From patchwork Tue Apr 6 06:25:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1716 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.27.255.53]) by backend30.mail.ord1d.rsapps.net with LMTP id gH9QHrWLbGD2dgAAIUCqbw (envelope-from ) for ; Tue, 06 Apr 2021 12:26:29 -0400 Received: from proxy13.mail.iad3a.rsapps.net ([172.27.255.53]) by director8.mail.ord1d.rsapps.net with LMTP id wPUDHrWLbGB1cQAAfY0hYg (envelope-from ) for ; Tue, 06 Apr 2021 12:26:29 -0400 Received: from smtp37.gate.iad3a ([172.27.255.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.iad3a.rsapps.net with LMTPS id cGVjF7WLbGBlRQAAwhxzoA (envelope-from ) for ; Tue, 06 Apr 2021 12:26:29 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp37.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: d6baf1ae-96f4-11eb-b423-525400dc5f6a-1-1 Received: from [216.105.38.7] ([216.105.38.7:46362] helo=lists.sourceforge.net) by smtp37.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id CB/85-17059-4BB8C606; Tue, 06 Apr 2021 12:26:29 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lToWL-0003NO-Ia; Tue, 06 Apr 2021 16:25:41 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lToWJ-0003NF-GC for openvpn-devel@lists.sourceforge.net; Tue, 06 Apr 2021 16:25:39 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=lULAV2vEJ92q3XQpiEE/h1E9LvgarzzHpezn2x6ev8w=; b=DTp6fbys+s0lpK2jayFV6BddG+ 0KCYsuArrm3s4j92toHNezOqHUE80o8UmZUbgi4bnVgKGeToEi3sZOhbZihKdoReCOwc7lZzGXmlb UV/DrMsrmXUtZ+JRcyACPWb3uvAjXBlkYllRqMzyKxQkYfTZpnNCI3h4o+DacHgF1qQ4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=lULAV2vEJ92q3XQpiEE/h1E9LvgarzzHpezn2x6ev8w=; b=GRUXpJZhKXYWslC2lOXmJLDW7o rJKsOaHkgR01vk6IxhQ+xLu9mseJVFCOvOJet0811IY51iAp0G6kGy3P77QVjgsnS2UTh8kISU6zA UVcLFDUHWCBlOQykuObjbMbCwZtGQvdb+jpCjQjfdXzqawvgf85gqjOwiEAfQweUyIJw=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1lToW8-00020d-EQ for openvpn-devel@lists.sourceforge.net; Tue, 06 Apr 2021 16:25:38 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lToVy-0003rA-IQ for openvpn-devel@lists.sourceforge.net; Tue, 06 Apr 2021 18:25:18 +0200 Received: (nullmailer pid 4136 invoked by uid 10006); Tue, 06 Apr 2021 16:25:18 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 6 Apr 2021 18:25:18 +0200 Message-Id: <20210406162518.4075-5-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210406162518.4075-1-arne@rfc2549.org> References: <20210406162518.4075-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lToW8-00020d-EQ Subject: [Openvpn-devel] [PATCH 5/5] Remove OpenSSL configure checks X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox These checks for the functions take a lot of time in configure call and also having these checks make it more blurry for which of the supported OpenSSL versions (and libraries claiming to be OpenSSL) are actually needed. Tested with OpenSSL 1.1.1(Ubuntu 20, macOS), 1.0.2 (CentOS7), 1.1.0 (Debian stretch), LibreSSL (OpenBSD 6.8) and wolfSSL Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli --- configure.ac | 84 -------------------- src/openvpn/openssl_compat.h | 144 +++++++---------------------------- 2 files changed, 29 insertions(+), 199 deletions(-) diff --git a/configure.ac b/configure.ac index 81700abcb..747325164 100644 --- a/configure.ac +++ b/configure.ac @@ -846,50 +846,6 @@ if test "${with_crypto_library}" = "openssl"; then # have this feature have_export_keying_material="yes" - AC_CHECK_FUNCS( - [ \ - HMAC_CTX_new \ - HMAC_CTX_free \ - HMAC_CTX_reset \ - EVP_MD_CTX_new \ - EVP_MD_CTX_free \ - EVP_MD_CTX_reset \ - EVP_CIPHER_CTX_reset \ - OpenSSL_version \ - SSL_CTX_get_default_passwd_cb \ - SSL_CTX_get_default_passwd_cb_userdata \ - SSL_CTX_set1_groups \ - SSL_CTX_set_security_level \ - X509_get0_notBefore \ - X509_get0_notAfter \ - X509_get0_pubkey \ - X509_STORE_get0_objects \ - X509_OBJECT_free \ - X509_OBJECT_get_type \ - EVP_PKEY_get0_RSA \ - EVP_PKEY_get0_DSA \ - EVP_PKEY_get0_EC_KEY \ - RSA_set_flags \ - RSA_bits \ - RSA_get0_key \ - RSA_set0_key \ - DSA_get0_pqg \ - DSA_bits \ - RSA_meth_new \ - RSA_meth_free \ - RSA_meth_set_pub_enc \ - RSA_meth_set_pub_dec \ - RSA_meth_set_priv_enc \ - RSA_meth_set_priv_dec \ - RSA_meth_set_init \ - RSA_meth_set_sign \ - RSA_meth_set_finish \ - RSA_meth_set0_app_data \ - RSA_meth_get0_app_data \ - EC_GROUP_order_bits - ] - ) - CFLAGS="${saved_CFLAGS}" LIBS="${saved_LIBS}" @@ -999,46 +955,6 @@ elif test "${with_crypto_library}" = "wolfssl"; then # wolfSSL signal EKM support have_export_keying_material="yes" - AC_DEFINE([HAVE_HMAC_CTX_NEW], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_HMAC_CTX_FREE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_HMAC_CTX_RESET], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_EVP_MD_CTX_RESET], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_EVP_CIPHER_CTX_RESET], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_OPENSSL_VERSION], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_SSL_CTX_SET_SECURITY_LEVEL], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_X509_GET0_NOTBEFORE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_X509_GET0_NOTAFTER], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_X509_GET0_PUBKEY], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_X509_STORE_GET0_OBJECTS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_X509_OBJECT_FREE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_X509_OBJECT_GET_TYPE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_EVP_PKEY_ID], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_EVP_PKEY_GET0_DSA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_EVP_PKEY_GET0_EC_KEY], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_SET_FLAGS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_BITS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_GET0_KEY], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_SET0_KEY], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_DSA_GET0_PQG], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_DSA_BITS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_METH_NEW], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_METH_FREE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_METH_SET_PUB_ENC], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_METH_SET_PUB_DEC], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_METH_SET_INIT], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_METH_SET_SIGN], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_METH_SET0_APP_DATA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_RSA_METH_GET0_APP_DATA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - AC_DEFINE([HAVE_EC_GROUP_ORDER_BITS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros]) - if test "${enable_wolfssl_options_h}" = "yes"; then AC_DEFINE([EXTERNAL_OPTS_OPENVPN], [1], [Include options.h from wolfSSL library]) else diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index ff024feff..9fc4f2600 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -46,12 +46,36 @@ #include #include +/* Functionality missing in 1.1.0 */ +#if OPENSSL_VERSION_NUMBER < 0x10101000L && !defined(ENABLE_CRYPTO_WOLFSSL) +#define SSL_CTX_set1_groups SSL_CTX_set1_curves +#endif + +/* Functionality missing in LibreSSL and OpenSSL 1.0.2 */ #if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) && !defined(ENABLE_CRYPTO_WOLFSSL) -#define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG -#define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG +/** + * Destroy a X509 object + * + * @param obj X509 object + */ +static inline void +X509_OBJECT_free(X509_OBJECT *obj) +{ + if (obj) + { + X509_OBJECT_free_contents(obj); + OPENSSL_free(obj); + } +} + +#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT +#define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG +#define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG #endif -#if !defined(HAVE_EVP_MD_CTX_RESET) + +/* Functionality missing in 1.0.2 */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(ENABLE_CRYPTO_WOLFSSL) /** * Reset a message digest context * @@ -64,9 +88,7 @@ EVP_MD_CTX_reset(EVP_MD_CTX *ctx) EVP_MD_CTX_cleanup(ctx); return 1; } -#endif -#if !defined(HAVE_EVP_MD_CTX_FREE) /** * Free an existing message digest context * @@ -77,9 +99,7 @@ EVP_MD_CTX_free(EVP_MD_CTX *ctx) { free(ctx); } -#endif -#if !defined(HAVE_EVP_MD_CTX_NEW) /** * Allocate a new message digest