Dealing with OpenSSL has been rapidly turning into an unwieldy situation
as post-3.0 changes turn the library into a different beast.
Start treating pre and post-3.0 versions differently for easier
maintenance.
To help with this Sisyphean task, this MR had to shift things around.
`OPENSSL_NO_DEPRECATED` is now declared in BIND alongside an appropriate
`OPENSSL_API_COMPAT` value. The former value will set to declare either
OpenSSL 1.1.0 or 3.0 as the bare minimum version.
Instead of splitting `md.c` and `hmac.c` into separate version-specific
files, they now live inside `crypto/ossl1_1.c` and `crypto/ossl3.c`.
This way, these functions will be able to utilize the same static
`OSSL_PARAM` tables, removing redundant reconstruction for HMAC.
For pre-3.0, `isc_hmac` has been reverted back to using the `HMAC_`
interface. Using `EVP_MD_CTX`-based functions for HMAC will end up
libcrypto calling the same `HMAC_` functions in the end, giving no
advantage while confusingly using the digest functions.
A new API, `isc_ossl_wrap` has been added. This family of functions
aim to provide a common interface for libcrypto version specific code
while not abstracting away OpenSSL's structures such as `EVP_PKEY`.
Currently the main user of this API is the `dst` family of functions
where some ECDSA and RSA opeations need to use the new `OSSL_PARAM`
functionality by requirement or to avoid speed penalties.
Furthermore OpenSSL based logging has been moved from `isc_tls` to
`isc_ossl_wrap` as its a more appropriate place for such functionality.
Merge branch 'aydin/openssl-version-split' into 'main'
See merge request isc-projects/bind9!11094
projects / thirdparty / bind9.git / commitdiff
