mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
Remove checks for OPENSSL_API_LEVEL define
Since the support for OpenSSL Engines has been removed, we can now also remove the checks for OPENSSL_API_LEVEL; The OpenSSL 3.x APIs will be used when compiling with OpenSSL 3.x, and OpenSSL 1.1.xx APIs will be used only when OpenSSL 1.1.x is used.
This commit is contained in:
Ondřej Surý
parent
ef7aba7072
commit
495cf18c75
8 changed files with 52 additions and 60 deletions
|
|
@ -56,7 +56,7 @@
|
|||
|
||||
#include <dst/dst.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/provider.h>
|
||||
#endif
|
||||
|
|
@ -843,7 +843,7 @@ main(int argc, char **argv) {
|
|||
unsigned char c;
|
||||
int ch;
|
||||
bool set_fips_mode = false;
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
OSSL_PROVIDER *fips = NULL, *base = NULL;
|
||||
#endif
|
||||
|
||||
|
|
@ -1117,7 +1117,7 @@ main(int argc, char **argv) {
|
|||
}
|
||||
|
||||
if (set_fips_mode) {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
fips = OSSL_PROVIDER_load(NULL, "fips");
|
||||
if (fips == NULL) {
|
||||
ERR_clear_error();
|
||||
|
|
@ -1293,7 +1293,7 @@ main(int argc, char **argv) {
|
|||
}
|
||||
isc_mem_destroy(&mctx);
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
if (base != NULL) {
|
||||
OSSL_PROVIDER_unload(base);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1195,7 +1195,7 @@ main(int argc, char *argv[]) {
|
|||
int ch;
|
||||
char *endp;
|
||||
bool set_fips_mode = false;
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
OSSL_PROVIDER *fips = NULL, *base = NULL;
|
||||
#endif
|
||||
ksr_ctx_t ksr = {
|
||||
|
|
@ -1280,7 +1280,7 @@ main(int argc, char *argv[]) {
|
|||
setup_logging(mctx, &lctx);
|
||||
|
||||
if (set_fips_mode) {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
fips = OSSL_PROVIDER_load(NULL, "fips");
|
||||
if (fips == NULL) {
|
||||
fatal("Failed to load FIPS provider");
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@
|
|||
#include <dns/zoneverify.h>
|
||||
|
||||
#include <dst/dst.h>
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/provider.h>
|
||||
#endif
|
||||
|
|
@ -3361,7 +3361,7 @@ main(int argc, char *argv[]) {
|
|||
bool set_iter = false;
|
||||
bool nonsecify = false;
|
||||
bool set_fips_mode = false;
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
OSSL_PROVIDER *fips = NULL, *base = NULL;
|
||||
#endif
|
||||
|
||||
|
|
@ -3725,7 +3725,7 @@ main(int argc, char *argv[]) {
|
|||
isc_managers_create(&mctx, nloops, &loopmgr, &netmgr);
|
||||
|
||||
if (set_fips_mode) {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
fips = OSSL_PROVIDER_load(NULL, "fips");
|
||||
if (fips == NULL) {
|
||||
ERR_clear_error();
|
||||
|
|
@ -4128,7 +4128,7 @@ main(int argc, char *argv[]) {
|
|||
isc_mem_stats(mctx, stdout);
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
if (base != NULL) {
|
||||
OSSL_PROVIDER_unload(base);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@
|
|||
#include <openssl/crypto.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/opensslv.h>
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/provider.h>
|
||||
#endif
|
||||
|
|
@ -152,7 +152,7 @@ static bool transferstuck = false;
|
|||
static bool disable6 = false;
|
||||
static bool disable4 = false;
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
static OSSL_PROVIDER *fips = NULL, *base = NULL;
|
||||
#endif
|
||||
|
||||
|
|
@ -961,7 +961,7 @@ parse_command_line(int argc, char *argv[]) {
|
|||
named_main_earlyfatal("option '-X' has been removed");
|
||||
break;
|
||||
case 'F':
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
fips = OSSL_PROVIDER_load(NULL, "fips");
|
||||
if (fips == NULL) {
|
||||
ERR_clear_error();
|
||||
|
|
@ -1616,7 +1616,7 @@ main(int argc, char *argv[]) {
|
|||
|
||||
named_os_shutdown();
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
if (base != NULL) {
|
||||
OSSL_PROVIDER_unload(base);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/opensslv.h>
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
#include <openssl/provider.h>
|
||||
#endif
|
||||
|
||||
|
|
@ -101,7 +101,7 @@ main(int argc, char **argv) {
|
|||
}
|
||||
|
||||
if (strcasecmp(argv[1], "--fips-provider") == 0) {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
OSSL_PROVIDER *fips = OSSL_PROVIDER_load(NULL, "fips");
|
||||
if (fips != NULL) {
|
||||
OSSL_PROVIDER_unload(fips);
|
||||
|
|
@ -135,14 +135,14 @@ main(int argc, char **argv) {
|
|||
|
||||
if (strcmp(argv[1], "--have-fips-dh") == 0) {
|
||||
#if defined(ENABLE_FIPS_MODE)
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
return (0);
|
||||
#else
|
||||
return (1);
|
||||
#endif
|
||||
#else
|
||||
if (isc_fips_mode()) {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
return (0);
|
||||
#else
|
||||
return (1);
|
