Commit 61da2bf0 authored by Ondřej Surý's avatar Ondřej Surý

Remove support for OpenSSL < 1.0.0

parent 16e35224
......@@ -42,19 +42,10 @@
#include <dst/dst.h>
#include <dst/result.h>
#ifdef OPENSSL
#include <openssl/opensslv.h>
#if OPENSSL_VERSION_NUMBER <= 0x00908000L
#define USE_FIX_KEY_FILES
#endif
#else
#define USE_FIX_KEY_FILES
#endif
#ifdef USE_FIX_KEY_FILES
#if !defined(OPENSSL)
/*
* Use a fixed key file pair if OpenSSL doesn't support > 32 bit exponents.
* Use a fixed key file pair if compiled without OpenSSL.
*/
int
......
......@@ -239,6 +239,12 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <edit/readline/readline.h> header file. */
#undef HAVE_EDIT_READLINE_READLINE_H
/* Define to 1 if you have the `EVP_sha1' function. */
#undef HAVE_EVP_SHA1
/* Define to 1 if you have the `EVP_sha224' function. */
#undef HAVE_EVP_SHA224
/* Define to 1 if you have the `EVP_sha256' function. */
#undef HAVE_EVP_SHA256
......
......@@ -312,15 +312,6 @@ typedef __int64 off_t;
/* Define to enable "rrset-order fixed" syntax. */
@DNS_RDATASET_FIXED@
/* Define to 1 if you have the `EVP_sha256' function. */
@HAVE_EVP_SHA256@
/* Define to 1 if you have the `EVP_sha384' function. */
@HAVE_EVP_SHA384@
/* Define to 1 if you have the `EVP_sha512' function. */
@HAVE_EVP_SHA512@
/* Define if OpenSSL provides FIPS_mode() */
@HAVE_FIPS_MODE@
......
......@@ -16385,6 +16385,36 @@ $as_echo "using OpenSSL from $use_openssl/lib and $use_openssl/include" >&6; }
saved_libs="$LIBS"
CFLAGS="$DST_OPENSSL_INC $CFLAGS"
LIBS="$DST_OPENSSL_LIBS $LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL >= 1.0.0 or LibreSSL" >&5
$as_echo_n "checking for OpenSSL >= 1.0.0 or LibreSSL... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <openssl/opensslv.h>
int
main ()
{
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER < 0x1000000fL)
#error OpenSSL >= 1.0.0 or LibreSSL needed
#endif
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
as_fn_error $? "OpenSSL >= 1.0.0 or LibreSSL not found" "$LINENO" 5
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether linking with OpenSSL works" >&5
$as_echo_n "checking whether linking with OpenSSL works... " >&6; }
if test "$cross_compiling" = yes; then :
......@@ -16536,7 +16566,7 @@ $as_echo "yes" >&6; }
$as_echo "no" >&6; }
fi
for ac_func in EVP_sha256 EVP_sha384 EVP_sha512
for ac_func in EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
......@@ -16545,6 +16575,9 @@ if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
else
as_fn_error $? "SHA-1 and SHA-2 support in OpenSSL is mandatory." "$LINENO" 5
fi
done
......@@ -16577,9 +16610,6 @@ else
int main() {
EC_KEY *ec256, *ec384;
#if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA384)
return (1);
#endif
ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
if (ec256 == NULL || ec384 == NULL)
......
......@@ -1626,6 +1626,20 @@ If you do not want OpenSSL, use --without-openssl])
saved_libs="$LIBS"
CFLAGS="$DST_OPENSSL_INC $CFLAGS"
LIBS="$DST_OPENSSL_LIBS $LIBS"
AC_MSG_CHECKING(for OpenSSL >= 1.0.0 or LibreSSL)
AC_TRY_COMPILE([
#include <openssl/opensslv.h>
],
[
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER < 0x1000000fL)
#error OpenSSL >= 1.0.0 or LibreSSL needed
#endif
],
[AC_MSG_RESULT([yes])],
[AC_MSG_RESULT([no])
AC_MSG_ERROR([OpenSSL >= 1.0.0 or LibreSSL not found])])
AC_MSG_CHECKING(whether linking with OpenSSL works)
AC_TRY_RUN([
#include <openssl/err.h>
......@@ -1710,7 +1724,8 @@ DSO_METHOD_dlfcn();
AC_MSG_RESULT(no)
fi
AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
AC_CHECK_FUNCS([EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512], [], [
AC_MSG_ERROR([SHA-1 and SHA-2 support in OpenSSL is mandatory.])])
AC_CHECK_FUNCS([DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg])
......@@ -1722,9 +1737,6 @@ DSO_METHOD_dlfcn();
int main() {
EC_KEY *ec256, *ec384;
#if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA384)
return (1);
#endif
ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
if (ec256 == NULL || ec384 == NULL)
......
......@@ -114,9 +114,6 @@ struct dst_key {
void *generic;
gss_ctx_id_t gssctx;
#ifdef OPENSSL
#if !defined(USE_EVP) || !USE_EVP
RSA *rsa;
#endif
#ifndef PK11_DSA_DISABLE
DSA *dsa;
#endif
......
