openssl 2.1.1 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +9 -7
  3. data/History.md +165 -0
  4. data/README.md +2 -2
  5. data/ext/openssl/extconf.rb +51 -27
  6. data/ext/openssl/openssl_missing.h +39 -4
  7. data/ext/openssl/ossl.c +61 -27
  8. data/ext/openssl/ossl.h +8 -5
  9. data/ext/openssl/ossl_asn1.c +27 -1
  10. data/ext/openssl/ossl_bn.c +92 -24
  11. data/ext/openssl/ossl_bn.h +2 -1
  12. data/ext/openssl/ossl_cipher.c +33 -24
  13. data/ext/openssl/ossl_digest.c +22 -53
  14. data/ext/openssl/ossl_engine.c +2 -12
  15. data/ext/openssl/ossl_hmac.c +5 -11
  16. data/ext/openssl/ossl_kdf.c +3 -19
  17. data/ext/openssl/ossl_ns_spki.c +1 -1
  18. data/ext/openssl/ossl_ocsp.c +6 -11
  19. data/ext/openssl/ossl_ocsp.h +3 -3
  20. data/ext/openssl/ossl_pkcs12.c +1 -0
  21. data/ext/openssl/ossl_pkcs7.c +4 -19
  22. data/ext/openssl/ossl_pkcs7.h +16 -0
  23. data/ext/openssl/ossl_pkey.c +206 -17
  24. data/ext/openssl/ossl_pkey.h +6 -6
  25. data/ext/openssl/ossl_pkey_dh.c +1 -1
  26. data/ext/openssl/ossl_pkey_dsa.c +2 -2
  27. data/ext/openssl/ossl_pkey_ec.c +38 -8
  28. data/ext/openssl/ossl_pkey_rsa.c +17 -9
  29. data/ext/openssl/ossl_rand.c +2 -40
  30. data/ext/openssl/ossl_ssl.c +205 -75
  31. data/ext/openssl/ossl_ts.c +1524 -0
  32. data/ext/openssl/ossl_ts.h +16 -0
  33. data/ext/openssl/ossl_x509.c +91 -0
  34. data/ext/openssl/ossl_x509cert.c +2 -2
  35. data/ext/openssl/ossl_x509ext.c +15 -0
  36. data/ext/openssl/ossl_x509name.c +15 -10
  37. data/ext/openssl/ossl_x509store.c +40 -22
  38. data/lib/openssl/bn.rb +1 -1
  39. data/lib/openssl/buffering.rb +33 -17
  40. data/lib/openssl/cipher.rb +1 -1
  41. data/lib/openssl/config.rb +53 -26
  42. data/lib/openssl/digest.rb +10 -12
  43. data/lib/openssl/hmac.rb +13 -0
  44. data/lib/openssl/marshal.rb +30 -0
  45. data/lib/openssl/pkcs5.rb +1 -1
  46. data/lib/openssl/pkey.rb +18 -1
  47. data/lib/openssl/ssl.rb +46 -7
  48. data/lib/openssl/version.rb +5 -0
  49. data/lib/openssl/x509.rb +155 -1
  50. data/lib/openssl.rb +25 -9
  51. metadata +25 -9
  52. data/ext/openssl/deprecation.rb +0 -23
  53. data/ext/openssl/ossl_version.h +0 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e17353c3f443f1f4ba2afd65319630911e93cd4204b71e0a50a0640ab50ee714
4
- data.tar.gz: 8a7b4d82c64a0a80198624fa96af48c03163205ec84331e9618b26ff764f6c4c
3
+ metadata.gz: 64981d6d16c53d08f9f88d54e28340769b26651ac6b4b1325f085b125255a60e
4
+ data.tar.gz: 5f0eff4a8e8610696fbd755c081a94793ec8c28384adb167a22ffe910a3f662e
5
5
  SHA512:
6
- metadata.gz: e7d48ecc23c6dabc5eb29ee78b605096bfed6d62e83f66d2cbb67316afdb68dafe5c1b9c8c0ced0fba6478d671fda75969e35d50b22051458ca237b470973a9c
7
- data.tar.gz: c349830b16d8a87f1563b5f25f6451889e323c7a9b7666e9769f5c412c3f412728586adb4b4cb1365e34c54cb0d931467388c8f0b37f140dbc825459af20bb64
6
+ metadata.gz: 02d5dd3dc0c04f98b25a24c00eb2a5bbad34ff0688c7a0e3c331c3c33e7d1662fcceef4d38f6d02d1fe2dc8e711f8232512731e1c3e6bfcf793f4993b0eb8071
