openssl 2.1.1 → 2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +9 -7
- data/History.md +165 -0
- data/README.md +2 -2
- data/ext/openssl/extconf.rb +51 -27
- data/ext/openssl/openssl_missing.h +39 -4
- data/ext/openssl/ossl.c +61 -27
- data/ext/openssl/ossl.h +8 -5
- data/ext/openssl/ossl_asn1.c +27 -1
- data/ext/openssl/ossl_bn.c +92 -24
- data/ext/openssl/ossl_bn.h +2 -1
- data/ext/openssl/ossl_cipher.c +33 -24
- data/ext/openssl/ossl_digest.c +22 -53
- data/ext/openssl/ossl_engine.c +2 -12
- data/ext/openssl/ossl_hmac.c +5 -11
- data/ext/openssl/ossl_kdf.c +3 -19
- data/ext/openssl/ossl_ns_spki.c +1 -1
- data/ext/openssl/ossl_ocsp.c +6 -11
- data/ext/openssl/ossl_ocsp.h +3 -3
- data/ext/openssl/ossl_pkcs12.c +1 -0
- data/ext/openssl/ossl_pkcs7.c +4 -19
- data/ext/openssl/ossl_pkcs7.h +16 -0
- data/ext/openssl/ossl_pkey.c +206 -17
- data/ext/openssl/ossl_pkey.h +6 -6
- data/ext/openssl/ossl_pkey_dh.c +1 -1
- data/ext/openssl/ossl_pkey_dsa.c +2 -2
- data/ext/openssl/ossl_pkey_ec.c +38 -8
- data/ext/openssl/ossl_pkey_rsa.c +17 -9
- data/ext/openssl/ossl_rand.c +2 -40
- data/ext/openssl/ossl_ssl.c +205 -75
- data/ext/openssl/ossl_ts.c +1524 -0
- data/ext/openssl/ossl_ts.h +16 -0
- data/ext/openssl/ossl_x509.c +91 -0
- data/ext/openssl/ossl_x509cert.c +2 -2
- data/ext/openssl/ossl_x509ext.c +15 -0
- data/ext/openssl/ossl_x509name.c +15 -10
- data/ext/openssl/ossl_x509store.c +40 -22
- data/lib/openssl/bn.rb +1 -1
- data/lib/openssl/buffering.rb +33 -17
- data/lib/openssl/cipher.rb +1 -1
- data/lib/openssl/config.rb +53 -26
- data/lib/openssl/digest.rb +10 -12
- data/lib/openssl/hmac.rb +13 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs5.rb +1 -1
- data/lib/openssl/pkey.rb +18 -1
- data/lib/openssl/ssl.rb +46 -7
- data/lib/openssl/version.rb +5 -0
- data/lib/openssl/x509.rb +155 -1
- data/lib/openssl.rb +25 -9
- metadata +25 -9
- data/ext/openssl/deprecation.rb +0 -23
- data/ext/openssl/ossl_version.h +0 -15
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 64981d6d16c53d08f9f88d54e28340769b26651ac6b4b1325f085b125255a60e
|
4
|
+
data.tar.gz: 5f0eff4a8e8610696fbd755c081a94793ec8c28384adb167a22ffe910a3f662e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 02d5dd3dc0c04f98b25a24c00eb2a5bbad34ff0688c7a0e3c331c3c33e7d1662fcceef4d38f6d02d1fe2dc8e711f8232512731e1c3e6bfcf793f4993b0eb8071
|
7
|
+
data.tar.gz: 06c1a0f3aab1e27d3b5898652789ff299d53f30464b67e4bc015895d15ef3af70503cf79320af2061bee768b9671e2a1268e3133e66018b60aa76f6ca86a26d6
|
data/CONTRIBUTING.md
CHANGED
@@ -12,12 +12,14 @@ If you think you found a bug, file a ticket on GitHub. Please DO NOT report
|
|
12
12
|
security issues here, there is a separate procedure which is described on
|
13
13
|
["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
|
14
14
|
|
15
|
-
When reporting a bug, please make sure you include
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
15
|
+
When reporting a bug, please make sure you include:
|
16
|
+
* Ruby version
|
17
|
+
* OpenSSL gem version
|
18
|
+
* OpenSSL library version
|
19
|
+
* A sample file that illustrates the problem or link to the repository or
|
20
|
+
gem that is associated with the bug.
