openssl 2.2.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +33 -45
  3. data/History.md +300 -0
  4. data/README.md +36 -19
  5. data/ext/openssl/extconf.rb +119 -79
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +26 -45
  8. data/ext/openssl/ossl.c +131 -233
  9. data/ext/openssl/ossl.h +31 -12
  10. data/ext/openssl/ossl_asn1.c +26 -13
  11. data/ext/openssl/ossl_bn.c +279 -143
  12. data/ext/openssl/ossl_bn.h +2 -1
  13. data/ext/openssl/ossl_cipher.c +13 -14
  14. data/ext/openssl/ossl_config.c +412 -41
  15. data/ext/openssl/ossl_config.h +4 -7
  16. data/ext/openssl/ossl_digest.c +16 -12
  17. data/ext/openssl/ossl_engine.c +17 -16
  18. data/ext/openssl/ossl_hmac.c +57 -136
  19. data/ext/openssl/ossl_kdf.c +12 -4
  20. data/ext/openssl/ossl_ns_spki.c +1 -1
  21. data/ext/openssl/ossl_ocsp.c +11 -59
  22. data/ext/openssl/ossl_pkcs12.c +22 -4
  23. data/ext/openssl/ossl_pkcs7.c +45 -62
  24. data/ext/openssl/ossl_pkey.c +1320 -196
  25. data/ext/openssl/ossl_pkey.h +36 -73
  26. data/ext/openssl/ossl_pkey_dh.c +152 -347
  27. data/ext/openssl/ossl_pkey_dsa.c +157 -413
  28. data/ext/openssl/ossl_pkey_ec.c +227 -343
  29. data/ext/openssl/ossl_pkey_rsa.c +159 -491
  30. data/ext/openssl/ossl_provider.c +211 -0
  31. data/ext/openssl/ossl_provider.h +5 -0
  32. data/ext/openssl/ossl_ssl.c +593 -467
  33. data/ext/openssl/ossl_ssl_session.c +29 -30
  34. data/ext/openssl/ossl_ts.c +67 -42
  35. data/ext/openssl/ossl_x509.c +0 -6
  36. data/ext/openssl/ossl_x509attr.c +1 -1
  37. data/ext/openssl/ossl_x509cert.c +168 -12
  38. data/ext/openssl/ossl_x509crl.c +14 -11
  39. data/ext/openssl/ossl_x509ext.c +14 -9
  40. data/ext/openssl/ossl_x509name.c +10 -3
  41. data/ext/openssl/ossl_x509req.c +14 -11
  42. data/ext/openssl/ossl_x509revoked.c +4 -4
  43. data/ext/openssl/ossl_x509store.c +204 -94
  44. data/lib/openssl/buffering.rb +10 -4
  45. data/lib/openssl/digest.rb +1 -5
  46. data/lib/openssl/hmac.rb +65 -0
  47. data/lib/openssl/pkey.rb +429 -0
  48. data/lib/openssl/ssl.rb +23 -18
  49. data/lib/openssl/version.rb +1 -1
  50. data/lib/openssl/x509.rb +22 -0
  51. data/lib/openssl.rb +0 -1
  52. metadata +13 -68
  53. data/ext/openssl/ruby_missing.h +0 -24
  54. data/lib/openssl/config.rb +0 -501
@@ -13,18 +13,42 @@
13
13
 
