && !defined(X509_STORE_get_ex_new_index)
|
75
35
|
# define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
|
76
36
|
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, (l), (p), \
|
77
37
|
(newf), (dupf), (freef))
|
@@ -149,7 +109,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
|
|
149
109
|
static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
|
150
110
|
return pkey->pkey._name; }
|
151
111
|
#define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
|
152
|
-
static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
|
112
|
+
static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
|
153
113
|
if (a1) *a1 = obj->a1; \
|
154
114
|
if (a2) *a2 = obj->a2; } \
|
155
115
|
static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
|
@@ -158,7 +118,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
|
|
158
118
|
BN_clear_free(obj->a2); obj->a2 = a2; \
|
159
119
|
return 1; }
|
160
120
|
#define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
|
161
|
-
static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
|
121
|
+
static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
|
162
122
|
if (a1) *a1 = obj->a1; \
|
163
123
|
if (a2) *a2 = obj->a2; \
|
164
124
|
if (a3) *a3 = obj->a3; } \
|
@@ -185,7 +145,7 @@ IMPL_KEY_ACCESSOR3(DSA, pqg, p, q, g, (p == obj->p || q == obj->q || g == obj->g
|
|
185
145
|
#if !defined(OPENSSL_NO_DH)
|
186
146
|
IMPL_PKEY_GETTER(DH, dh)
|
187
147
|
IMPL_KEY_ACCESSOR2(DH, key, pub_key, priv_key, (pub_key == obj->pub_key || (obj->priv_key && priv_key == obj->priv_key)))
|
188
|
-
IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || obj->q && q == obj->q || g == obj->g))
|
148
|
+
IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || (obj->q && q == obj->q) || g == obj->g))
|
189
149
|
static inline ENGINE *DH_get0_engine(DH *dh) { return dh->engine; }
|
190
150
|
#endif
|
191
151
|
|
@@ -219,4 +179,60 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
|
|
219
179
|
# define SSL_SESSION_get_protocol_version(s) ((s)->ssl_version)
|
220
180
|
#endif
|
221
181
|
|
182
|
+
#if !defined(HAVE_TS_STATUS_INFO_GET0_STATUS)
|
183
|
+
# define TS_STATUS_INFO_get0_status(a) ((a)->status)
|
184
|
+
#endif
|
185
|
+
|
186
|
+
#if !defined(HAVE_TS_STATUS_INFO_GET0_TEXT)
|
187
|
+
# define TS_STATUS_INFO_get0_text(a) ((a)->text)
|
188
|
+
#endif
|
189
|
+
|
190
|
+
#if !defined(HAVE_TS_STATUS_INFO_GET0_FAILURE_INFO)
|
191
|
+
# define TS_STATUS_INFO_get0_failure_info(a) ((a)->failure_info)
|
192
|
+
#endif
|
193
|
+
|
194
|
+
#if !defined(HAVE_TS_VERIFY_CTS_SET_CERTS)
|
195
|
+
# define TS_VERIFY_CTS_set_certs(ctx, crts) ((ctx)->certs=(crts))
|
196
|
+
#endif
|
197
|
+
|
198
|
+
#if !defined(HAVE_TS_VERIFY_CTX_SET_STORE)
|
199
|
+
# define TS_VERIFY_CTX_set_store(ctx, str) ((ctx)->store=(str))
|
200
|
+
#endif
|
201
|
+
|
202
|
+
#if !defined(HAVE_TS_VERIFY_CTX_ADD_FLAGS)
|
203
|
+
# define TS_VERIFY_CTX_add_flags(ctx, f) ((ctx)->flags |= (f))
|
204
|
+
#endif
|
205
|
+
|
206
|
+
#if !defined(HAVE_TS_RESP_CTX_SET_TIME_CB)
|
207
|
+
# define TS_RESP_CTX_set_time_cb(ctx, callback, dta) do { \
|
208
|
+
(ctx)->time_cb = (callback); \
|
209
|
+
(ctx)->time_cb_data = (dta); \
|
210
|
+
} while (0)
|
211
|
+
#endif
|
212
|
+
|
213
|
+
/* added in 3.0.0 */
|
214
|
+
#if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
|
215
|
+
# define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
|
216
|
+
#endif
|
217
|
+
|
218
|
+
#ifndef HAVE_EVP_MD_CTX_GET0_MD
|
219
|
+
# define EVP_MD_CTX_get0_md(ctx) EVP_MD_CTX_md(ctx)
|
220
|
+
#endif
|
221
|
+
|
222
|
+
/*
|
223
|
+
* OpenSSL 1.1.0 added EVP_MD_CTX_pkey_ctx(), and then it was renamed to
|
224
|
+
* EVP_MD_CTX_get_pkey_ctx(x) in OpenSSL 3.0.
|
225
|
+
*/
|
226
|
+
#ifndef HAVE_EVP_MD_CTX_GET_PKEY_CTX
|
227
|
+
# ifdef HAVE_EVP_MD_CTX_PKEY_CTX
|
228
|
+
# define EVP_MD_CTX_get_pkey_ctx(x) EVP_MD_CTX_pkey_ctx(x)
|
229
|
+
# else
|
230
|
+
# define EVP_MD_CTX_get_pkey_ctx(x) (x)->pctx
|
231
|
+
# endif
|
232
|
+
#endif
|
233
|
+
|
234
|
+
#ifndef HAVE_EVP_PKEY_EQ
|
235
|
+
# define EVP_PKEY_eq(a, b) EVP_PKEY_cmp(a, b)
|
236
|
+
#endif
|
237
|
+
|
222
238
|
#endif /* _OSSL_OPENSSL_MISSING_H_ */
|