|
21
|
+
|
22
|
+
There are a number of unresolved issues and feature requests for openssl that
|
21
23
|
need review. Before submitting a new ticket, it is recommended to check
|
22
24
|
[known issues] and [bugs.ruby-lang.org], the previous issue tracker.
|
23
25
|
|
@@ -78,7 +80,7 @@ $ docker-compose run debug
|
|
78
80
|
```
|
79
81
|
|
80
82
|
All possible values for `RUBY_VERSION` and `OPENSSL_VERSION` can be found in
|
81
|
-
[
|
83
|
+
[`test.yml`](https://github.com/ruby/openssl/tree/master/.github/workflows/test.yml).
|
82
84
|
|
83
85
|
**NOTE**: these commands must be run from the openssl repository root, in order
|
84
86
|
to use the
|
data/History.md
CHANGED
@@ -1,3 +1,145 @@
|
|
1
|
+
Version 2.2.1
|
2
|
+
=============
|
3
|
+
|
4
|
+
Merged changes in 2.1.3. Additionally, the following issues are fixed by this
|
5
|
+
release.
|
6
|
+
|
7
|
+
Bug fixes
|
8
|
+
---------
|
9
|
+
|
10
|
+
* Fix crash in `OpenSSL::Timestamp::{Request,Response,TokenInfo}.new` when
|
11
|
+
invalid arguments are given.
|
12
|
+
[[GitHub #407]](https://github.com/ruby/openssl/pull/407)
|
13
|
+
* Fix `OpenSSL::Timestamp::Factory#create_timestamp` with LibreSSL on platforms
|
14
|
+
where `time_t` has a different size from `long`.
|
15
|
+
[[GitHub #454]](https://github.com/ruby/openssl/pull/454)
|
16
|
+
|
17
|
+
|
18
|
+
Version 2.2.0
|
19
|
+
=============
|
20
|
+
|
21
|
+
Compatibility notes
|
22
|
+
-------------------
|
23
|
+
|
24
|
+
* Remove unsupported MDC2, DSS, DSS1, and SHA algorithms.
|
25
|
+
* Remove `OpenSSL::PKCS7::SignerInfo#name` alias for `#issuer`.
|
26
|
+
[[GitHub #266]](https://github.com/ruby/openssl/pull/266)
|
27
|
+
* Deprecate `OpenSSL::Config#add_value` and `#[]=` for future removal.
|
28
|
+
[[GitHub #322]](https://github.com/ruby/openssl/pull/322)
|
29
|
+
|
30
|
+
|
31
|
+
Notable changes
|
32
|
+
---------------
|
33
|
+
|
34
|
+
* Change default `OpenSSL::SSL::SSLServer#listen` backlog argument from
|
35
|
+
5 to `Socket::SOMAXCONN`.
|
36
|
+
[[GitHub #286]](https://github.com/ruby/openssl/issues/286)
|
37
|
+
* Make `OpenSSL::HMAC#==` use a timing safe string comparison.
|
38
|
+
[[GitHub #284]](https://github.com/ruby/openssl/pull/284)
|
39
|
+
* Add support for SHA3 and BLAKE digests.
|
40
|
+
[[GitHub #282]](https://github.com/ruby/openssl/pull/282)
|
41
|
+
* Add `OpenSSL::SSL::SSLSocket.open` for opening a `TCPSocket` and
|
42
|
+
returning an `OpenSSL::SSL::SSLSocket` for it.
|
43
|
+
[[GitHub #225]](https://github.com/ruby/openssl/issues/225)
|
44
|
+
* Support marshalling of `OpenSSL::X509` and `OpenSSL::PKey` objects.
|
45
|
+
[[GitHub #281]](https://github.com/ruby/openssl/pull/281)
|
46
|
+
[[GitHub #363]](https://github.com/ruby/openssl/pull/363)
|
47
|
+
* Add `OpenSSL.secure_compare` for timing safe string comparison for
|
48
|
+
strings of possibly unequal length.