object * @@ -92,21 +112,11 @@ EVP_MD_CTX_new(void) ALLOC_OBJ_CLEAR(ctx, EVP_MD_CTX); return ctx; } -#endif -#if !defined(HAVE_EVP_CIPHER_CTX_RESET) #define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_init -#endif - -#if !defined(HAVE_X509_GET0_NOTBEFORE) #define X509_get0_notBefore X509_get_notBefore -#endif - -#if !defined(HAVE_X509_GET0_NOTAFTER) #define X509_get0_notAfter X509_get_notAfter -#endif -#if !defined(HAVE_HMAC_CTX_RESET) /** * Reset a HMAC context * @@ -129,9 +139,7 @@ HMAC_CTX_reset(HMAC_CTX *ctx) HMAC_CTX_init(ctx); return 1; } -#endif -#if !defined(HAVE_HMAC_CTX_FREE) /** * Cleanup and free an existing HMAC context * @@ -143,9 +151,7 @@ HMAC_CTX_free(HMAC_CTX *ctx) HMAC_CTX_cleanup(ctx); free(ctx); } -#endif -#if !defined(HAVE_HMAC_CTX_NEW) /** * Allocate a new HMAC context object * @@ -158,9 +164,7 @@ HMAC_CTX_new(void) ALLOC_OBJ_CLEAR(ctx, HMAC_CTX); return ctx; } -#endif -#if !defined(HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA) /** * Fetch the default password callback user data from the SSL context * @@ -172,9 +176,7 @@ SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) { return ctx ? ctx->default_passwd_callback_userdata : NULL; } -#endif -#if !defined(HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB) /** * Fetch the default password callback from the SSL context * @@ -186,15 +188,7 @@ SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) { return ctx ? ctx->default_passwd_callback : NULL; } -#endif -/* This function is implemented as macro, so the configure check for the - * function may fail, so we check for both variants here */ -#if !defined(HAVE_SSL_CTX_SET1_GROUPS) && !defined(SSL_CTX_set1_groups) -#define SSL_CTX_set1_groups SSL_CTX_set1_curves -#endif - -#if !defined(HAVE_X509_GET0_PUBKEY) /** * Get the public key from a X509 certificate * @@ -207,9 +201,7 @@ X509_get0_pubkey(const X509 *x) return (x && x->cert_info && x->cert_info->key) ? x->cert_info->key->pkey : NULL; } -#endif -#if !defined(HAVE_X509_STORE_GET0_OBJECTS) /** * Fetch the X509 object stack from the X509 store * @@ -221,26 +213,7 @@ static inline STACK_OF(X509_OBJECT) { return store ? store->objs : NULL; } -#endif - -#if !defined(HAVE_X509_OBJECT_FREE) -/** - * Destroy a X509 object - * - * @param obj X509 object - */ -static inline void -X509_OBJECT_free(X509_OBJECT *obj) -{ - if (obj) - { - X509_OBJECT_free_contents(obj); - OPENSSL_free(obj); - } -} -#endif -#if !defined(HAVE_X509_OBJECT_GET_TYPE) /** * Get the type of an X509 object * @@ -252,9 +225,7 @@ X509_OBJECT_get_type(const X509_OBJECT *obj) { return obj ? obj->type : X509_LU_FAIL; } -#endif -#if !defined(HAVE_EVP_PKEY_GET0_RSA) /** * Get the RSA object of a public key * @@ -266,9 +237,7 @@ EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { return (pkey && pkey->type == EVP_PKEY_RSA) ? pkey->pkey.rsa : NULL; } -#endif -#if !defined(HAVE_EVP_PKEY_GET0_EC_KEY) && !defined(OPENSSL_NO_EC) /** * Get the EC_KEY object of a public key * @@ -280,9 +249,8 @@ EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { return (pkey && pkey->type == EVP_PKEY_EC) ? pkey->pkey.ec : NULL; } -#endif -#if !defined(HAVE_EVP_PKEY_GET0_DSA) + /** * Get the DSA object of a public key * @@ -294,9 +262,7 @@ EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { return (pkey && pkey->type == EVP_PKEY_DSA) ? pkey->pkey.dsa : NULL; } -#endif -#if !defined(HAVE_RSA_SET_FLAGS) /** * Set the RSA flags * @@ -311,9 +277,7 @@ RSA_set_flags(RSA *rsa, int flags) rsa->flags = flags; } } -#endif -#if !defined(HAVE_RSA_GET0_KEY) /** * Get the RSA parameters * @@ -339,9 +303,7 @@ RSA_get0_key(const RSA *rsa, const BIGNUM **n, *d = rsa ? rsa->d : NULL; } } -#endif -#if !defined(HAVE_RSA_SET0_KEY) /** * Set the RSA parameters * @@ -378,9 +340,7 @@ RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) return 1; } -#endif /* if !defined(HAVE_RSA_SET0_KEY) */ -#if !defined(HAVE_RSA_BITS) /** * Number of significant RSA bits * @@ -394,9 +354,7 @@ RSA_bits(const RSA *rsa) RSA_get0_key(rsa, &n, NULL, NULL); return n ? BN_num_bits(n) : 0; } -#endif -#if !defined(HAVE_DSA_GET0_PQG) /** * Get the DSA parameters * @@ -422,9 +380,7 @@ DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, *g = dsa ? dsa->g : NULL; } } -#endif -#if !defined(HAVE_DSA_BITS) /** * Number of significant DSA bits * @@ -438,9 +394,7 @@ DSA_bits(const DSA *dsa) DSA_get0_pqg(dsa, &p, NULL, NULL); return p ? BN_num_bits(p) : 0; } -#endif -#if !defined(HAVE_RSA_METH_NEW) /** * Allocate a new RSA method object * @@ -457,9 +411,7 @@ RSA_meth_new(const char *name, int flags) rsa_meth->flags = flags; return rsa_meth; } -#endif -#if !defined(HAVE_RSA_METH_FREE) /** * Free an existing RSA_METHOD object * @@ -480,9 +432,7 @@ RSA_meth_free(RSA_METHOD *meth) free(meth); } } -#endif -#if !defined(HAVE_RSA_METH_SET_PUB_ENC) /** * Set the public encoding function of an RSA_METHOD object * @@ -503,9 +453,7 @@ RSA_meth_set_pub_enc(RSA_METHOD *meth, } return 0; } -#endif -#if !defined(HAVE_RSA_METH_SET_PUB_DEC) /** * Set the public decoding function of an RSA_METHOD object * @@ -526,9 +474,7 @@ RSA_meth_set_pub_dec(RSA_METHOD *meth, } return 0; } -#endif -#if !defined(HAVE_RSA_METH_SET_PRIV_ENC) /** * Set the private encoding function of an RSA_METHOD object * @@ -549,9 +495,7 @@ RSA_meth_set_priv_enc(RSA_METHOD *meth, } return 0; } -#endif -#if !defined(HAVE_RSA_METH_SET_PRIV_DEC) /** * Set the private decoding function of an RSA_METHOD object * @@ -572,9 +516,7 @@ RSA_meth_set_priv_dec(RSA_METHOD *meth, } return 0; } -#endif -#if !defined(HAVE_RSA_METH_SET_INIT) /** * Set the init function of an RSA_METHOD object * @@ -592,9 +534,7 @@ RSA_meth_set_init(RSA_METHOD *meth, int (*init)(RSA *rsa)) } return 0; } -#endif -#if !defined (HAVE_RSA_METH_SET_SIGN) /** * Set the sign function of an RSA_METHOD object * @@ -613,9 +553,7 @@ RSA_meth_set_sign(RSA_METHOD *meth, meth->rsa_sign = sign; return 1; } -#endif -#if !defined(HAVE_RSA_METH_SET_FINISH) /** * Set the finish function of an RSA_METHOD object * @@ -633,9 +571,7 @@ RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) } return 0; } -#endif -#if !defined(HAVE_RSA_METH_SET0_APP_DATA) /** * Set the application data of an RSA_METHOD object * @@ -653,9 +589,7 @@ RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data) } return 0; } -#endif -#if !defined(HAVE_RSA_METH_GET0_APP_DATA) /** * Get the application data of an RSA_METHOD object * @@ -667,9 +601,7 @@ RSA_meth_get0_app_data(const RSA_METHOD *meth) { return meth ? meth->app_data : NULL; } -#endif -#if !defined(HAVE_EC_GROUP_ORDER_BITS) && !defined(OPENSSL_NO_EC) /** * Gets the number of bits of the order of an EC_GROUP * @@ -685,22 +617,11 @@ EC_GROUP_order_bits(const EC_GROUP *group) BN_free(order); return bits; } -#endif /* SSLeay symbols have been renamed in OpenSSL 1.1 */ -#ifndef OPENSSL_VERSION #define OPENSSL_VERSION SSLEAY_VERSION -#endif - -#ifndef HAVE_OPENSSL_VERSION #define OpenSSL_version SSLeay_version -#endif -#if !defined(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT) -#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT -#endif - -#ifndef SSL_CTX_get_min_proto_version /** Return the min SSL protocol version currently enabled in the context. * If no valid version >= TLS1.0 is found, return 0. */ static inline int @@ -721,9 +642,7 @@ SSL_CTX_get_min_proto_version(SSL_CTX *ctx) } return 0; } -#endif /* SSL_CTX_get_min_proto_version */ -#ifndef SSL_CTX_get_max_proto_version /** Return the max SSL protocol version currently enabled in the context. * If no valid version >= TLS1.0 is found, return 0. */ static inline int @@ -744,9 +663,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx) } return 0; } -#endif /* SSL_CTX_get_max_proto_version */ -#ifndef SSL_CTX_set_min_proto_version /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */ static inline int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min) @@ -773,9 +690,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min) return 1; } -#endif /* SSL_CTX_set_min_proto_version */ -#ifndef SSL_CTX_set_max_proto_version /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */ static inline int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max) @@ -802,6 +717,5 @@ SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max) return 1; } -#endif /* SSL_CTX_set_max_proto_version */ - +#endif #endif /* OPENSSL_COMPAT_H_ */