rubysl-openssl 2.10 → 2.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 8170c92fac3dc7ed60bbd846bd9c6c9305b67f9e
-  data.tar.gz: 6dbb74381898065c6db26bbf1dd07f580da5011a
+SHA256:
+  metadata.gz: c8e134279ec9b3fb382410f085056f03b7452528e35e767659db710fd831e9e0
+  data.tar.gz: f49ad76beb97edc9466f440b7a51a34da5b3a38cbe4c240b4ec67b29aeeced3a
 SHA512:
-  metadata.gz: ccae0e900ef78f9858ea6e5f080d4dcd1414c9063e1527f21a19b05d3aec1a2acd75e7d1647ec0e0cb2c83d1a380038fa72679dcb27050bbd37506b2e5f00fb8
-  data.tar.gz: 4b7aceae7fa70b44e876e00900c16b5dcde6d64e73242a43ad569847dbe03c5ca0dc395d4e854c5076d3811cd91b2fe9136232a1c730cf740826c3eb5b427cc0
+  metadata.gz: 00272e14585bb278bcc37c42c1de138fbb4f1075329cd831b64c9749c0b39f89b93fafb0940369fd2238649a3bade8dc604ace72684e541bb41ac442c64f21a2
+  data.tar.gz: '089dd3bf4adfa74f51a6566e3c55d8c24bbc7dd64f4e0bb6e9443d6e497743af84a5a7847618d83c2495fc022cedc9347649675a0c1371462598cfe354af7ae6'

data/ext/rubysl/openssl/deprecation.rb

@@ -3,7 +3,7 @@ module OpenSSL
   def self.deprecated_warning_flag
     unless flag = (@deprecated_warning_flag ||= nil)
       if try_compile("", flag = "-Werror=deprecated-declarations")
-        if with_config("broken-apple-openssl")
+        if /darwin/ =~ RUBY_PLATFORM and with_config("broken-apple-openssl")
           flag = "-Wno-deprecated-declarations"
         end
         $warnflags << " #{flag}"
@@ -16,7 +16,11 @@ module OpenSSL
   end
 
   def self.check_func(func, header)
-    have_func(func, header, deprecated_warning_flag) and
-      have_header(header, nil, deprecated_warning_flag)
+    have_func(func, header, deprecated_warning_flag)
+  end
+
+  def self.check_func_or_macro(func, header)
+    check_func(func, header) or
+      have_macro(func, header) && $defs.push("-DHAVE_#{func.upcase}")
   end
 end

data/ext/rubysl/openssl/extconf.rb

@@ -19,144 +19,189 @@ dir_config("kerberos")
 
 Logging::message "=== OpenSSL for Ruby configurator ===\n"
 
+# Add -Werror=deprecated-declarations to $warnflags if available
+OpenSSL.deprecated_warning_flag
+
 ##
 # Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
 # To turn it on, use: --with-debug or --enable-debug
 #
 if with_config("debug") or enable_config("debug")
-  $defs.push("-DOSSL_DEBUG") unless $defs.include? "-DOSSL_DEBUG"
+  $defs.push("-DOSSL_DEBUG")
 end
 
 Logging::message "=== Checking for system dependent stuff... ===\n"
 have_library("nsl", "t_open")
 have_library("socket", "socket")
-have_header("assert.h")
-
-Logging::message "=== Checking for required stuff... ===\n"
-if $mingw
-  have_library("wsock32")
-  have_library("gdi32")
+if $mswin || $mingw
+  have_library("ws2_32")
 end
 
+Logging::message "=== Checking for required stuff... ===\n"
 result = pkg_config("openssl") && have_header("openssl/ssl.h")
 