14
14
  require "mkmf"
15
15
 
16
- dir_config("openssl")
16
+ ssl_dirs = nil
17
+ if defined?(::TruffleRuby)
18
+ # Always respect the openssl prefix chosen by truffle/openssl-prefix
19
+ require 'truffle/openssl-prefix'
20
+ ssl_dirs = dir_config("openssl", ENV["OPENSSL_PREFIX"])
21
+ else
22
+ ssl_dirs = dir_config("openssl")
23
+ end
24
+ dir_config_given = ssl_dirs.any?
25
+
26
+ _, ssl_ldir = ssl_dirs
27
+ if ssl_ldir&.split(File::PATH_SEPARATOR)&.none? { |dir| File.directory?(dir) }
28
+ # According to the `mkmf.rb#dir_config`, the `--with-openssl-dir=<dir>` uses
29
+ # the value of the `File.basename(RbConfig::MAKEFILE_CONFIG["libdir"])` as a
30
+ # loaded library directory name.
31
+ ruby_ldir_name = File.basename(RbConfig::MAKEFILE_CONFIG["libdir"])
32
+
33
+ raise "OpenSSL library directory could not be found in '#{ssl_ldir}'. " \
34
+ "You might want to fix this error in one of the following ways.\n" \
35
+ " * Recompile OpenSSL by configuring it with --libdir=#{ruby_ldir_name} " \
36
+ " to specify the OpenSSL library directory.\n" \
37
+ " * Recompile Ruby by configuring it with --libdir=<dir> to specify the " \
38
+ "Ruby library directory.\n" \
39
+ " * Compile this openssl gem with --with-openssl-include=<dir> and " \
40
+ "--with-openssl-lib=<dir> options to specify the OpenSSL include and " \
41
+ "library directories."
42
+ end
43
+
17
44
  dir_config("kerberos")
18
45
 
19
46
  Logging::message "=== OpenSSL for Ruby configurator ===\n"
20
47
 
21
- ##
22
- # Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
23
- # To turn it on, use: --with-debug or --enable-debug
24
- #
25
- if with_config("debug") or enable_config("debug")
26
- $defs.push("-DOSSL_DEBUG")
27
- end
48
+ $defs.push("-D""OPENSSL_SUPPRESS_DEPRECATED")
49
+
50
+ have_func("rb_io_descriptor")
51
+ have_func("rb_io_maybe_wait(0, Qnil, Qnil, Qnil)", "ruby/io.h") # Ruby 3.1
28
52
 
29
53
  Logging::message "=== Checking for system dependent stuff... ===\n"
30
54
  have_library("nsl", "t_open")
@@ -33,9 +57,6 @@ if $mswin || $mingw
33
57
  have_library("ws2_32")
34
58
  end
35
59
 
36
- Logging::message "=== Checking for required stuff... ===\n"
37
- result = pkg_config("openssl") && have_header("openssl/ssl.h")
38
-
39
60
  if $mingw
40
61
  append_cflags '-D_FORTIFY_SOURCE=2'
41
62
  append_ldflags '-fstack-protector'
@@ -92,92 +113,111 @@ def find_openssl_library
92
113
  return false
93
114
  end
94
115
 
95
- unless result
96
- unless find_openssl_library
97
- Logging::message "=== Checking for required stuff failed. ===\n"
98
- Logging::message "Makefile wasn't created. Fix the errors above.\n"
99
- raise "OpenSSL library could not be found. You might want to use " \
100
- "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
101
- "is installed."
102
- end
116
+ Logging::message "=== Checking for required stuff... ===\n"
117
+ pkg_config_found = !dir_config_given && pkg_config("openssl") && have_header("openssl/ssl.h")
118
+
119
+ if !pkg_config_found && !find_openssl_library
120
+ Logging::message "=== Checking for required stuff failed. ===\n"
121
+ Logging::message "Makefile wasn't created. Fix the errors above.\n"
122
+ raise "OpenSSL library could not be found. You might want to use " \
123
+ "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
124
+ "is installed."
103
125
  end
104
126
 
105
- unless checking_for("OpenSSL version is 1.0.1 or later") {
106
- try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") }
107
- raise "OpenSSL >= 1.0.1 or LibreSSL is required"
127
+ version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
128
+ is_libressl = true
129
+ checking_for("LibreSSL version >= 3.1.0") {
130
+ try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x30100000L", "openssl/opensslv.h") }
131
+ else
132
+ checking_for("OpenSSL version >= 1.0.2") {
133
+ try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10002000L", "openssl/opensslv.h") }
134
+ end
135
+ unless version_ok
136
+ raise "OpenSSL >= 1.0.2 or LibreSSL >= 3.1.0 is required"
137
+ end
138
+
139
+ # Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
140
+ if is_libressl && ($mswin || $mingw)
141
+ $defs.push("-DNOCRYPT")
108
142
  end
109
143
 