7
+ data.tar.gz: 06c1a0f3aab1e27d3b5898652789ff299d53f30464b67e4bc015895d15ef3af70503cf79320af2061bee768b9671e2a1268e3133e66018b60aa76f6ca86a26d6
data/CONTRIBUTING.md CHANGED
@@ -12,12 +12,14 @@ If you think you found a bug, file a ticket on GitHub. Please DO NOT report
12
12
  security issues here, there is a separate procedure which is described on
13
13
  ["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
14
14
 
15
- When reporting a bug, please make sure you include the version of Ruby, the
16
- version of openssl gem, the version of the OpenSSL library, along with a sample
17
- file that illustrates the problem or link to repository or gem that is
18
- associated with the bug.
19
-
20
- There is a number of unresolved issues and feature requests for openssl that
15
+ When reporting a bug, please make sure you include:
16
+ * Ruby version
17
+ * OpenSSL gem version
18
+ * OpenSSL library version
19
+ * A sample file that illustrates the problem or link to the repository or
20
+ gem that is associated with the bug.
21
+
22
+ There are a number of unresolved issues and feature requests for openssl that
21
23
  need review. Before submitting a new ticket, it is recommended to check
22
24
  [known issues] and [bugs.ruby-lang.org], the previous issue tracker.
23
25
 
@@ -78,7 +80,7 @@ $ docker-compose run debug
78
80
  ```
79
81
 
80
82
  All possible values for `RUBY_VERSION` and `OPENSSL_VERSION` can be found in
81
- [`.travis.yml`](https://github.com/ruby/openssl/tree/master/.travis.yml).
83
+ [`test.yml`](https://github.com/ruby/openssl/tree/master/.github/workflows/test.yml).
82
84
 
83
85
  **NOTE**: these commands must be run from the openssl repository root, in order
84
86
  to use the
data/History.md CHANGED
@@ -1,3 +1,145 @@
1
+ Version 2.2.1
2
+ =============
3
+
4
+ Merged changes in 2.1.3. Additionally, the following issues are fixed by this
5
+ release.
6
+
7
+ Bug fixes
8
+ ---------
9
+
10
+ * Fix crash in `OpenSSL::Timestamp::{Request,Response,TokenInfo}.new` when
11
+ invalid arguments are given.
12
+ [[GitHub #407]](https://github.com/ruby/openssl/pull/407)
13
+ * Fix `OpenSSL::Timestamp::Factory#create_timestamp` with LibreSSL on platforms
14
+ where `time_t` has a different size from `long`.
15
+ [[GitHub #454]](https://github.com/ruby/openssl/pull/454)
16
+
17
+
18
+ Version 2.2.0
19
+ =============
20
+
21
+ Compatibility notes
22
+ -------------------
23
+
24
+ * Remove unsupported MDC2, DSS, DSS1, and SHA algorithms.
25
+ * Remove `OpenSSL::PKCS7::SignerInfo#name` alias for `#issuer`.
26
+ [[GitHub #266]](https://github.com/ruby/openssl/pull/266)
27
+ * Deprecate `OpenSSL::Config#add_value` and `#[]=` for future removal.
28
+ [[GitHub #322]](https://github.com/ruby/openssl/pull/322)
29
+
30
+
31
+ Notable changes
32
+ ---------------
33
+
34
+ * Change default `OpenSSL::SSL::SSLServer#listen` backlog argument from
35
+ 5 to `Socket::SOMAXCONN`.