+def find_openssl_library
+  if $mswin || $mingw
+    # required for static OpenSSL libraries
+    have_library("gdi32") # OpenSSL <= 1.0.2 (for RAND_screen())
+    have_library("crypt32")
+  end
+
+  return false unless have_header("openssl/ssl.h")
+
+  ret = have_library("crypto", "CRYPTO_malloc") &&
+    have_library("ssl", "SSL_new")
+  return ret if ret
+
+  if $mswin
+    # OpenSSL >= 1.1.0: libcrypto.lib and libssl.lib.
+    if have_library("libcrypto", "CRYPTO_malloc") &&
+        have_library("libssl", "SSL_new")
+      return true
+    end
+
+    # OpenSSL <= 1.0.2: libeay32.lib and ssleay32.lib.
+    if have_library("libeay32", "CRYPTO_malloc") &&
+        have_library("ssleay32", "SSL_new")
+      return true
+    end
+
+    # LibreSSL: libcrypto-##.lib and libssl-##.lib, where ## is the ABI version
+    # number. We have to find the version number out by scanning libpath.
+    libpath = $LIBPATH.dup
+    libpath |= ENV["LIB"].split(File::PATH_SEPARATOR)
+    libpath.map! { |d| d.tr(File::ALT_SEPARATOR, File::SEPARATOR) }
+
+    ret = [
+      ["crypto", "CRYPTO_malloc"],
+      ["ssl", "SSL_new"]
+    ].all? do |base, func|
+      result = false
+      libs = ["lib#{base}-[0-9][0-9]", "lib#{base}-[0-9][0-9][0-9]"]
+      libs = Dir.glob(libs.map{|l| libpath.map{|d| File.join(d, l + ".*")}}.flatten).map{|path| File.basename(path, ".*")}.uniq
+      libs.each do |lib|
+        result = have_library(lib, func)
+        break if result
+      end
+      result
+    end
+    return ret if ret
+  end
+  return false
+end
+
 unless result
-  result = have_header("openssl/ssl.h")
-  result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "OpenSSL_add_all_digests")}
-  result &&= %w[ssl ssleay32].any? {|lib| have_library(lib, "SSL_library_init")}
-  unless result
+  unless find_openssl_library
     Logging::message "=== Checking for required stuff failed. ===\n"
     Logging::message "Makefile wasn't created. Fix the errors above.\n"
     exit 1
   end
 end
 
-unless have_header("openssl/conf_api.h")
-  raise "OpenSSL 0.9.6 or later required."
+result = checking_for("OpenSSL version is 0.9.8 or later") {
+  try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
+}
+unless result
+  raise "OpenSSL 0.9.8 or later required."
 end
-unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
+
+if /darwin/ =~ RUBY_PLATFORM and !OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
   Logging::message "You may be using a version of OpenSSL or SSL provided by Apple.\nIf you encounter issues, please use another SSL library. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
 end
 