110
144
  Logging::message "=== Checking for OpenSSL features... ===\n"
145
+ evp_h = "openssl/evp.h".freeze
146
+ x509_h = "openssl/x509.h".freeze
147
+ ts_h = "openssl/ts.h".freeze
148
+ ssl_h = "openssl/ssl.h".freeze
149
+
111
150
  # compile options
112
- have_func("RAND_egd")
151
+ have_func("RAND_egd()", "openssl/rand.h")
113
152
  engines = %w{dynamic 4758cca aep atalla chil
114
153
  cswift nuron sureware ubsec padlock capi gmp gost cryptodev}
115
154
  engines.each { |name|
116
155
  have_func("ENGINE_load_#{name}()", "openssl/engine.h")
117
156
  }
118
157
 
119
- if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
120
- $defs.push("-DNOCRYPT")
121
- end
122
-
123
- # added in 1.0.2
124
- have_func("EC_curve_nist2nid")
125
- have_func("X509_REVOKED_dup")
126
- have_func("X509_STORE_CTX_get0_store")
127
- have_func("SSL_CTX_set_alpn_select_cb")
128
- have_func("SSL_CTX_set1_curves_list(NULL, NULL)", "openssl/ssl.h")
129
- have_func("SSL_CTX_set_ecdh_auto(NULL, 0)", "openssl/ssl.h")
130
- have_func("SSL_get_server_tmp_key(NULL, NULL)", "openssl/ssl.h")
131
- have_func("SSL_is_server")
132
-
133
158
  # added in 1.1.0
134
- if !have_struct_member("SSL", "ctx", "openssl/ssl.h") ||
135
- try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x2070000fL", "openssl/opensslv.h")
159
+ if !have_struct_member("SSL", "ctx", "openssl/ssl.h") || is_libressl
136
160
  $defs.push("-DHAVE_OPAQUE_OPENSSL")
137
161
  end
138
- have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
139
- have_func("BN_GENCB_new")
140
- have_func("BN_GENCB_free")
141
- have_func("BN_GENCB_get_arg")
142
- have_func("EVP_MD_CTX_new")
143
- have_func("EVP_MD_CTX_free")
144
- have_func("HMAC_CTX_new")
145
- have_func("HMAC_CTX_free")
146
- have_func("X509_STORE_get_ex_data")
147
- have_func("X509_STORE_set_ex_data")
148
- have_func("X509_STORE_get_ex_new_index")
149
- have_func("X509_CRL_get0_signature")
150
- have_func("X509_REQ_get0_signature")
151
- have_func("X509_REVOKED_get0_serialNumber")
152
- have_func("X509_REVOKED_get0_revocationDate")
153
- have_func("X509_get0_tbs_sigalg")
154
- have_func("X509_STORE_CTX_get0_untrusted")
155
- have_func("X509_STORE_CTX_get0_cert")
156
- have_func("X509_STORE_CTX_get0_chain")
157
- have_func("OCSP_SINGLERESP_get0_id")
158
- have_func("SSL_CTX_get_ciphers")
159
- have_func("X509_up_ref")
160
- have_func("X509_CRL_up_ref")
161
- have_func("X509_STORE_up_ref")
162
- have_func("SSL_SESSION_up_ref")
163
- have_func("EVP_PKEY_up_ref")
164
- have_func("SSL_CTX_set_tmp_ecdh_callback(NULL, NULL)", "openssl/ssl.h") # removed
165
- have_func("SSL_CTX_set_min_proto_version(NULL, 0)", "openssl/ssl.h")
166
- have_func("SSL_CTX_get_security_level")
167
- have_func("X509_get0_notBefore")
168
- have_func("SSL_SESSION_get_protocol_version")
169
- have_func("TS_STATUS_INFO_get0_status")
170
- have_func("TS_STATUS_INFO_get0_text")
171
- have_func("TS_STATUS_INFO_get0_failure_info")
172
- have_func("TS_VERIFY_CTS_set_certs")
173
- have_func("TS_VERIFY_CTX_set_store")
174