|
49
|
+
[[GitHub #280]](https://github.com/ruby/openssl/pull/280)
|
50
|
+
* Add `OpenSSL.fixed_length_secure_compare` for timing safe string
|
51
|
+
comparison for strings of equal length.
|
52
|
+
[[GitHub #269]](https://github.com/ruby/openssl/pull/269)
|
53
|
+
* Add `OpenSSL::SSL::SSLSocket#{finished_message,peer_finished_message}`
|
54
|
+
for last finished message sent and received.
|
55
|
+
[[GitHub #250]](https://github.com/ruby/openssl/pull/250)
|
56
|
+
* Add `OpenSSL::Timestamp` module for handing timestamp requests and
|
57
|
+
responses.
|
58
|
+
[[GitHub #204]](https://github.com/ruby/openssl/pull/204)
|
59
|
+
* Add helper methods for `OpenSSL::X509::Certificate`:
|
60
|
+
`find_extension`, `subject_key_identifier`,
|
61
|
+
`authority_key_identifier`, `crl_uris`, `ca_issuer_uris` and
|
62
|
+
`ocsp_uris`, and for `OpenSSL::X509::CRL`:
|
63
|
+
`find_extension` and `subject_key_identifier`.
|
64
|
+
[[GitHub #260]](https://github.com/ruby/openssl/pull/260)
|
65
|
+
[[GitHub #275]](https://github.com/ruby/openssl/pull/275)
|
66
|
+
[[GitHub #293]](https://github.com/ruby/openssl/pull/293)
|
67
|
+
* Add `OpenSSL::ECPoint#add` for performing elliptic curve point addition.
|
68
|
+
[[GitHub #261]](https://github.com/ruby/openssl/pull/261)
|
69
|
+
* Make `OpenSSL::PKey::RSA#{export,to_der}` check `key`, `factors`, and
|
70
|
+
`crt_params` to do proper private key serialization.
|
71
|
+
[[GitHub #258]](https://github.com/ruby/openssl/pull/258)
|
72
|
+
* Add `OpenSSL::SSL::{SSLSocket,SSLServer}#fileno`, returning the
|
73
|
+
underlying socket file descriptor number.
|
74
|
+
[[GitHub #247]](https://github.com/ruby/openssl/pull/247)
|
75
|
+
* Support client certificates with TLS 1.3, and support post-handshake
|
76
|
+
authentication with OpenSSL 1.1.1+.
|
77
|
+
[[GitHub #239]](https://github.com/ruby/openssl/pull/239)
|
78
|
+
* Add `OpenSSL::ASN1::ObjectId#==` for equality testing.
|
79
|
+
* Add `OpenSSL::X509::Extension#value_der` for the raw value of
|
80
|
+
the extension.
|
81
|
+
[[GitHub #234]](https://github.com/ruby/openssl/pull/234)
|
82
|
+
* Significantly reduce allocated memory in `OpenSSL::Buffering#do_write`.
|
83
|
+
[[GitHub #212]](https://github.com/ruby/openssl/pull/212)
|
84
|
+
* Ensure all valid IPv6 addresses are considered valid as elements
|
85
|
+
of subjectAlternativeName in certificates.
|
86
|
+
[[GitHub #185]](https://github.com/ruby/openssl/pull/185)
|
87
|
+
* Allow recipient's certificate to be omitted in PCKS7#decrypt.
|
88
|
+
[[GitHub #183]](https://github.com/ruby/openssl/pull/183)
|
89
|
+
* Add support for reading keys in PKCS #8 format and export via instance methods
|
90
|
+
added to `OpenSSL::PKey` classes: `private_to_der`, `private_to_pem`,
|
91
|
+
`public_to_der` and `public_to_pem`.
|
92
|
+
[[GitHub #297]](https://github.com/ruby/openssl/pull/297)
|
93
|
+
|
94
|
+
|
95
|
+
Version 2.1.3
|
96
|
+
=============
|
97
|
+
|
98
|
+
Bug fixes
|
99
|
+
---------
|
100
|
+
|
101
|
+
* Fix deprecation warnings on Ruby 3.0.
|
102
|
+
* Add ".include" directive support in `OpenSSL::Config`.
|
103
|
+
[[GitHub #216]](https://github.com/ruby/openssl/pull/216)
|
104
|
+
* Fix handling of IPv6 address SANs.
|
105
|
+
[[GitHub #185]](https://github.com/ruby/openssl/pull/185)
|
106
|
+
* Hostname verification failure with `OpenSSL::SSL::SSLContext#verify_hostname=`
|
107
|
+
sets a proper error code.
|
108
|
+
[[GitHub #350]](https://github.com/ruby/openssl/pull/350)
|
109
|
+
* Fix crash with `OpenSSL::BN.new(nil, 2)`.
|
110
|
+
[[Bug #15760]](https://bugs.ruby-lang.org/issues/15760)
|
111
|
+
* `OpenSSL::SSL::SSLSocket#sys{read,write}` prevent internal string buffers from
|
112
|
+
being modified by another thread.
|
113
|
+
[[GitHub #453]](https://github.com/ruby/openssl/pull/453)
|
114
|
+
* Fix misuse of input record separator in `OpenSSL::Buffering` where it was
|
115
|
+
for output.
|
116
|
+
* Fix wrong interger casting in `OpenSSL::PKey::EC#dsa_verify_asn1`.
|
117
|
+
[[GitHub #460]](https://github.com/ruby/openssl/pull/460)
|
118
|
+
* `extconf.rb` explicitly checks that OpenSSL's version number is 1.0.1 or
|
119
|
+
newer but also less than 3.0. Ruby/OpenSSL v2.1.x and v2.2.x will not support
|
120
|
+
OpenSSL 3.0 API.
|
121
|
+
[[GitHub #458]](https://github.com/ruby/openssl/pull/458)
|
122
|
+
* Activate `digest` gem correctly. `digest` library could go into an
|
123
|
+
inconsistent state if there are multiple versions of `digest` is installed
|
124
|
+
and `openssl` is `require`d before `digest`.
|
125
|
+
[[GitHub #463]](https://github.com/ruby/openssl/pull/463)
|
126
|
+
* Fix GC.compact compatibility.
|
127
|
+
[[GitHub #464]](https://github.com/ruby/openssl/issues/464)
|
128
|
+
[[GitHub #465]](https://github.com/ruby/openssl/pull/465)
|
129
|
+
|
130
|
+
|
131
|
+
Version 2.1.2
|
132
|
+
=============
|
133
|
+
|
134
|
+
Merged changes in 2.0.9.
|
135
|
+
|
136
|
+
|
137
|
+
Version 2.1.1
|
138
|
+
=============
|
139
|
+
|
140
|
+
Merged changes in 2.0.8.
|
141
|
+
|
142
|
+
|
1
143
|
Version 2.1.0
|
2
144
|
=============
|
3
145
|
|
@@ -55,6 +197,29 @@ Notable changes
|
|
55
197
|
[[GitHub #177]](https://github.com/ruby/openssl/pull/177)
|
56
198
|
|
57
199
|
|
200
|
+
Version 2.0.9
|
201
|
+
=============
|
202
|
+
|
203
|
+
Security fixes
|
204
|
+
--------------
|
205
|
+
|
206
|
+
* OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
|
207
|
+
objects. CVE-2018-16395 is assigned for this issue.
|
208
|
+
https://hackerone.com/reports/387250
|
209
|
+
|
210
|
+
Bug fixes
|
211
|
+
---------
|
212
|
+
|
213
|
+
* Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
|
214
|
+
interrupted.
|
215
|
+
[[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
|
216
|
+
[[GitHub #205]](https://github.com/ruby/openssl/pull/205)
|
217
|
+
* Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
|
218
|
+
called against an empty instance.
|
219
|
+
[[GitHub #200]](https://github.com/ruby/openssl/issues/200)
|
220
|
+
[[GitHub #211]](https://github.com/ruby/openssl/pull/211)
|
221
|
+
|
222
|
+
|
58
223
|
Version 2.0.8
|
59
224
|
=============
|
60
225
|
|
data/README.md
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
# OpenSSL for Ruby
|
2
2
|
|
3
|
-
[](https://github.com/ruby/openssl/actions?workflow=CI)
|
4
|
+
|
5
5
|
|
6
6
|
OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the
|
7
7
|
OpenSSL library.