 Logging::message "=== Checking for OpenSSL features... ===\n"
-have_func("ERR_peek_last_error")
-have_func("ASN1_put_eoc")
-have_func("BN_mod_add")
-have_func("BN_mod_sqr")
-have_func("BN_mod_sub")
-have_func("BN_pseudo_rand_range")
-have_func("BN_rand_range")
-have_func("CONF_get1_default_config_file")
-have_func("EVP_CIPHER_CTX_copy")
-have_func("EVP_CIPHER_CTX_set_padding")
-have_func("EVP_CipherFinal_ex")
-have_func("EVP_CipherInit_ex")
-have_func("EVP_DigestFinal_ex")
-have_func("EVP_DigestInit_ex")
-have_func("EVP_MD_CTX_cleanup")
-have_func("EVP_MD_CTX_create")
-have_func("EVP_MD_CTX_destroy")
-have_func("EVP_MD_CTX_init")
-have_func("HMAC_CTX_cleanup")
-have_func("HMAC_CTX_copy")
-have_func("HMAC_CTX_init")
-have_func("PEM_def_callback")
-have_func("PKCS5_PBKDF2_HMAC")
-have_func("PKCS5_PBKDF2_HMAC_SHA1")
-have_func("RAND_egd")
-have_func("X509V3_set_nconf")
-have_func("X509V3_EXT_nconf_nid")
-have_func("X509_CRL_add0_revoked")
-have_func("X509_CRL_set_issuer_name")
-have_func("X509_CRL_set_version")
-have_func("X509_CRL_sort")
-have_func("X509_NAME_hash_old")
-have_func("X509_STORE_get_ex_data")
-have_func("X509_STORE_set_ex_data")
-have_func("OBJ_NAME_do_all_sorted")
-have_func("SSL_SESSION_get_id")
-have_func("SSL_SESSION_cmp")
-have_func("OPENSSL_cleanse")
+# compile options
+
+# SSLv2 and SSLv3 may be removed in future versions of OpenSSL, and even macros
+# like OPENSSL_NO_SSL2 may not be defined.
 have_func("SSLv2_method")
-have_func("SSLv2_server_method")
-have_func("SSLv2_client_method")
 have_func("SSLv3_method")
-have_func("SSLv3_server_method")
-have_func("SSLv3_client_method")
 have_func("TLSv1_1_method")
-have_func("TLSv1_1_server_method")
-have_func("TLSv1_1_client_method")
 have_func("TLSv1_2_method")
-have_func("TLSv1_2_server_method")
-have_func("TLSv1_2_client_method")
-have_func("SSL_CTX_set_alpn_select_cb")
-have_func("SSL_CTX_set_alpn_protos")
-have_macro("OPENSSL_NPN_NEGOTIATED", ['openssl/ssl.h']) && $defs.push("-DHAVE_OPENSSL_NPN_NEGOTIATED")
-unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
-  have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
-end
-if have_header("openssl/engine.h")
-  have_func("ENGINE_add")
-  have_func("ENGINE_load_builtin_engines")
-  have_func("ENGINE_load_openbsd_dev_crypto")
-  have_func("ENGINE_get_digest")
-  have_func("ENGINE_get_cipher")
-  have_func("ENGINE_cleanup")
-  have_func("ENGINE_load_dynamic")
-  have_func("ENGINE_load_4758cca")
-  have_func("ENGINE_load_aep")
-  have_func("ENGINE_load_atalla")
-  have_func("ENGINE_load_chil")
-  have_func("ENGINE_load_cswift")
-  have_func("ENGINE_load_nuron")
-  have_func("ENGINE_load_sureware")
-  have_func("ENGINE_load_ubsec")
-  have_func("ENGINE_load_padlock")
-  have_func("ENGINE_load_capi")
-  have_func("ENGINE_load_gmp")
-  have_func("ENGINE_load_gost")
-  have_func("ENGINE_load_cryptodev")
-  have_func("ENGINE_load_aesni")
-end
-have_func("DH_generate_parameters_ex")
-have_func("DSA_generate_parameters_ex")
-have_func("RSA_generate_key_ex")
-if checking_for('OpenSSL version is 0.9.7 or later') {
-    try_static_assert('OPENSSL_VERSION_NUMBER >= 0x00907000L', 'openssl/opensslv.h')
-  }
-  have_header("openssl/ocsp.h")
+have_func("RAND_egd")
+engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
+             cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
+engines.each { |name|
+  OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
+}
+
+if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
+  $defs.push("-DNOCRYPT")
 end
+
+# added in 0.9.8X
+have_func("EVP_CIPHER_CTX_new")
+have_func("EVP_CIPHER_CTX_free")
+OpenSSL.check_func_or_macro("SSL_CTX_clear_options", "openssl/ssl.h")
+
+# added in 1.0.0
+have_func("ASN1_TIME_adj")
+have_func("EVP_CIPHER_CTX_copy")
+have_func("EVP_PKEY_base_id")
+have_func("HMAC_CTX_copy")
+have_func("PKCS5_PBKDF2_HMAC")
+have_func("X509_NAME_hash_old")
+have_func("X509_STORE_CTX_get0_current_crl")
+have_func("X509_STORE_set_verify_cb")
+have_func("i2d_ASN1_SET_ANY")
+have_func("SSL_SESSION_cmp") # removed
+OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
 have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
-have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h")
-have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h")
-have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h")
-have_macro("OPENSSL_FIPS", ['openssl/opensslconf.h']) && $defs.push("-DHAVE_OPENSSL_FIPS")
+have_func("EVP_PKEY_get0")
+
+# added in 1.0.1
+have_func("SSL_CTX_set_next_proto_select_cb")
 have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
 