- have_func("TS_VERIFY_CTX_add_flags")
175
- have_func("TS_RESP_CTX_set_time_cb")
176
- have_func("EVP_PBE_scrypt")
177
- have_func("SSL_CTX_set_post_handshake_auth")
162
+ have_func("EVP_MD_CTX_new()", evp_h)
163
+ have_func("EVP_MD_CTX_free(NULL)", evp_h)
164
+ have_func("EVP_MD_CTX_pkey_ctx(NULL)", evp_h)
165
+ have_func("X509_STORE_get_ex_data(NULL, 0)", x509_h)
166
+ have_func("X509_STORE_set_ex_data(NULL, 0, NULL)", x509_h)
167
+ have_func("X509_STORE_get_ex_new_index(0, NULL, NULL, NULL, NULL)", x509_h)
168
+ have_func("X509_CRL_get0_signature(NULL, NULL, NULL)", x509_h)
169
+ have_func("X509_REQ_get0_signature(NULL, NULL, NULL)", x509_h)
170
+ have_func("X509_REVOKED_get0_serialNumber(NULL)", x509_h)
171
+ have_func("X509_REVOKED_get0_revocationDate(NULL)", x509_h)
172
+ have_func("X509_get0_tbs_sigalg(NULL)", x509_h)
173
+ have_func("X509_STORE_CTX_get0_untrusted(NULL)", x509_h)
174
+ have_func("X509_STORE_CTX_get0_cert(NULL)", x509_h)
175
+ have_func("X509_STORE_CTX_get0_chain(NULL)", x509_h)
176
+ have_func("OCSP_SINGLERESP_get0_id(NULL)", "openssl/ocsp.h")
177
+ have_func("SSL_CTX_get_ciphers(NULL)", ssl_h)
178
+ have_func("X509_up_ref(NULL)", x509_h)
179
+ have_func("X509_CRL_up_ref(NULL)", x509_h)
180
+ have_func("X509_STORE_up_ref(NULL)", x509_h)
181
+ have_func("SSL_SESSION_up_ref(NULL)", ssl_h)
182
+ have_func("EVP_PKEY_up_ref(NULL)", evp_h)
183
+ have_func("SSL_CTX_set_min_proto_version(NULL, 0)", ssl_h)
184
+ have_func("SSL_CTX_get_security_level(NULL)", ssl_h)
185
+ have_func("X509_get0_notBefore(NULL)", x509_h)
186
+ have_func("SSL_SESSION_get_protocol_version(NULL)", ssl_h)
187
+ have_func("TS_STATUS_INFO_get0_status(NULL)", ts_h)
188
+ have_func("TS_STATUS_INFO_get0_text(NULL)", ts_h)
189
+ have_func("TS_STATUS_INFO_get0_failure_info(NULL)", ts_h)
190
+ have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", ts_h)
191
+ have_func("TS_VERIFY_CTX_set_store(NULL, NULL)", ts_h)
192
+ have_func("TS_VERIFY_CTX_add_flags(NULL, 0)", ts_h)
193
+ have_func("TS_RESP_CTX_set_time_cb(NULL, NULL, NULL)", ts_h)
194
+ have_func("EVP_PBE_scrypt(\"\", 0, (unsigned char *)\"\", 0, 0, 0, 0, 0, NULL, 0)", evp_h)
195
+ have_func("SSL_CTX_set_post_handshake_auth(NULL, 0)", ssl_h)
196
+
197
+ # added in 1.1.1
198
+ have_func("EVP_PKEY_check(NULL)", evp_h)
199
+ have_func("EVP_PKEY_new_raw_private_key(0, NULL, (unsigned char *)\"\", 0)", evp_h)
200
+ have_func("SSL_CTX_set_ciphersuites(NULL, \"\")", ssl_h)
201
+
202
+ # added in 3.0.0
203
+ have_func("SSL_set0_tmp_dh_pkey(NULL, NULL)", ssl_h)
204
+ have_func("ERR_get_error_all(NULL, NULL, NULL, NULL, NULL)", "openssl/err.h")
205
+ have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", ts_h)
206
+ have_func("SSL_CTX_load_verify_file(NULL, \"\")", ssl_h)
207
+ have_func("BN_check_prime(NULL, NULL, NULL)", "openssl/bn.h")
208
+ have_func("EVP_MD_CTX_get0_md(NULL)", evp_h)
209
+ have_func("EVP_MD_CTX_get_pkey_ctx(NULL)", evp_h)
210
+ have_func("EVP_PKEY_eq(NULL, NULL)", evp_h)
211
+ have_func("EVP_PKEY_dup(NULL)", evp_h)
178
212
 