|
data/ext/openssl/extconf.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
# -*- coding: us-ascii -*-
|
2
|
-
# frozen_string_literal:
|
2
|
+
# frozen_string_literal: true
|
3
3
|
=begin
|
4
4
|
= Info
|
5
5
|
'OpenSSL for Ruby 2' project
|
@@ -12,16 +12,12 @@
|
|
12
12
|
=end
|
13
13
|
|
14
14
|
require "mkmf"
|
15
|
-
require File.expand_path('../deprecation', __FILE__)
|
16
15
|
|
17
16
|
dir_config("openssl")
|
18
17
|
dir_config("kerberos")
|
19
18
|
|
20
19
|
Logging::message "=== OpenSSL for Ruby configurator ===\n"
|
21
20
|
|
22
|
-
# Add -Werror=deprecated-declarations to $warnflags if available
|
23
|
-
OpenSSL.deprecated_warning_flag
|
24
|
-
|
25
21
|
##
|
26
22
|
# Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
|
27
23
|
# To turn it on, use: --with-debug or --enable-debug
|
@@ -33,9 +29,15 @@ end
|
|
33
29
|
Logging::message "=== Checking for system dependent stuff... ===\n"
|
34
30
|
have_library("nsl", "t_open")
|
35
31
|
have_library("socket", "socket")
|
32
|
+
if $mswin || $mingw
|
33
|
+
have_library("ws2_32")
|
34
|
+
end
|
36
35
|
|
37
|
-
|
38
|
-
|
36
|
+
if $mingw
|
37
|
+
append_cflags '-D_FORTIFY_SOURCE=2'
|
38
|
+
append_ldflags '-fstack-protector'
|
39
|
+
have_library 'ssp'
|
40
|
+
end
|
39
41
|
|
40
42
|
def find_openssl_library
|
41
43
|
if $mswin || $mingw
|
@@ -87,28 +89,42 @@ def find_openssl_library
|
|
87
89
|
return false
|
88
90
|
end
|
89
91
|
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
92
|
+
Logging::message "=== Checking for required stuff... ===\n"
|
93
|
+
pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h")
|
94
|
+
|
95
|
+
if !pkg_config_found && !find_openssl_library
|
96
|
+
Logging::message "=== Checking for required stuff failed. ===\n"
|
97
|
+
Logging::message "Makefile wasn't created. Fix the errors above.\n"
|
98
|
+
raise "OpenSSL library could not be found. You might want to use " \
|
99
|
+
"--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
|
100
|
+
"is installed."
|
101
|
+
end
|
102
|
+
|
103
|
+
version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
|
104
|
+
is_libressl = true
|
105
|
+
checking_for("LibreSSL version >= 2.5.0") {
|
106
|
+
try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x20500000L", "openssl/opensslv.h") }
|
107
|
+
else
|
108
|
+
checking_for("OpenSSL version >= 1.0.1 and < 3.0.0") {
|
109
|
+
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") &&
|
110
|
+
!try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") }
|
111
|
+
end
|
112
|
+
unless version_ok
|
113
|
+
raise "OpenSSL >= 1.0.1, < 3.0.0 or LibreSSL >= 2.5.0 is required"
|
98
114
|
end
|
99
115
|
|
100
|
-
|
101
|
-
|
102
|
-
|
116
|
+
# Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
|
117
|
+
if is_libressl && ($mswin || $mingw)
|
118
|
+
$defs.push("-DNOCRYPT")
|
103
119
|
end
|
104
120
|
|
105
121
|
Logging::message "=== Checking for OpenSSL features... ===\n"
|
106
122
|
# compile options
|
107
123
|
have_func("RAND_egd")
|
108
|
-
engines = %w{
|
109
|
-
cswift nuron sureware ubsec padlock capi gmp gost cryptodev
|
124
|
+
engines = %w{dynamic 4758cca aep atalla chil