36
+ [[GitHub #286]](https://github.com/ruby/openssl/issues/286)
37
+ * Make `OpenSSL::HMAC#==` use a timing safe string comparison.
38
+ [[GitHub #284]](https://github.com/ruby/openssl/pull/284)
39
+ * Add support for SHA3 and BLAKE digests.
40
+ [[GitHub #282]](https://github.com/ruby/openssl/pull/282)
41
+ * Add `OpenSSL::SSL::SSLSocket.open` for opening a `TCPSocket` and
42
+ returning an `OpenSSL::SSL::SSLSocket` for it.
43
+ [[GitHub #225]](https://github.com/ruby/openssl/issues/225)
44
+ * Support marshalling of `OpenSSL::X509` and `OpenSSL::PKey` objects.
45
+ [[GitHub #281]](https://github.com/ruby/openssl/pull/281)
46
+ [[GitHub #363]](https://github.com/ruby/openssl/pull/363)
47
+ * Add `OpenSSL.secure_compare` for timing safe string comparison for
48
+ strings of possibly unequal length.
49
+ [[GitHub #280]](https://github.com/ruby/openssl/pull/280)
50
+ * Add `OpenSSL.fixed_length_secure_compare` for timing safe string
51
+ comparison for strings of equal length.
52
+ [[GitHub #269]](https://github.com/ruby/openssl/pull/269)
53
+ * Add `OpenSSL::SSL::SSLSocket#{finished_message,peer_finished_message}`
54
+ for last finished message sent and received.
55
+ [[GitHub #250]](https://github.com/ruby/openssl/pull/250)
56
+ * Add `OpenSSL::Timestamp` module for handing timestamp requests and
57
+ responses.
58
+ [[GitHub #204]](https://github.com/ruby/openssl/pull/204)
59
+ * Add helper methods for `OpenSSL::X509::Certificate`:
60
+ `find_extension`, `subject_key_identifier`,
61
+ `authority_key_identifier`, `crl_uris`, `ca_issuer_uris` and
62
+ `ocsp_uris`, and for `OpenSSL::X509::CRL`:
63
+ `find_extension` and `subject_key_identifier`.
64
+ [[GitHub #260]](https://github.com/ruby/openssl/pull/260)
65
+ [[GitHub #275]](https://github.com/ruby/openssl/pull/275)
66
+ [[GitHub #293]](https://github.com/ruby/openssl/pull/293)
67
+ * Add `OpenSSL::ECPoint#add` for performing elliptic curve point addition.
68
+ [[GitHub #261]](https://github.com/ruby/openssl/pull/261)
69
+ * Make `OpenSSL::PKey::RSA#{export,to_der}` check `key`, `factors`, and
70
+ `crt_params` to do proper private key serialization.
71
+ [[GitHub #258]](https://github.com/ruby/openssl/pull/258)
72
+ * Add `OpenSSL::SSL::{SSLSocket,SSLServer}#fileno`, returning the
73
+ underlying socket file descriptor number.
74
+ [[GitHub #247]](https://github.com/ruby/openssl/pull/247)
75
+ * Support client certificates with TLS 1.3, and support post-handshake
76
+ authentication with OpenSSL 1.1.1+.
77
+ [[GitHub #239]](https://github.com/ruby/openssl/pull/239)
78
+ * Add `OpenSSL::ASN1::ObjectId#==` for equality testing.
79
+ * Add `OpenSSL::X509::Extension#value_der` for the raw value of
80
+ the extension.
81
+ [[GitHub #234]](https://github.com/ruby/openssl/pull/234)
82
+ * Significantly reduce allocated memory in `OpenSSL::Buffering#do_write`.
83
+ [[GitHub #212]](https://github.com/ruby/openssl/pull/212)
84
+ * Ensure all valid IPv6 addresses are considered valid as elements
85
+ of subjectAlternativeName in certificates.