179
213
  Logging::message "=== Checking done. ===\n"
180
214
 
215
+ # Append flags from environment variables.
216
+ extcflags = ENV["RUBY_OPENSSL_EXTCFLAGS"]
217
+ append_cflags(extcflags.split) if extcflags
218
+ extldflags = ENV["RUBY_OPENSSL_EXTLDFLAGS"]
219
+ append_ldflags(extldflags.split) if extldflags
220
+
181
221
  create_header
182
222
  create_makefile("openssl")
183
223
  Logging::message "Done.\n"
@@ -10,77 +10,11 @@
10
10
  #include RUBY_EXTCONF_H
11
11
 
12
12
  #include <string.h> /* memcpy() */
13
- #if !defined(OPENSSL_NO_ENGINE)
14
- # include <openssl/engine.h>
15
- #endif
16
- #if !defined(OPENSSL_NO_HMAC)
17
- # include <openssl/hmac.h>
18
- #endif
19
13
  #include <openssl/x509_vfy.h>
20
14
 
21
15
  #include "openssl_missing.h"
22
16
 
23
- /* added in 1.0.2 */
24
- #if !defined(OPENSSL_NO_EC)
25
- #if !defined(HAVE_EC_CURVE_NIST2NID)
26
- static struct {
27
- const char *name;
28
- int nid;
29
- } nist_curves[] = {
30
- {"B-163", NID_sect163r2},
31
- {"B-233", NID_sect233r1},
32
- {"B-283", NID_sect283r1},
33
- {"B-409", NID_sect409r1},
34
- {"B-571", NID_sect571r1},
35
- {"K-163", NID_sect163k1},
36
- {"K-233", NID_sect233k1},
37
- {"K-283", NID_sect283k1},
38
- {"K-409", NID_sect409k1},
39
- {"K-571", NID_sect571k1},
40
- {"P-192", NID_X9_62_prime192v1},
41
- {"P-224", NID_secp224r1},
42
- {"P-256", NID_X9_62_prime256v1},
43
- {"P-384", NID_secp384r1},
44
- {"P-521", NID_secp521r1}
45
- };
46
-
47
- int
48
- ossl_EC_curve_nist2nid(const char *name)
49
- {
50
- size_t i;
51
- for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) {
52
- if (!strcmp(nist_curves[i].name, name))
53
- return nist_curves[i].nid;
54
- }
55
- return NID_undef;
56
- }
57
- #endif
58
- #endif
59
-
60
17
  /*** added in 1.1.0 ***/
61
- #if !defined(HAVE_HMAC_CTX_NEW)
62
- HMAC_CTX *
63
- ossl_HMAC_CTX_new(void)
64
- {
65
- HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
66
- if (!ctx)
67
- return NULL;
68
- HMAC_CTX_init(ctx);
69
- return ctx;
70
- }
71
- #endif
72
-
73
- #if !defined(HAVE_HMAC_CTX_FREE)
74
- void
75
- ossl_HMAC_CTX_free(HMAC_CTX *ctx)
76
- {
77
- if (ctx) {
78
- HMAC_CTX_cleanup(ctx);
79
- OPENSSL_free(ctx);
80
- }
81
- }
82
- #endif
83
-
84
18
  #if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
85
19
  void
86
20
  ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
@@ -12,40 +12,7 @@
12
12
 