|
125
|
+
cswift nuron sureware ubsec padlock capi gmp gost cryptodev}
|
110
126
|
engines.each { |name|
|
111
|
-
|
127
|
+
have_func("ENGINE_load_#{name}()", "openssl/engine.h")
|
112
128
|
}
|
113
129
|
|
114
130
|
# added in 1.0.2
|
@@ -116,9 +132,9 @@ have_func("EC_curve_nist2nid")
|
|
116
132
|
have_func("X509_REVOKED_dup")
|
117
133
|
have_func("X509_STORE_CTX_get0_store")
|
118
134
|
have_func("SSL_CTX_set_alpn_select_cb")
|
119
|
-
|
120
|
-
|
121
|
-
|
135
|
+
have_func("SSL_CTX_set1_curves_list(NULL, NULL)", "openssl/ssl.h")
|
136
|
+
have_func("SSL_CTX_set_ecdh_auto(NULL, 0)", "openssl/ssl.h")
|
137
|
+
have_func("SSL_get_server_tmp_key(NULL, NULL)", "openssl/ssl.h")
|
122
138
|
have_func("SSL_is_server")
|
123
139
|
|
124
140
|
# added in 1.1.0
|
@@ -134,9 +150,9 @@ have_func("EVP_MD_CTX_new")
|
|
134
150
|
have_func("EVP_MD_CTX_free")
|
135
151
|
have_func("HMAC_CTX_new")
|
136
152
|
have_func("HMAC_CTX_free")
|
137
|
-
OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
|
138
153
|
have_func("X509_STORE_get_ex_data")
|
139
154
|
have_func("X509_STORE_set_ex_data")
|
155
|
+
have_func("X509_STORE_get_ex_new_index")
|
140
156
|
have_func("X509_CRL_get0_signature")
|
141
157
|
have_func("X509_REQ_get0_signature")
|
142
158
|
have_func("X509_REVOKED_get0_serialNumber")
|
@@ -152,12 +168,20 @@ have_func("X509_CRL_up_ref")
|
|
152
168
|
have_func("X509_STORE_up_ref")
|
153
169
|
have_func("SSL_SESSION_up_ref")
|
154
170
|
have_func("EVP_PKEY_up_ref")
|
155
|
-
|
156
|
-
|
171
|
+
have_func("SSL_CTX_set_tmp_ecdh_callback(NULL, NULL)", "openssl/ssl.h") # removed
|
172
|
+
have_func("SSL_CTX_set_min_proto_version(NULL, 0)", "openssl/ssl.h")
|
157
173
|
have_func("SSL_CTX_get_security_level")
|
158
174
|
have_func("X509_get0_notBefore")
|
159
175
|
have_func("SSL_SESSION_get_protocol_version")
|
176
|
+
have_func("TS_STATUS_INFO_get0_status")
|
177
|
+
have_func("TS_STATUS_INFO_get0_text")
|
178
|
+
have_func("TS_STATUS_INFO_get0_failure_info")
|
179
|
+
have_func("TS_VERIFY_CTS_set_certs")
|
180
|
+
have_func("TS_VERIFY_CTX_set_store")
|
181
|
+
have_func("TS_VERIFY_CTX_add_flags")
|
182
|
+
have_func("TS_RESP_CTX_set_time_cb")
|
160
183
|
have_func("EVP_PBE_scrypt")
|
184
|
+
have_func("SSL_CTX_set_post_handshake_auth")
|
161
185
|
|
162
186
|
Logging::message "=== Checking done. ===\n"
|
163
187
|
|
@@ -72,6 +72,9 @@ void ossl_HMAC_CTX_free(HMAC_CTX *);
|
|
72
72
|
#if !defined(HAVE_X509_STORE_SET_EX_DATA)
|
73
73
|
# define X509_STORE_set_ex_data(x, idx, data) \
|
74
74
|
CRYPTO_set_ex_data(&(x)->ex_data, (idx), (data))
|
75
|
+
#endif
|
76
|
+
|
77
|
+
#if !defined(HAVE_X509_STORE_GET_EX_NEW_INDEX) && !defined(X509_STORE_get_ex_new_index)
|
75
78
|
# define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
|
76
79
|
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, (l), (p), \
|
77
80
|
(newf), (dupf), (freef))
|
@@ -144,12 +147,13 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
|
|
144
147
|
CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY);
|
145
148
|
#endif
|
146
149
|
|
147
|
-
#if !defined(HAVE_OPAQUE_OPENSSL)
|
150
|
+
