---
* [Bug 3144] NTP does not build without openSSL <perlinger@ntp.org>
+* [Bug 3363] Support for openssl-1.1.0 without compatibility modes
+ - rework of patch set from <ntp.org@eroen.eu> <perlinger@ntp.org>
---
(4.2.8p9) 2016/11/21 Released by Harlan Stenn <stenn@ntp.org>
#include "openssl/dsa.h"
#include "openssl/rsa.h"
+#ifndef OPENSSL_VERSION_NUMBER
+#define OPENSSL_VERSION_NUMBER SSLEAY_VERSION_NUMBER
+#endif
+
+#ifndef OPENSSL_VERSION_TEXT
+#define OPENSSL_VERSION_TEXT SSLEAY_VERSION_TEXT
+#endif
+
+#ifndef OPENSSL_VERSION
+#define OPENSSL_VERSION SSLEAY_VERSION
+#endif
+
/* ----------------------------------------------------------------- */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* ----------------------------------------------------------------- */
#define X509_get_signature_nid sslshim_X509_get_signature_nid
+#define OpenSSL_version_num SSLeay
+#define OpenSSL_version SSLeay_version
+#define X509_get0_notBefore X509_get_notBefore
+#define X509_getm_notBefore X509_get_notBefore
+#define X509_get0_notAfter X509_get_notAfter
+#define X509_getm_notAfter X509_get_notAfter
+
/* ----------------------------------------------------------------- */
#endif /* OPENSSL_VERSION_NUMBER < v1.1.0 */
/* ----------------------------------------------------------------- */
invalidsyntax: AUTOKEY should be defined only if OPENSSL is.
#endif
+#include "openssl/bn.h"
#include "openssl/evp.h"
#include "ntp_calendar.h" /* for fields in the cert_info structure */
#include <lib_strbuf.h>
#ifdef OPENSSL
+#include "openssl/crypto.h"
#include "openssl/err.h"
#include "openssl/evp.h"
+#include "openssl/opensslv.h"
#include "libssl_compat.h"
-void atexit_ssl_cleanup(void);
-
int ssl_init_done;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+static void
+atexit_ssl_cleanup(void)
+{
+ if (!ssl_init_done)
+ return;
+
+ ssl_init_done = FALSE;
+ EVP_cleanup();
+ ERR_free_strings();
+}
+
void
ssl_init(void)
{
init_lib();
- if (ssl_init_done)
- return;
-
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
- atexit(&atexit_ssl_cleanup);
-
- ssl_init_done = TRUE;
+ if ( ! ssl_init_done) {
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ atexit(&atexit_ssl_cleanup);
+ ssl_init_done = TRUE;
+ }
}
+#else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
void
-atexit_ssl_cleanup(void)
+ssl_init(void)
{
- if (!ssl_init_done)
- return;
-
- ssl_init_done = FALSE;
- EVP_cleanup();
- ERR_free_strings();
+ init_lib();
+ ssl_init_done = TRUE;
}
+#endif /* OPENSSL_VERSION_NUMBER */
+
void
ssl_check_version(void)
{
- if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) {
+ u_long v;
+
+ v = OpenSSL_version_num();
+ if ((v ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) {
msyslog(LOG_WARNING,
"OpenSSL version mismatch. Built against %lx, you have %lx",
- (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
+ (u_long)OPENSSL_VERSION_NUMBER, v);
fprintf(stderr,
"OpenSSL version mismatch. Built against %lx, you have %lx\n",
- (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
+ (u_long)OPENSSL_VERSION_NUMBER, v);
}
INIT_SSL();
#include "ntp_calendar.h"
#include "ntp_leapsec.h"
+#include "openssl/asn1.h"
#include "openssl/bn.h"
+#include "openssl/crypto.h"
#include "openssl/err.h"
#include "openssl/evp.h"
+#include "openssl/opensslv.h"
#include "openssl/pem.h"
#include "openssl/rand.h"
+#include "openssl/x509.h"
#include "openssl/x509v3.h"
#include "libssl_compat.h"
static int crypto_mv (struct exten *, struct peer *);
static int crypto_send (struct exten *, struct value *, int);
static tstamp_t crypto_time (void);
-static void asn_to_calendar (ASN1_TIME *, struct calendar*);
+static void asn_to_calendar (const ASN1_TIME *, struct calendar*);
static struct cert_info *cert_parse (const u_char *, long, tstamp_t);
static int cert_sign (struct exten *, struct value *);
static struct cert_info *cert_install (struct exten *, struct peer *);
static
void
asn_to_calendar (
- ASN1_TIME *asn1time, /* pointer to ASN1_TIME structure */
+ const ASN1_TIME *asn1time, /* pointer to ASN1_TIME structure */
struct calendar *pjd /* pointer to result */
)
{
serial = ASN1_INTEGER_new();
ASN1_INTEGER_set(serial, tstamp);
X509_set_serialNumber(cert, serial);
- X509_gmtime_adj(X509_get_notBefore(cert), 0L);
- X509_gmtime_adj(X509_get_notAfter(cert), YEAR);
+ X509_gmtime_adj(X509_getm_notBefore(cert), 0L);
+ X509_gmtime_adj(X509_getm_notAfter(cert), YEAR);