13
13
  #include "ruby/config.h"
14
14
 
15
- /* added in 1.0.2 */
16
- #if !defined(OPENSSL_NO_EC)
17
- #if !defined(HAVE_EC_CURVE_NIST2NID)
18
- int ossl_EC_curve_nist2nid(const char *);
19
- # define EC_curve_nist2nid ossl_EC_curve_nist2nid
20
- #endif
21
- #endif
22
-
23
- #if !defined(HAVE_X509_REVOKED_DUP)
24
- # define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
25
- (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
26
- #endif
27
-
28
- #if !defined(HAVE_X509_STORE_CTX_GET0_STORE)
29
- # define X509_STORE_CTX_get0_store(x) ((x)->ctx)
30
- #endif
31
-
32
- #if !defined(HAVE_SSL_IS_SERVER)
33
- # define SSL_is_server(s) ((s)->server)
34
- #endif
35
-
36
15
  /* added in 1.1.0 */
37
- #if !defined(HAVE_BN_GENCB_NEW)
38
- # define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
39
- #endif
40
-
41
- #if !defined(HAVE_BN_GENCB_FREE)
42
- # define BN_GENCB_free(cb) OPENSSL_free(cb)
43
- #endif
44
-
45
- #if !defined(HAVE_BN_GENCB_GET_ARG)
46
- # define BN_GENCB_get_arg(cb) (cb)->arg
47
- #endif
48
-
49
16
  #if !defined(HAVE_EVP_MD_CTX_NEW)
50
17
  # define EVP_MD_CTX_new EVP_MD_CTX_create
51
18
  #endif
@@ -54,16 +21,6 @@ int ossl_EC_curve_nist2nid(const char *);
54
21
  # define EVP_MD_CTX_free EVP_MD_CTX_destroy
55
22
  #endif
56
23
 
57
- #if !defined(HAVE_HMAC_CTX_NEW)
58
- HMAC_CTX *ossl_HMAC_CTX_new(void);
59
- # define HMAC_CTX_new ossl_HMAC_CTX_new
60
- #endif
61
-
62
- #if !defined(HAVE_HMAC_CTX_FREE)
63
- void ossl_HMAC_CTX_free(HMAC_CTX *);
64
- # define HMAC_CTX_free ossl_HMAC_CTX_free
65
- #endif
66
-
67
24
  #if !defined(HAVE_X509_STORE_GET_EX_DATA)
68
25
  # define X509_STORE_get_ex_data(x, idx) \
69
26
  CRYPTO_get_ex_data(&(x)->ex_data, (idx))
@@ -147,8 +104,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
147
104
  CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY);
148
105
  #endif
149
106
 
150
- #if !defined(HAVE_OPAQUE_OPENSSL) && \
151
- (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL)
107
+ #if !defined(HAVE_OPAQUE_OPENSSL)
152
108
  #define IMPL_PKEY_GETTER(_type, _name) \
153
109
  static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
154
110
  return pkey->pkey._name; }
@@ -254,4 +210,29 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
254
210
  } while (0)
255
211
  #endif
256
212
 
213
+ /* added in 3.0.0 */
214
+ #if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
215
+ # define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
216
+ #endif
217
+
218
+ #ifndef HAVE_EVP_MD_CTX_GET0_MD
219
+ # define EVP_MD_CTX_get0_md(ctx) EVP_MD_CTX_md(ctx)
220
+ #endif
221
+
222
+ /*
223
+ * OpenSSL 1.1.0 added EVP_MD_CTX_pkey_ctx(), and then it was renamed to
224
+ * EVP_MD_CTX_get_pkey_ctx(x) in OpenSSL 3.0.
225
+ */
226
+ #ifndef HAVE_EVP_MD_CTX_GET_PKEY_CTX
227
+ # ifdef HAVE_EVP_MD_CTX_PKEY_CTX
228
+ # define EVP_MD_CTX_get_pkey_ctx(x) EVP_MD_CTX_pkey_ctx(x)
229
+ # else
230
+ # define EVP_MD_CTX_get_pkey_ctx(x) (x)->pctx
231
+ # endif
232
+ #endif
233
+
234
+ #ifndef HAVE_EVP_PKEY_EQ
235
+ # define EVP_PKEY_eq(a, b) EVP_PKEY_cmp(a, b)
236
+ #endif
237
+
257
238
  #endif /* _OSSL_OPENSSL_MISSING_H_ */