#if !defined(HAVE_OPAQUE_OPENSSL) && \
|
151
|
+
(!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
148
152
|
#define IMPL_PKEY_GETTER(_type, _name) \
|
149
153
|
static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
|
150
154
|
return pkey->pkey._name; }
|
151
155
|
#define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
|
152
|
-
static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
|
156
|
+
static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
|
153
157
|
if (a1) *a1 = obj->a1; \
|
154
158
|
if (a2) *a2 = obj->a2; } \
|
155
159
|
static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
|
@@ -158,7 +162,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
|
|
158
162
|
BN_clear_free(obj->a2); obj->a2 = a2; \
|
159
163
|
return 1; }
|
160
164
|
#define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
|
161
|
-
static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
|
165
|
+
static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
|
162
166
|
if (a1) *a1 = obj->a1; \
|
163
167
|
if (a2) *a2 = obj->a2; \
|
164
168
|
if (a3) *a3 = obj->a3; } \
|
@@ -185,7 +189,7 @@ IMPL_KEY_ACCESSOR3(DSA, pqg, p, q, g, (p == obj->p || q == obj->q || g == obj->g
|
|
185
189
|
#if !defined(OPENSSL_NO_DH)
|
186
190
|
IMPL_PKEY_GETTER(DH, dh)
|
187
191
|
IMPL_KEY_ACCESSOR2(DH, key, pub_key, priv_key, (pub_key == obj->pub_key || (obj->priv_key && priv_key == obj->priv_key)))
|
188
|
-
IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || obj->q && q == obj->q || g == obj->g))
|
192
|
+
IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || (obj->q && q == obj->q) || g == obj->g))
|
189
193
|
static inline ENGINE *DH_get0_engine(DH *dh) { return dh->engine; }
|
190
194
|
#endif
|
191
195
|
|
@@ -219,4 +223,35 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
|
|
219
223
|
# define SSL_SESSION_get_protocol_version(s) ((s)->ssl_version)
|
220
224
|
#endif
|
221
225
|
|
226
|
+
#if !defined(HAVE_TS_STATUS_INFO_GET0_STATUS)
|
227
|
+
# define TS_STATUS_INFO_get0_status(a) ((a)->status)
|
228
|
+
#endif
|
229
|
+
|
230
|
+
#if !defined(HAVE_TS_STATUS_INFO_GET0_TEXT)
|
231
|
+
# define TS_STATUS_INFO_get0_text(a) ((a)->text)
|
232
|
+
#endif
|
233
|
+
|
234
|
+
#if !defined(HAVE_TS_STATUS_INFO_GET0_FAILURE_INFO)
|
235
|
+
# define TS_STATUS_INFO_get0_failure_info(a) ((a)->failure_info)
|
236
|
+
#endif
|
237
|
+
|
238
|
+
#if !defined(HAVE_TS_VERIFY_CTS_SET_CERTS)
|
239
|
+
# define TS_VERIFY_CTS_set_certs(ctx, crts) ((ctx)->certs=(crts))
|
240
|
+
#endif
|
241
|
+
|
242
|
+
#if !defined(HAVE_TS_VERIFY_CTX_SET_STORE)
|
243
|
+
# define TS_VERIFY_CTX_set_store(ctx, str) ((ctx)->store=(str))
|
244
|
+
#endif
|
245
|
+
|
246
|
+
#if !defined(HAVE_TS_VERIFY_CTX_ADD_FLAGS)
|
247
|
+
# define TS_VERIFY_CTX_add_flags(ctx, f) ((ctx)->flags |= (f))
|
248
|
+
#endif
|
249
|
+
|
250
|
+
#if !defined(HAVE_TS_RESP_CTX_SET_TIME_CB)
|
251
|
+
# define TS_RESP_CTX_set_time_cb(ctx, callback, dta) do { \
|
252
|
+
(ctx)->time_cb = (callback); \
|
253
|
+
(ctx)->time_cb_data = (dta); \
|
254
|
+
} while (0)
|
255
|
+
#endif
|
256
|
+
|
222
257
|
#endif /* _OSSL_OPENSSL_MISSING_H_ */
|