subj = X509_get_issuer_name(cert);
X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC,
hostval.ptr, strlen((const char *)hostval.ptr), -1, 0);
return (NULL);
}
ret->issuer = estrdup(pch + 3);
- asn_to_calendar(X509_get_notBefore(cert), &(ret->first));
- asn_to_calendar(X509_get_notAfter(cert), &(ret->last));
+ asn_to_calendar(X509_get0_notBefore(cert), &(ret->first));
+ asn_to_calendar(X509_get0_notAfter(cert), &(ret->last));
/*
* Extract extension fields. These are ad hoc ripoffs of
RAND_seed(&seed, sizeof(l_fp));
RAND_write_file(randfile);
DPRINTF(1, ("crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n",
- SSLeay(), randfile, bytes));
+ OpenSSL_version_num(), randfile, bytes));
+
}
/*
#include "tinytest.h"
#include "tinytest_macros.h"
+#include <openssl/asn1.h>
#include <openssl/ssl.h>
#include <openssl/bio.h>
+#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/pem.h>
+#include <openssl/opensslv.h>
+#include <openssl/x509.h>
#include <string.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define OpenSSL_version_num SSLeay
+#endif /* OPENSSL_VERSION_NUMBER */
+
/* A short pre-generated key, to save the cost of doing an RSA key generation
* step during the unit tests. It's only 512 bits long, and it is published
* in this file, so you would have to be very foolish to consider using it in
X509_set_subject_name(x509, name);
X509_set_issuer_name(x509, name);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
X509_time_adj(X509_get_notBefore(x509), 0, &now);
now += 3600;
X509_time_adj(X509_get_notAfter(x509), 0, &now);
+#else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
+ X509_time_adj(X509_getm_notBefore(x509), 0, &now);
+ now += 3600;
+ X509_time_adj(X509_getm_notAfter(x509), 0, &now);
+#endif /* OPENSSL_VERSION_NUMBER */
X509_set_pubkey(x509, key);
tt_assert(0 != X509_sign(x509, key, EVP_sha1()));
ERR_load_crypto_strings();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
- if (SSLeay() != OPENSSL_VERSION_NUMBER) {
- TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) SSLeay()));
+ if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER) {
+ TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) OpenSSL_version_num()));
}
}
init_ssl();
if (strstr((char*)data->setup_data, "renegotiate")) {
- if (SSLeay() >= 0x10001000 &&
- SSLeay() < 0x1000104f) {
+ if (OpenSSL_version_num() >= 0x10001000 &&
+ OpenSSL_version_num() < 0x1000104f) {
/* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2
* can't renegotiate with themselves. Disable. */
disable_tls_11_and_12 = 1;
#include "ntp-keygen-opts.h"
#ifdef OPENSSL
+#include "openssl/asn1.h"
#include "openssl/bn.h"
+#include "openssl/crypto.h"
#include "openssl/evp.h"
#include "openssl/err.h"
#include "openssl/rand.h"
+#include "openssl/opensslv.h"
#include "openssl/pem.h"
+#include "openssl/x509.h"
#include "openssl/x509v3.h"
#include <openssl/objects.h>
#include "libssl_compat.h"
int i, cnt;
char * ptr;
#endif /* AUTOKEY */
+#ifdef OPENSSL
+ const char *sslvtext;
+ int sslvmatch;
+#endif /* OPENSSL */
progname = argv[0];
argv += optct; // Just in case we care later.
#ifdef OPENSSL
- if (SSLeay() == SSLEAY_VERSION_NUMBER)
+ sslvtext = OpenSSL_version(OPENSSL_VERSION);
+ sslvmatch = OpenSSL_version_num() == OPENSSL_VERSION_NUMBER;
+ if (sslvmatch)
fprintf(stderr, "Using OpenSSL version %s\n",
- SSLeay_version(SSLEAY_VERSION));
+ sslvtext);
else
fprintf(stderr, "Built against OpenSSL %s, using version %s\n",
- OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION));
+ OPENSSL_VERSION_TEXT, sslvtext);
#endif /* OPENSSL */
debug = OPT_VALUE_SET_DEBUG_LEVEL;
/*
* Seed random number generator and grow weeds.
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
+#endif /* OPENSSL_VERSION_NUMBER */
if (!RAND_status()) {
if (RAND_file_name(pathbuf, sizeof(pathbuf)) == NULL) {
fprintf(stderr, "RAND_file_name %s\n",
ASN1_INTEGER_set(serial, (long)epoch + JAN_1970);
X509_set_serialNumber(cert, serial);
ASN1_INTEGER_free(serial);
- X509_time_adj(X509_get_notBefore(cert), 0L, &epoch);
- X509_time_adj(X509_get_notAfter(cert), lifetime * SECSPERDAY, &epoch);
+ X509_time_adj(X509_getm_notBefore(cert), 0L, &epoch);
+ X509_time_adj(X509_getm_notAfter(cert), lifetime * SECSPERDAY, &epoch);
subj = X509_get_subject_name(cert);
X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC,
(u_char *)name, -1, -1, 0);
projects / thirdparty / ntp.git / commitdiff