+# added in 1.0.2
+have_func("EC_curve_nist2nid")
+have_func("X509_REVOKED_dup")
+have_func("X509_STORE_CTX_get0_store")
+have_func("SSL_CTX_set_alpn_select_cb")
+OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
+OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
+OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
+have_func("SSL_is_server")
+
+# added in 1.1.0
+if !have_struct_member("SSL", "ctx", "openssl/ssl.h") ||
+    try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x2070000fL", "openssl/opensslv.h")
+  $defs.push("-DHAVE_OPAQUE_OPENSSL")
+end
+have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
+have_func("BN_GENCB_new")
+have_func("BN_GENCB_free")
+have_func("BN_GENCB_get_arg")
+have_func("EVP_MD_CTX_new")
+have_func("EVP_MD_CTX_free")
+have_func("HMAC_CTX_new")
+have_func("HMAC_CTX_free")
+OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
+have_func("X509_STORE_get_ex_data")
+have_func("X509_STORE_set_ex_data")
+have_func("X509_CRL_get0_signature")
+have_func("X509_REQ_get0_signature")
+have_func("X509_REVOKED_get0_serialNumber")
+have_func("X509_REVOKED_get0_revocationDate")
+have_func("X509_get0_tbs_sigalg")
+have_func("X509_STORE_CTX_get0_untrusted")
+have_func("X509_STORE_CTX_get0_cert")
+have_func("X509_STORE_CTX_get0_chain")
+have_func("OCSP_SINGLERESP_get0_id")
+have_func("SSL_CTX_get_ciphers")
+have_func("X509_up_ref")
+have_func("X509_CRL_up_ref")
+have_func("X509_STORE_up_ref")
+have_func("SSL_SESSION_up_ref")
+have_func("EVP_PKEY_up_ref")
+OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed
+OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
+have_func("SSL_CTX_get_security_level")
+have_func("X509_get0_notBefore")
+have_func("SSL_SESSION_get_protocol_version")
+
 Logging::message "=== Checking done. ===\n"
 
 create_header
-create_makefile("openssl/openssl") {|conf|
-  conf << "THREAD_MODEL = #{CONFIG["THREAD_MODEL"]}\n"
-}
+create_makefile("openssl/openssl")
 Logging::message "Done.\n"

data/ext/rubysl/openssl/openssl_missing.c

@@ -9,107 +9,42 @@
  */
 #include RUBY_EXTCONF_H
 
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
+#include <string.h> /* memcpy() */
+#if !defined(OPENSSL_NO_ENGINE)
 # include <openssl/engine.h>
 #endif
-#include <openssl/x509_vfy.h>
-
 #if !defined(OPENSSL_NO_HMAC)
-#include <string.h> /* memcpy() */
-#include <openssl/hmac.h>
-
-#include "openssl_missing.h"
-
-#if !defined(HAVE_HMAC_CTX_COPY)
-void
-HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
-{
-    if (!out || !in) return;
-    memcpy(out, in, sizeof(HMAC_CTX));
-
-    EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
-    EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
-    EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
-}
-#endif /* HAVE_HMAC_CTX_COPY */
-#endif /* NO_HMAC */
-
-#if !defined(HAVE_X509_STORE_SET_EX_DATA)
-int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data)
-{
-    return CRYPTO_set_ex_data(&str->ex_data, idx, data);
-}
+# include <openssl/hmac.h>
 #endif
+#include <openssl/x509_vfy.h>
 