86
+ [[GitHub #185]](https://github.com/ruby/openssl/pull/185)
87
+ * Allow recipient's certificate to be omitted in PCKS7#decrypt.
88
+ [[GitHub #183]](https://github.com/ruby/openssl/pull/183)
89
+ * Add support for reading keys in PKCS #8 format and export via instance methods
90
+ added to `OpenSSL::PKey` classes: `private_to_der`, `private_to_pem`,
91
+ `public_to_der` and `public_to_pem`.
92
+ [[GitHub #297]](https://github.com/ruby/openssl/pull/297)
93
+
94
+
95
+ Version 2.1.3
96
+ =============
97
+
98
+ Bug fixes
99
+ ---------
100
+
101
+ * Fix deprecation warnings on Ruby 3.0.
102
+ * Add ".include" directive support in `OpenSSL::Config`.
103
+ [[GitHub #216]](https://github.com/ruby/openssl/pull/216)
104
+ * Fix handling of IPv6 address SANs.
105
+ [[GitHub #185]](https://github.com/ruby/openssl/pull/185)
106
+ * Hostname verification failure with `OpenSSL::SSL::SSLContext#verify_hostname=`
107
+ sets a proper error code.
108
+ [[GitHub #350]](https://github.com/ruby/openssl/pull/350)
109
+ * Fix crash with `OpenSSL::BN.new(nil, 2)`.
110
+ [[Bug #15760]](https://bugs.ruby-lang.org/issues/15760)
111
+ * `OpenSSL::SSL::SSLSocket#sys{read,write}` prevent internal string buffers from
112
+ being modified by another thread.
113
+ [[GitHub #453]](https://github.com/ruby/openssl/pull/453)
114
+ * Fix misuse of input record separator in `OpenSSL::Buffering` where it was
115
+ for output.
116
+ * Fix wrong interger casting in `OpenSSL::PKey::EC#dsa_verify_asn1`.
117
+ [[GitHub #460]](https://github.com/ruby/openssl/pull/460)
118
+ * `extconf.rb` explicitly checks that OpenSSL's version number is 1.0.1 or
119
+ newer but also less than 3.0. Ruby/OpenSSL v2.1.x and v2.2.x will not support
120
+ OpenSSL 3.0 API.
121
+ [[GitHub #458]](https://github.com/ruby/openssl/pull/458)
122
+ * Activate `digest` gem correctly. `digest` library could go into an
123
+ inconsistent state if there are multiple versions of `digest` is installed
124
+ and `openssl` is `require`d before `digest`.
125
+ [[GitHub #463]](https://github.com/ruby/openssl/pull/463)
126
+ * Fix GC.compact compatibility.
127
+ [[GitHub #464]](https://github.com/ruby/openssl/issues/464)
128
+ [[GitHub #465]](https://github.com/ruby/openssl/pull/465)
129
+
130
+
131
+ Version 2.1.2
132
+ =============
133
+
134
+ Merged changes in 2.0.9.
135
+
136
+
137
+ Version 2.1.1
138
+ =============
139
+
140
+ Merged changes in 2.0.8.
141
+
142
+
1
143
  Version 2.1.0
2
144
  =============
3
145
 
@@ -55,6 +197,29 @@ Notable changes
55
197
  [[GitHub #177]](https://github.com/ruby/openssl/pull/177)
56
198
 
57
199
 
200
+ Version 2.0.9
201
+ =============
202
+
203
+ Security fixes
204
+ --------------
205
+
206
+ * OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
207
+ objects. CVE-2018-16395 is assigned for this issue.
208
+ https://hackerone.com/reports/387250
209
+
210
+ Bug fixes
211
+ ---------
212
+
213
+ * Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
214
+ interrupted.
215
+ [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
216
+ [[GitHub #205]](https://github.com/ruby/openssl/pull/205)
217
+ * Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
218
+ called against an empty instance.