||||
|
|
|
|||
|
|
@ -273,7 +273,7 @@ opensslecdsa_extract_public_key_params(const dst_key_t *key, unsigned char *dst,
|
|||
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
|
||||
static isc_result_t
|
||||
opensslecdsa_create_pkey_legacy(unsigned int key_alg, bool private,
|
||||
|
|
@ -376,8 +376,7 @@ opensslecdsa_extract_public_key(const dst_key_t *key, unsigned char *dst,
|
|||
if (opensslecdsa_extract_public_key_params(key, dst, dstlen)) {
|
||||
return (true);
|
||||
}
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
#else
|
||||
if (opensslecdsa_extract_public_key_legacy(key, dst, dstlen)) {
|
||||
return (true);
|
||||
}
|
||||
|
|
@ -396,8 +395,7 @@ opensslecdsa_create_pkey(unsigned int key_alg, bool private,
|
|||
if (ret != ISC_R_FAILURE) {
|
||||
return (ret);
|
||||
}
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
#else
|
||||
ret = opensslecdsa_create_pkey_legacy(key_alg, private, key, key_len,
|
||||
retkey);
|
||||
if (ret == ISC_R_SUCCESS) {
|
||||
|
|
|
|||
|
|
@ -73,37 +73,35 @@ opensslrsa_components_get(const dst_key_t *key, rsa_components_t *c,
|
|||
*/
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
if (EVP_PKEY_get_bn_param(pub, OSSL_PKEY_PARAM_RSA_E,
|
||||
(BIGNUM **)&c->e) == 1)
|
||||
(BIGNUM **)&c->e) != 1)
|
||||
{
|
||||
c->bnfree = true;
|
||||
if (EVP_PKEY_get_bn_param(pub, OSSL_PKEY_PARAM_RSA_N,
|
||||
(BIGNUM **)&c->n) != 1)
|
||||
{
|
||||
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
if (!private) {
|
||||
return (ISC_R_SUCCESS);
|
||||
}
|
||||
(void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_D,
|
||||
(BIGNUM **)&c->d);
|
||||
(void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_FACTOR1,
|
||||
(BIGNUM **)&c->p);
|
||||
(void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_FACTOR2,
|
||||
(BIGNUM **)&c->q);
|
||||
(void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_EXPONENT1,
|
||||
(BIGNUM **)&c->dmp1);
|
||||
(void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_EXPONENT2,
|
||||
(BIGNUM **)&c->dmq1);
|
||||
(void)EVP_PKEY_get_bn_param(priv,
|
||||
OSSL_PKEY_PARAM_RSA_COEFFICIENT1,
|
||||
(BIGNUM **)&c->iqmp);
|
||||
ERR_clear_error();
|
||||
return (ISC_R_SUCCESS);
|
||||
} else {
|
||||
ERR_clear_error();
|
||||
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
|
||||
c->bnfree = true;
|
||||
if (EVP_PKEY_get_bn_param(pub, OSSL_PKEY_PARAM_RSA_N,
|
||||
(BIGNUM **)&c->n) != 1)
|
||||
{
|
||||
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
if (!private) {
|
||||
return (ISC_R_SUCCESS);
|
||||
}
|
||||
(void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_D,
|
||||
(BIGNUM **)&c->d);
|
||||
(void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_FACTOR1,
|
||||
(BIGNUM **)&c->p);
|
||||
(void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_FACTOR2,
|
||||
(BIGNUM **)&c->q);
|
||||
(void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_EXPONENT1,
|
||||
(BIGNUM **)&c->dmp1);
|
||||
(void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_EXPONENT2,
|
||||
(BIGNUM **)&c->dmq1);
|
||||
(void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_COEFFICIENT1,
|
||||
(BIGNUM **)&c->iqmp);
|
||||
ERR_clear_error();
|
||||
return (ISC_R_SUCCESS);
|
||||
#else
|
||||
const RSA *rsa = EVP_PKEY_get0_RSA(pub);
|
||||
if (rsa == NULL) {
|
||||
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
|
|
@ -122,8 +120,6 @@ opensslrsa_components_get(const dst_key_t *key, rsa_components_t *c,
|
|||
RSA_get0_factors(rsa, &c->p, &c->q);
|
||||
RSA_get0_crt_params(rsa, &c->dmp1, &c->dmq1, &c->iqmp);
|
||||
return (ISC_R_SUCCESS);
|
||||
#else
|
||||
return (DST_R_OPENSSLFAILURE);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
@ -300,9 +296,7 @@ opensslrsa_check_exponent_bits(EVP_PKEY *pkey, int maxbits) {
|
|||
BN_free(e);
|
||||
return (bits < maxbits);
|
||||
}
|
||||
#endif
|
||||
/* Use old API for the OpenSSL ENGINE support, even with OpenSSL 3.x */
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
#else
|
||||
const RSA *rsa = EVP_PKEY_get0_RSA(pkey);
|
||||
if (rsa != NULL) {
|
||||
const BIGNUM *ce = NULL;
|
||||
|
|
@ -351,7 +345,7 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
|
|||
return (opensslrsa_verify2(dctx, 0, sig));
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
static int
|
||||
progress_cb(int p, int n, BN_GENCB *cb) {
|
||||
void (*fptr)(int);
|
||||
|
|
@ -675,7 +669,7 @@ err:
|
|||
OSSL_PARAM_BLD_free(bld);
|
||||
return (ret);
|
||||
}
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
|
||||
static isc_result_t
|
||||
opensslrsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
#include <isc/thread.h>
|
||||
#include <isc/util.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
|
||||
#include <openssl/sha.h>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue