#include <dst/dst.h>
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/err.h>
#include <openssl/provider.h>
#endif
unsigned char c;
int ch;
bool set_fips_mode = false;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
OSSL_PROVIDER *fips = NULL, *base = NULL;
#endif
}
if (set_fips_mode) {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
fips = OSSL_PROVIDER_load(NULL, "fips");
if (fips == NULL) {
ERR_clear_error();
}
isc_mem_destroy(&mctx);
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (base != NULL) {
OSSL_PROVIDER_unload(base);
}
int ch;
char *endp;
bool set_fips_mode = false;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
OSSL_PROVIDER *fips = NULL, *base = NULL;
#endif
ksr_ctx_t ksr = {
setup_logging(mctx, &lctx);
if (set_fips_mode) {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
fips = OSSL_PROVIDER_load(NULL, "fips");
if (fips == NULL) {
fatal("Failed to load FIPS provider");
#include <dns/zoneverify.h>
#include <dst/dst.h>
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/err.h>
#include <openssl/provider.h>
#endif
bool set_iter = false;
bool nonsecify = false;
bool set_fips_mode = false;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
OSSL_PROVIDER *fips = NULL, *base = NULL;
#endif
isc_managers_create(&mctx, nloops, &loopmgr, &netmgr);
if (set_fips_mode) {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
fips = OSSL_PROVIDER_load(NULL, "fips");
if (fips == NULL) {
ERR_clear_error();
isc_mem_stats(mctx, stdout);
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (base != NULL) {
OSSL_PROVIDER_unload(base);
}
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/opensslv.h>
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/err.h>
#include <openssl/provider.h>
#endif
static bool disable6 = false;
static bool disable4 = false;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
static OSSL_PROVIDER *fips = NULL, *base = NULL;
#endif
named_main_earlyfatal("option '-X' has been removed");
break;
case 'F':
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
fips = OSSL_PROVIDER_load(NULL, "fips");
if (fips == NULL) {
ERR_clear_error();
named_os_shutdown();
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (base != NULL) {
OSSL_PROVIDER_unload(base);
}
#include <openssl/crypto.h>
#include <openssl/opensslv.h>
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/provider.h>
#endif
}
if (strcasecmp(argv[1], "--fips-provider") == 0) {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
OSSL_PROVIDER *fips = OSSL_PROVIDER_load(NULL, "fips");
if (fips != NULL) {
OSSL_PROVIDER_unload(fips);
if (strcmp(argv[1], "--have-fips-dh") == 0) {
#if defined(ENABLE_FIPS_MODE)
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
return (0);
#else
return (1);
#endif
#else
if (isc_fips_mode()) {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
return (0);
#else
return (1);
#endif
-#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
static isc_result_t
opensslecdsa_create_pkey_legacy(unsigned int key_alg, bool private,
if (opensslecdsa_extract_public_key_params(key, dst, dstlen)) {
return (true);
}
-#endif
-#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
+#else
if (opensslecdsa_extract_public_key_legacy(key, dst, dstlen)) {
return (true);
}
if (ret != ISC_R_FAILURE) {
return (ret);
}
-#endif
-#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
+#else
ret = opensslecdsa_create_pkey_legacy(key_alg, private, key, key_len,
retkey);
if (ret == ISC_R_SUCCESS) {
*/
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (EVP_PKEY_get_bn_param(pub, OSSL_PKEY_PARAM_RSA_E,
- (BIGNUM **)&c->e) == 1)
+ (BIGNUM **)&c->e) != 1)
{
- c->bnfree = true;
- if (EVP_PKEY_get_bn_param(pub, OSSL_PKEY_PARAM_RSA_N,
- (BIGNUM **)&c->n) != 1)
- {
- return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
- }
- if (!private) {
- return (ISC_R_SUCCESS);
- }
- (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_D,
- (BIGNUM **)&c->d);
- (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_FACTOR1,
- (BIGNUM **)&c->p);
- (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_FACTOR2,
- (BIGNUM **)&c->q);
- (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_EXPONENT1,
- (BIGNUM **)&c->dmp1);
- (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_EXPONENT2,
- (BIGNUM **)&c->dmq1);
- (void)EVP_PKEY_get_bn_param(priv,
- OSSL_PKEY_PARAM_RSA_COEFFICIENT1,
- (BIGNUM **)&c->iqmp);
- ERR_clear_error();
+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ }
+
+ c->bnfree = true;
+ if (EVP_PKEY_get_bn_param(pub, OSSL_PKEY_PARAM_RSA_N,
+ (BIGNUM **)&c->n) != 1)
+ {
+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ }
+ if (!private) {
return (ISC_R_SUCCESS);
- } else {
- ERR_clear_error();
}
-#endif
-#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
+ (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_D,
+ (BIGNUM **)&c->d);
+ (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_FACTOR1,
+ (BIGNUM **)&c->p);
+ (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_FACTOR2,
+ (BIGNUM **)&c->q);
+ (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_EXPONENT1,
+ (BIGNUM **)&c->dmp1);
+ (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_EXPONENT2,
+ (BIGNUM **)&c->dmq1);
+ (void)EVP_PKEY_get_bn_param(priv, OSSL_PKEY_PARAM_RSA_COEFFICIENT1,
+ (BIGNUM **)&c->iqmp);
+ ERR_clear_error();
+ return (ISC_R_SUCCESS);
+#else
const RSA *rsa = EVP_PKEY_get0_RSA(pub);
if (rsa == NULL) {
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
RSA_get0_factors(rsa, &c->p, &c->q);
RSA_get0_crt_params(rsa, &c->dmp1, &c->dmq1, &c->iqmp);
return (ISC_R_SUCCESS);
-#else
- return (DST_R_OPENSSLFAILURE);
#endif
}
BN_free(e);
return (bits < maxbits);
}
-#endif
- /* Use old API for the OpenSSL ENGINE support, even with OpenSSL 3.x */
-#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
+#else
const RSA *rsa = EVP_PKEY_get0_RSA(pkey);
if (rsa != NULL) {
const BIGNUM *ce = NULL;
return (opensslrsa_verify2(dctx, 0, sig));
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
static int
progress_cb(int p, int n, BN_GENCB *cb) {
void (*fptr)(int);
OSSL_PARAM_BLD_free(bld);
return (ret);
}
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
static isc_result_t
opensslrsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
#include <isc/thread.h>
#include <isc/util.h>
-#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
#include <openssl/sha.h>
projects / thirdparty / bind9.git / commitdiff
