Use EVP_PKEY_eq() instead of deprected EVP_PKEY_cmp()

EVP_PKEY_eq() is the replacement with a smaller result range (0, 1)
instead of (-1, 0, 1).  EVP_PKEY_cmp() is mapped to EVP_PKEY_eq() when
building with older versions of OpenSSL.

diff --git a/configure.ac b/configure.ac
index cf356e8659fd1c239b8ea7f945e07f2260b1b9fc..1935e4755754ecabd31c97ea2e1eabf1d552c942 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -626,7 +626,7 @@ AC_COMPILE_IFELSE(
 
 AC_CHECK_FUNCS([OPENSSL_init_ssl OPENSSL_init_crypto])
 AC_CHECK_FUNCS([CRYPTO_zalloc])
-AC_CHECK_FUNCS([EVP_PKEY_new_raw_private_key])
+AC_CHECK_FUNCS([EVP_PKEY_new_raw_private_key EVP_PKEY_eq])
 AC_CHECK_FUNCS([EVP_CIPHER_CTX_new EVP_CIPHER_CTX_free])
 AC_CHECK_FUNCS([EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset EVP_MD_CTX_get0_md])
 AC_CHECK_FUNCS([ERR_get_error_all])

diff --git a/lib/dns/openssl_shim.h b/lib/dns/openssl_shim.h
index baf509c4a447787602c667ee8e0c6d60e6f916d3..382d1548a82f431c400c991c9c2f6570e9840d91 100644 (file)
--- a/lib/dns/openssl_shim.h
+++ b/lib/dns/openssl_shim.h
@@ -18,3 +18,7 @@ unsigned long
 ERR_get_error_all(const char **file, int *line, const char **func,
                  const char **data, int *flags);
 #endif /* if !HAVE_ERR_GET_ERROR_ALL */
+
+#if !HAVE_EVP_PKEY_EQ
+#define EVP_PKEY_eq EVP_PKEY_cmp
+#endif

diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index e6fa3dd07b11651e042366d56357c7accd95f9d2..2aace1a0e0a4f530d72dd95e08a38c99d43822f4 100644 (file)
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -32,6 +32,7 @@
 #include "dst_internal.h"
 #include "dst_openssl.h"
 #include "dst_parse.h"
+#include "openssl_shim.h"
 
 #ifndef NID_X9_62_prime256v1
 #error "P-256 group is not known (NID_X9_62_prime256v1)"
@@ -289,7 +290,7 @@ opensslecdsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
                DST_RET(false);
        }
 
-       status = EVP_PKEY_cmp(pkey1, pkey2);
+       status = EVP_PKEY_eq(pkey1, pkey2);
        if (status != 1) {
                DST_RET(false);
        }

diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c
index a81e0faa8a253d544b80bb3e4ccfaf89d650b38c..2fc5d7358c547589c99819a3f1d30aa422eb7385 100644 (file)
--- a/lib/dns/openssleddsa_link.c
+++ b/lib/dns/openssleddsa_link.c
@@ -34,6 +34,7 @@
 #include "dst_internal.h"
 #include "dst_openssl.h"
 #include "dst_parse.h"
+#include "openssl_shim.h"
 
 #define DST_RET(a)        \
        {                 \
@@ -281,7 +282,7 @@ openssleddsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
                return (false);
        }
 
-       status = EVP_PKEY_cmp(pkey1, pkey2);
+       status = EVP_PKEY_eq(pkey1, pkey2);
        if (status == 1) {
                return (true);
        }
@@ -491,7 +492,7 @@ eddsa_check(EVP_PKEY *pkey, EVP_PKEY *pubpkey) {
        if (pubpkey == NULL) {
                return (ISC_R_SUCCESS);
        }
-       if (EVP_PKEY_cmp(pkey, pubpkey) == 1) {
+       if (EVP_PKEY_eq(pkey, pubpkey) == 1) {
                return (ISC_R_SUCCESS);
        }
        return (ISC_R_FAILURE);