-#if !defined(HAVE_X509_STORE_GET_EX_DATA)
-void *X509_STORE_get_ex_data(X509_STORE *str, int idx)
-{
-    return CRYPTO_get_ex_data(&str->ex_data, idx);
-}
-#endif
+#include "openssl_missing.h"
 
-#if !defined(HAVE_EVP_MD_CTX_CREATE)
-EVP_MD_CTX *
-EVP_MD_CTX_create(void)
+/* added in 0.9.8X */
+#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
+EVP_CIPHER_CTX *
+ossl_EVP_CIPHER_CTX_new(void)
 {
-    EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
-    if (!ctx) return NULL;
-
-    memset(ctx, 0, sizeof(EVP_MD_CTX));
-
+    EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX));
+    if (!ctx)
+	return NULL;
+    EVP_CIPHER_CTX_init(ctx);
     return ctx;
 }
 #endif
 
-#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
-int
-EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
-{
-    /* FIXME!!! */
-    memset(ctx, 0, sizeof(EVP_MD_CTX));
-
-    return 1;
-}
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_DESTROY)
-void
-EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
-{
-    EVP_MD_CTX_cleanup(ctx);
-    OPENSSL_free(ctx);
-}
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_INIT)
-void
-EVP_MD_CTX_init(EVP_MD_CTX *ctx)
-{
-    memset(ctx, 0, sizeof(EVP_MD_CTX));
-}
-#endif
-
-#if !defined(HAVE_HMAC_CTX_INIT)
+#if !defined(HAVE_EVP_CIPHER_CTX_FREE)
 void
-HMAC_CTX_init(HMAC_CTX *ctx)
+ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 {
-    EVP_MD_CTX_init(&ctx->i_ctx);
-    EVP_MD_CTX_init(&ctx->o_ctx);
-    EVP_MD_CTX_init(&ctx->md_ctx);
-}
-#endif
-
-#if !defined(HAVE_HMAC_CTX_CLEANUP)
-void
-HMAC_CTX_cleanup(HMAC_CTX *ctx)
-{
-    EVP_MD_CTX_cleanup(&ctx->i_ctx);
-    EVP_MD_CTX_cleanup(&ctx->o_ctx);
-    EVP_MD_CTX_cleanup(&ctx->md_ctx);
-    memset(ctx, 0, sizeof(HMAC_CTX));
+    if (ctx) {
+	EVP_CIPHER_CTX_cleanup(ctx);
+	OPENSSL_free(ctx);
+    }
 }
 #endif
 
+/* added in 1.0.0 */
 #if !defined(HAVE_EVP_CIPHER_CTX_COPY)
 /*
  * this function does not exist in OpenSSL yet... or ever?.
@@ -117,11 +52,11 @@ HMAC_CTX_cleanup(HMAC_CTX *ctx)
  * tested on 0.9.7d.
  */
 int
-EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
+ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
 {
     memcpy(out, in, sizeof(EVP_CIPHER_CTX));
 
-#if defined(HAVE_ENGINE_ADD) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
+#if !defined(OPENSSL_NO_ENGINE)
     if (in->engine) ENGINE_add(out->engine);
     if (in->cipher_data) {
 	out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
@@ -133,222 +68,106 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
 }
 #endif
 