219
+ [[GitHub #200]](https://github.com/ruby/openssl/issues/200)
220
+ [[GitHub #211]](https://github.com/ruby/openssl/pull/211)
221
+
222
+
58
223
  Version 2.0.8
59
224
  =============
60
225
 
data/README.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # OpenSSL for Ruby
2
2
 
3
- [![Build Status](https://travis-ci.org/ruby/openssl.svg?branch=master)](https://travis-ci.org/ruby/openssl)
4
- [![Build status](https://ci.appveyor.com/api/projects/status/b8djtmwo7l26f88y/branch/master?svg=true)](https://ci.appveyor.com/project/ruby/openssl/branch/master)
3
+ [![Actions Status](https://github.com/ruby/openssl/workflows/CI/badge.svg)](https://github.com/ruby/openssl/actions?workflow=CI)
4
+
5
5
 
6
6
  OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the
7
7
  OpenSSL library.
@@ -1,5 +1,5 @@
1
1
  # -*- coding: us-ascii -*-
2
- # frozen_string_literal: false
2
+ # frozen_string_literal: true
3
3
  =begin
4
4
  = Info
5
5
  'OpenSSL for Ruby 2' project
@@ -12,16 +12,12 @@
12
12
  =end
13
13
 
14
14
  require "mkmf"
15
- require File.expand_path('../deprecation', __FILE__)
16
15
 
17
16
  dir_config("openssl")
18
17
  dir_config("kerberos")
19
18
 
20
19
  Logging::message "=== OpenSSL for Ruby configurator ===\n"
21
20
 
22
- # Add -Werror=deprecated-declarations to $warnflags if available
23
- OpenSSL.deprecated_warning_flag
24
-
25
21
  ##
26
22
  # Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
27
23
  # To turn it on, use: --with-debug or --enable-debug
@@ -33,9 +29,15 @@ end
33
29
  Logging::message "=== Checking for system dependent stuff... ===\n"
34
30
  have_library("nsl", "t_open")
35
31
  have_library("socket", "socket")
32
+ if $mswin || $mingw
33
+ have_library("ws2_32")
34
+ end
36
35
 
37
- Logging::message "=== Checking for required stuff... ===\n"
38
- result = pkg_config("openssl") && have_header("openssl/ssl.h")
36
+ if $mingw
37
+ append_cflags '-D_FORTIFY_SOURCE=2'
38
+ append_ldflags '-fstack-protector'
39
+ have_library 'ssp'
40
+ end
39
41
 
40
42
  def find_openssl_library
41
43
  if $mswin || $mingw
@@ -87,28 +89,42 @@ def find_openssl_library
87
89
  return false
88
90
  end
89
91
 
90
- unless result
91
- unless find_openssl_library
92
- Logging::message "=== Checking for required stuff failed. ===\n"
93
- Logging::message "Makefile wasn't created. Fix the errors above.\n"
94
- raise "OpenSSL library could not be found. You might want to use " \
95
- "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
96
- "is installed."
97
- end
92
+ Logging::message "=== Checking for required stuff... ===\n"
93
+ pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h")
94
+
95
+ if !pkg_config_found && !find_openssl_library
96
+ Logging::message "=== Checking for required stuff failed. ===\n"
97
+ Logging::message "Makefile wasn't created. Fix the errors above.\n"
98
+ raise "OpenSSL library could not be found. You might want to use " \
99
+ "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
100
+ "is installed."
101
+ end
102
+
103
+ version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
104
+ is_libressl = true
105
+ checking_for("LibreSSL version >= 2.5.0") {
106
+ try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x20500000L", "openssl/opensslv.h") }
107
+ else
108
+ checking_for("OpenSSL version >= 1.0.1 and < 3.0.0") {
109
+ try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") &&
110
+ !try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") }
111
+ end
112
+ unless version_ok
113
+ raise "OpenSSL >= 1.0.1, < 3.0.0 or LibreSSL >= 2.5.0 is required"
98
114
  end
99
115
 
100
- unless checking_for("OpenSSL version is 1.0.1 or later") {
101
- try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") }
102
- raise "OpenSSL >= 1.0.1 or LibreSSL is required"
116
+ # Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
117
+ if is_libressl && ($mswin || $mingw)
118
+ $defs.push("-DNOCRYPT")
103
119
  end
104
120
 
105
121
  Logging::message "=== Checking for OpenSSL features... ===\n"
106
122
  # compile options
107
123
  have_func("RAND_egd")
108
- engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
109
- cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
124
+ engines = %w{dynamic 4758cca aep atalla chil
125
+ cswift nuron sureware ubsec padlock capi gmp gost cryptodev}
110
126
  engines.each { |name|
111
- OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
127
+ have_func("ENGINE_load_#{name}()", "openssl/engine.h")
112
128
  }
113
129
 
114
130
  # added in 1.0.2
@@ -116,9 +132,9 @@ have_func("EC_curve_nist2nid")
116
132
  have_func("X509_REVOKED_dup")
117
133
  have_func("X509_STORE_CTX_get0_store")
118
134
  have_func("SSL_CTX_set_alpn_select_cb")
119
- OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
120
- OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
121
- OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
135
+ have_func("SSL_CTX_set1_curves_list(NULL, NULL)", "openssl/ssl.h")
136
+ have_func("SSL_CTX_set_ecdh_auto(NULL, 0)", "openssl/ssl.h")
137
+ have_func("SSL_get_server_tmp_key(NULL, NULL)", "openssl/ssl.h")
122
138
  have_func("SSL_is_server")
123
139
 
124
140
  # added in 1.1.0
@@ -134,9 +150,9 @@ have_func("EVP_MD_CTX_new")
134
150
  have_func("EVP_MD_CTX_free")
135
151
  have_func("HMAC_CTX_new")
136
152
  have_func("HMAC_CTX_free")
137
- OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
138
153
  have_func("X509_STORE_get_ex_data")
139
154
  have_func("X509_STORE_set_ex_data")
155
+ have_func("X509_STORE_get_ex_new_index")
140
156
  have_func("X509_CRL_get0_signature")
141
157
  have_func("X509_REQ_get0_signature")
142
158
  have_func("X509_REVOKED_get0_serialNumber")
@@ -152,12 +168,20 @@ have_func("X509_CRL_up_ref")
152
168
  have_func("X509_STORE_up_ref")
153
169
  have_func("SSL_SESSION_up_ref")
154
170
  have_func("EVP_PKEY_up_ref")
155
- OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed
156
- OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
171
+ have_func("SSL_CTX_set_tmp_ecdh_callback(NULL, NULL)", "openssl/ssl.h") # removed
172
+ have_func("SSL_CTX_set_min_proto_version(NULL, 0)", "openssl/ssl.h")
157
173
  have_func("SSL_CTX_get_security_level")
158
174
  have_func("X509_get0_notBefore")
159
175
  have_func("SSL_SESSION_get_protocol_version")
176
+ have_func("TS_STATUS_INFO_get0_status")
177
+ have_func("TS_STATUS_INFO_get0_text")
178
+ have_func("TS_STATUS_INFO_get0_failure_info")
179
+ have_func("TS_VERIFY_CTS_set_certs")
180
+ have_func("TS_VERIFY_CTX_set_store")
181
+ have_func("TS_VERIFY_CTX_add_flags")
182
+ have_func("TS_RESP_CTX_set_time_cb")
160
183
  have_func("EVP_PBE_scrypt")
184
+ have_func("SSL_CTX_set_post_handshake_auth")
161
185
 
162
186
