[AC_LANG_PROGRAM([#include <openssl/crypto.h>], [ERR_load_CRYPTO_strings()])],
[
AC_MSG_RESULT([yes])
- AC_CHECK_FUNCS([RAND_bytes RAND_pseudo_bytes])
+ AC_CHECK_FUNCS([RAND_bytes RAND_pseudo_bytes CRYPTO_memcmp OPENSSL_init_crypto EVP_MD_CTX_new EVP_MD_CTX_free RSA_get0_key])
$1
], [
AC_MSG_RESULT([no])
inline std::string pdns_hash(const EVP_MD * md, const std::string& input)
{
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
- auto mdctx = std::unique_ptr<EVP_MD_CTX, void(*)(EVP_MD_CTX*)>(EVP_MD_CTX_create(), EVP_MD_CTX_destroy);
-#else
+#if defined(HAVE_EVP_MD_CTX_NEW) && defined(HAVE_EVP_MD_CTX_FREE)
auto mdctx = std::unique_ptr<EVP_MD_CTX, void(*)(EVP_MD_CTX*)>(EVP_MD_CTX_new(), EVP_MD_CTX_free);
+#else
+ auto mdctx = std::unique_ptr<EVP_MD_CTX, void(*)(EVP_MD_CTX*)>(EVP_MD_CTX_create(), EVP_MD_CTX_destroy);
#endif
if (!mdctx) {
throw std::runtime_error(std::string(EVP_MD_name(md)) + " context initialization failed");
void registerOpenSSLUser()
{
if (s_users.fetch_add(1) == 0) {
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && (!defined LIBRESSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER >= 0x2070000fL))
+#ifdef HAVE_OPENSSL_INIT_CRYPTO
/* load the default configuration file (or one specified via OPENSSL_CONF),
which can then be used to load engines */
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, nullptr);
int libssl_get_last_key_type(std::unique_ptr<SSL_CTX, void(*)(SSL_CTX*)>& ctx)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined LIBRESSL_VERSION_NUMBER)
+#ifdef HAVE_SSL_CTX_GET0_PRIVATEKEY
auto pkey = SSL_CTX_get0_privatekey(ctx.get());
#else
auto temp = std::unique_ptr<SSL, void(*)(SSL*)>(SSL_new(ctx.get()), SSL_free);
bool libssl_set_min_tls_version(std::unique_ptr<SSL_CTX, void(*)(SSL_CTX*)>& ctx, LibsslTLSVersion version)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER)
- /* these functions have been introduced in 1.1.0, and the use of SSL_OP_NO_* is deprecated */
+#if defined(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION) || defined(SSL_CTX_set_min_proto_version)
+ /* These functions have been introduced in 1.1.0, and the use of SSL_OP_NO_* is deprecated
+ Warning: SSL_CTX_set_min_proto_version is a function-like macro in OpenSSL */
int vers;
switch(version) {
case LibsslTLSVersion::TLS10:
save_LIBS=$LIBS
CFLAGS="$LIBSSL_CFLAGS $CFLAGS"
LIBS="$LIBSSL_LIBS -lcrypto $LIBS"
- AC_CHECK_FUNCS([SSL_CTX_set_ciphersuites OCSP_basic_sign SSL_CTX_set_num_tickets SSL_CTX_set_keylog_callback])
+ AC_CHECK_FUNCS([SSL_CTX_set_ciphersuites OCSP_basic_sign SSL_CTX_set_num_tickets SSL_CTX_set_keylog_callback SSL_CTX_get0_privatekey SSL_CTX_set_min_proto_version])
CFLAGS=$save_CFLAGS
LIBS=$save_LIBS
return false;
}
const size_t size = a.size();
-#if OPENSSL_VERSION_NUMBER >= 0x0090819fL
+#ifdef HAVE_CRYPTO_MEMCMP
return CRYPTO_memcmp(a.c_str(), b.c_str(), size) == 0;
#else
const volatile unsigned char *_a = (const volatile unsigned char *) a.c_str();
#include "dnssecinfra.hh"
#include "dnsseckeeper.hh"
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL || defined LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090100fL)
/* OpenSSL < 1.1.0 needs support for threading/locking in the calling application. */
static pthread_mutex_t *openssllocks;
OPENSSL_free(openssllocks);
}
-#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL
+#ifndef HAVE_RSA_GET0_KEY
/* those symbols are defined in LibreSSL 2.7.0+ */
/* compat helpers. These DO NOT do any of the checking that the libssl 1.1 functions do. */
static inline void RSA_get0_key(const RSA* rsakey, const BIGNUM** n, const BIGNUM** e, const BIGNUM** d) {
}
#endif /* HAVE_LIBCRYPTO_ECDSA */
-#endif /* !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL */
+#endif /* HAVE_RSA_GET0_KEY */
#else
void openssl_thread_setup() {}