-#if !defined(HAVE_X509_CRL_SET_VERSION)
-int
-X509_CRL_set_version(X509_CRL *x, long version)
-{
-    if (x == NULL || x->crl == NULL) return 0;
-    if (x->crl->version == NULL) {
-	x->crl->version = M_ASN1_INTEGER_new();
-	if (x->crl->version == NULL) return 0;
-    }
-    return ASN1_INTEGER_set(x->crl->version, version);
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
-int
-X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
-{
-    if (x == NULL || x->crl == NULL) return 0;
-    return X509_NAME_set(&x->crl->issuer, name);
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_SORT)
+#if !defined(OPENSSL_NO_HMAC)
+#if !defined(HAVE_HMAC_CTX_COPY)
 int
-X509_CRL_sort(X509_CRL *c)
+ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
 {
-    int i;
-    X509_REVOKED *r;
-    /* sort the data so it will be written in serial
-     * number order */
-    sk_X509_REVOKED_sort(c->crl->revoked);
-    for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++) {
-	r=sk_X509_REVOKED_value(c->crl->revoked, i);
-	r->sequence=i;
-    }
-    return 1;
-}
-#endif
+    if (!out || !in)
+	return 0;
 
-#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
-static int
-OSSL_X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
-{
-    return(ASN1_STRING_cmp(
-		(ASN1_STRING *)(*a)->serialNumber,
-		(ASN1_STRING *)(*b)->serialNumber));
-}
+    memcpy(out, in, sizeof(HMAC_CTX));
 
-int
-X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
-{
-    X509_CRL_INFO *inf;
+    EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
+    EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
+    EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
 
-    inf = crl->crl;
-    if (!inf->revoked)
-	inf->revoked = sk_X509_REVOKED_new(OSSL_X509_REVOKED_cmp);
-    if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev))
-	return 0;
     return 1;
 }
-#endif
+#endif /* HAVE_HMAC_CTX_COPY */
+#endif /* NO_HMAC */
 
-#if !defined(HAVE_BN_MOD_SQR)
-int
-BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
-{
-    if (!BN_sqr(r, (BIGNUM*)a, ctx)) return 0;
-    return BN_mod(r, r, m, ctx);
-}
-#endif
+/* added in 1.0.2 */
+#if !defined(OPENSSL_NO_EC)
+#if !defined(HAVE_EC_CURVE_NIST2NID)
+static struct {
+    const char *name;
+    int nid;
+} nist_curves[] = {
+    {"B-163", NID_sect163r2},
+    {"B-233", NID_sect233r1},
+    {"B-283", NID_sect283r1},
+    {"B-409", NID_sect409r1},
+    {"B-571", NID_sect571r1},
+    {"K-163", NID_sect163k1},
+    {"K-233", NID_sect233k1},
+    {"K-283", NID_sect283k1},
+    {"K-409", NID_sect409k1},
+    {"K-571", NID_sect571k1},
+    {"P-192", NID_X9_62_prime192v1},
+    {"P-224", NID_secp224r1},
+    {"P-256", NID_X9_62_prime256v1},
+    {"P-384", NID_secp384r1},
+    {"P-521", NID_secp521r1}
+};
 
-#if !defined(HAVE_BN_MOD_ADD) || !defined(HAVE_BN_MOD_SUB)
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-{
-    if (!BN_mod(r,m,d,ctx)) return 0;
-    if (!r->neg) return 1;
-    return (d->neg ? BN_sub : BN_add)(r, r, d);
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_ADD)
 int
-BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+ossl_EC_curve_nist2nid(const char *name)
 {
-    if (!BN_add(r, a, b)) return 0;
-    return BN_nnmod(r, r, m, ctx);
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_SUB)
-int
-BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-{
-    if (!BN_sub(r, a, b)) return 0;
-    return BN_nnmod(r, r, m, ctx);
-}
-#endif
-
-#if !defined(HAVE_BN_RAND_RANGE) || !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-static int
-bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
-{
-    int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
-    int n;
-
-    if (range->neg || BN_is_zero(range)) return 0;
-
-    n = BN_num_bits(range);
-
-    if (n == 1) {
-	if (!BN_zero(r)) return 0;
-    } else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
-	do {
-	    if (!bn_rand(r, n + 1, -1, 0)) return 0;
-	    if (BN_cmp(r ,range) >= 0) {
-		if (!BN_sub(r, r, range)) return 0;
-		if (BN_cmp(r, range) >= 0)
-		    if (!BN_sub(r, r, range)) return 0;
-	    }
-	} while (BN_cmp(r, range) >= 0);
-    } else {
-	do {
-	    if (!bn_rand(r, n, -1, 0)) return 0;
-	} while (BN_cmp(r, range) >= 0);
+    size_t i;
+    for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) {
+	if (!strcmp(nist_curves[i].name, name))
+	    return nist_curves[i].nid;
     }
-
-    return 1;
+    return NID_undef;
 }
 #endif
-
-#if !defined(HAVE_BN_RAND_RANGE)
-int
-BN_rand_range(BIGNUM *r, BIGNUM *range)
-{
-    return bn_rand_range(0, r, range);
-}
 #endif
 
-#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-int
-BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
+/*** added in 1.1.0 ***/
+#if !defined(HAVE_HMAC_CTX_NEW)
+HMAC_CTX *
+ossl_HMAC_CTX_new(void)
 {
-    return bn_rand_range(1, r, range);
+    HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
+    if (!ctx)
+	return NULL;
+    HMAC_CTX_init(ctx);
+    return ctx;
 }
 #endif
 
-#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
-#define OPENSSL_CONF "openssl.cnf"
-char *
-CONF_get1_default_config_file(void)
+#if !defined(HAVE_HMAC_CTX_FREE)
+void
+ossl_HMAC_CTX_free(HMAC_CTX *ctx)
 {
-    char *file;
-    int len;
-
-    file = getenv("OPENSSL_CONF");
-    if (file) return BUF_strdup(file);
-    len = strlen(X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
-    len++;
-#endif
-    len += strlen(OPENSSL_CONF);
-    file = OPENSSL_malloc(len + 1);
-    if (!file) return NULL;
-    strcpy(file,X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
-    strcat(file,"/");
-#endif
-    strcat(file,OPENSSL_CONF);
-
-    return file;
+    if (ctx) {
+	HMAC_CTX_cleanup(ctx);
+	OPENSSL_free(ctx);
+    }
 }
 #endif
 
-#if !defined(HAVE_PEM_DEF_CALLBACK)
-#define OSSL_PASS_MIN_LENGTH 4
-int
-PEM_def_callback(char *buf, int num, int w, void *key)
+#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
+void
+ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+			     const X509_ALGOR **palg)
 {
-    int i,j;
-    const char *prompt;
-
-    if (key) {
-	i = strlen(key);
-	i = (i > num) ? num : i;
-	memcpy(buf, key, i);
-	return i;
-    }
-
-    prompt = EVP_get_pw_prompt();
-    if (prompt == NULL) prompt = "Enter PEM pass phrase:";
-    for (;;) {
-	i = EVP_read_pw_string(buf, num, prompt, w);
-	if (i != 0) {
-	    memset(buf, 0, (unsigned int)num);
-	    return(-1);
-	}
-	j = strlen(buf);
-	if (j < OSSL_PASS_MIN_LENGTH) {
-	    fprintf(stderr,
-		    "phrase is too short, needs to be at least %d chars\n",
-		    OSSL_PASS_MIN_LENGTH);
-	}
-	else break;
-    }
-    return j;
+    if (psig != NULL)
+	*psig = crl->signature;
+    if (palg != NULL)
+	*palg = crl->sig_alg;
 }
 #endif
 
-#if !defined(HAVE_ASN1_PUT_EOC)
-int
-ASN1_put_eoc(unsigned char **pp)
+#if !defined(HAVE_X509_REQ_GET0_SIGNATURE)
+void
+ossl_X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+			     const X509_ALGOR **palg)
 {
-    unsigned char *p = *pp;
-    *p++ = 0;
-    *p++ = 0;
-    *pp = p;
-    return 2;
+    if (psig != NULL)
+	*psig = req->signature;
+    if (palg != NULL)
+	*palg = req->sig_alg;
 }
 #endif