  Logging::message "=== Checking done. ===\n"
163
187
 
@@ -72,6 +72,9 @@ void ossl_HMAC_CTX_free(HMAC_CTX *);
72
72
  #if !defined(HAVE_X509_STORE_SET_EX_DATA)
73
73
  # define X509_STORE_set_ex_data(x, idx, data) \
74
74
  CRYPTO_set_ex_data(&(x)->ex_data, (idx), (data))
75
+ #endif
76
+
77
+ #if !defined(HAVE_X509_STORE_GET_EX_NEW_INDEX) && !defined(X509_STORE_get_ex_new_index)
75
78
  # define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
76
79
  CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, (l), (p), \
77
80
  (newf), (dupf), (freef))
@@ -144,12 +147,13 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
144
147
  CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY);
145
148
  #endif
146
149
 
147
- #if !defined(HAVE_OPAQUE_OPENSSL)
150
+ #if !defined(HAVE_OPAQUE_OPENSSL) && \
151
+ (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL)
148
152
  #define IMPL_PKEY_GETTER(_type, _name) \
149
153
  static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
150
154
  return pkey->pkey._name; }
151
155
  #define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
152
- static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
156
+ static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
153
157
  if (a1) *a1 = obj->a1; \
154
158
  if (a2) *a2 = obj->a2; } \
155
159
  static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
@@ -158,7 +162,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
158
162
  BN_clear_free(obj->a2); obj->a2 = a2; \
159
163
  return 1; }
160
164
  #define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
161
- static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
165
+ static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
162
166
  if (a1) *a1 = obj->a1; \
163
167
  if (a2) *a2 = obj->a2; \
164
168
  if (a3) *a3 = obj->a3; } \
@@ -185,7 +189,7 @@ IMPL_KEY_ACCESSOR3(DSA, pqg, p, q, g, (p == obj->p || q == obj->q || g == obj->g
185
189
  #if !defined(OPENSSL_NO_DH)
186
190
  IMPL_PKEY_GETTER(DH, dh)
187
191
  IMPL_KEY_ACCESSOR2(DH, key, pub_key, priv_key, (pub_key == obj->pub_key || (obj->priv_key && priv_key == obj->priv_key)))
188
- IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || obj->q && q == obj->q || g == obj->g))
192
+ IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || (obj->q && q == obj->q) || g == obj->g))
189
193
  static inline ENGINE *DH_get0_engine(DH *dh) { return dh->engine; }
190
194
  #endif
191
195
 
@@ -219,4 +223,35 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
219
223
  # define SSL_SESSION_get_protocol_version(s) ((s)->ssl_version)
220
224
  #endif
221
225
 
226
+ #if !defined(HAVE_TS_STATUS_INFO_GET0_STATUS)
227
+ # define TS_STATUS_INFO_get0_status(a) ((a)->status)
228
+ #endif
229
+
230
+ #if !defined(HAVE_TS_STATUS_INFO_GET0_TEXT)
231
+ # define TS_STATUS_INFO_get0_text(a) ((a)->text)
232
+ #endif
233
+
234
+ #if !defined(HAVE_TS_STATUS_INFO_GET0_FAILURE_INFO)
235
+ # define TS_STATUS_INFO_get0_failure_info(a) ((a)->failure_info)
236
+ #endif
237
+
238
+ #if !defined(HAVE_TS_VERIFY_CTS_SET_CERTS)
239
+ # define TS_VERIFY_CTS_set_certs(ctx, crts) ((ctx)->certs=(crts))
240
+ #endif
241
+
242
+ #if !defined(HAVE_TS_VERIFY_CTX_SET_STORE)
243
+ # define TS_VERIFY_CTX_set_store(ctx, str) ((ctx)->store=(str))
244
+ #endif
245
+
246
+ #if !defined(HAVE_TS_VERIFY_CTX_ADD_FLAGS)
247
+ # define TS_VERIFY_CTX_add_flags(ctx, f) ((ctx)->flags |= (f))
248
+ #endif
249
+
250
+ #if !defined(HAVE_TS_RESP_CTX_SET_TIME_CB)
251
+ # define TS_RESP_CTX_set_time_cb(ctx, callback, dta) do { \
252
+ (ctx)->time_cb = (callback); \
253
+ (ctx)->time_cb_data = (dta); \
254
+ } while (0)
255
+ #endif
256
+
222
257
  #endif /* _OSSL_OPENSSL_MISSING_H_ */