......@@ -59,7 +59,7 @@ static int nlocks;
static ENGINE *e = NULL;
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static void
lock_callback(int mode, int type, const char *file, int line) {
UNUSED(file);
......@@ -71,7 +71,7 @@ lock_callback(int mode, int type, const char *file, int line) {
}
#endif
#if OPENSSL_VERSION_NUMBER < 0x10000000L || defined(LIBRESSL_VERSION_NUMBER)
#if defined(LIBRESSL_VERSION_NUMBER)
static unsigned long
id_callback(void) {
return ((unsigned long)isc_thread_self());
......@@ -135,7 +135,7 @@ mem_realloc(void *ptr, size_t size FLARG) {
#endif
}
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER < 0x10100000L
static void
_set_thread_id(CRYPTO_THREADID *id)
{
......@@ -166,12 +166,11 @@ dst__openssl_init(const char *engine) {
if (result != ISC_R_SUCCESS)
goto cleanup_mutexalloc;
CRYPTO_set_locking_callback(lock_callback);
# if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_THREADID_set_callback(_set_thread_id);
# else
# if defined(LIBRESSL_VERSION_NUMBER)
CRYPTO_set_id_callback(id_callback);
# elif OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_THREADID_set_callback(_set_thread_id);
# endif
ERR_load_crypto_strings();
#endif
......@@ -237,32 +236,24 @@ dst__openssl_init(const char *engine) {
void
dst__openssl_destroy(void) {
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
OPENSSL_cleanup();
#else
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
/*
* Sequence taken from apps_shutdown() in <apps/apps.h>.
*/
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
CONF_modules_free();
#endif
OBJ_cleanup();
EVP_cleanup();
#if !defined(OPENSSL_NO_ENGINE)
if (e != NULL)
ENGINE_free(e);
e = NULL;
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_NUMBER >= 0x00907000L
ENGINE_cleanup();
#endif
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
CRYPTO_cleanup_all_ex_data();
#endif
ERR_clear_error();
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_remove_thread_state(NULL);
#elif OPENSSL_VERSION_NUMBER < 0x10000000L || defined(LIBRESSL_VERSION_NUMBER)
#elif defined(LIBRESSL_VERSION_NUMBER)
ERR_remove_state(0);
#endif
ERR_free_strings();
......@@ -277,6 +268,8 @@ dst__openssl_destroy(void) {
mem_free(locks FILELINE);
locks = NULL;
}
#else
OPENSSL_cleanup();
#endif
}
......
......@@ -240,7 +240,6 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
return (ISC_TRUE);
}
#if OPENSSL_VERSION_NUMBER > 0x00908000L
static int
progress_cb(int p, int n, BN_GENCB *cb) {
union {
......@@ -255,12 +254,10 @@ progress_cb(int p, int n, BN_GENCB *cb) {
u.fptr(p);
return (1);
}
#endif
static isc_result_t
openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
DH *dh = NULL;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
BN_GENCB *cb;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
......@@ -269,10 +266,6 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
void *dptr;
void (*fptr)(int);
} u;
#else
UNUSED(callback);
#endif
if (generator == 0) {
if (key->key_size == 768 ||
......@@ -303,7 +296,6 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
}
if (generator != 0) {
#if OPENSSL_VERSION_NUMBER > 0x00908000L
dh = DH_new();
if (dh == NULL)
return (dst__openssl_toresult(ISC_R_NOMEMORY));
......@@ -331,14 +323,6 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
}
BN_GENCB_free(cb);
cb = NULL;
#else
dh = DH_generate_parameters(key->key_size, generator,
NULL, NULL);
if (dh == NULL)
return (dst__openssl_toresult2(
"DH_generate_parameters",
DST_R_OPENSSLFAILURE));
#endif
}
if (DH_generate_key(dh) == 0) {
......
......@@ -24,9 +24,6 @@
*/
#ifdef OPENSSL
#ifndef USE_EVP
#define USE_EVP 1
#endif
#include <config.h>
......@@ -127,7 +124,6 @@ DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
static isc_result_t
openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) {
#if USE_EVP
EVP_MD_CTX *evp_md_ctx;
UNUSED(key);
......@@ -144,53 +140,25 @@ openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) {
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
return (ISC_R_SUCCESS);
#else
isc_sha1_t *sha1ctx;
UNUSED(key);
sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
if (sha1ctx == NULL)
return (ISC_R_NOMEMORY);
isc_sha1_init(sha1ctx);
dctx->ctxdata.sha1ctx = sha1ctx;
return (ISC_R_SUCCESS);
#endif
}
static void
openssldsa_destroyctx(dst_context_t *dctx) {
#if USE_EVP
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
if (evp_md_ctx != NULL) {
EVP_MD_CTX_destroy(evp_md_ctx);
dctx->ctxdata.evp_md_ctx = NULL;
}
#else
isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
if (sha1ctx != NULL) {
isc_sha1_invalidate(sha1ctx);
isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t));
dctx->ctxdata.sha1ctx = NULL;
}
#endif
}
static isc_result_t
openssldsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
#if USE_EVP
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) {
return (ISC_R_FAILURE);
}
#else
isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
isc_sha1_update(sha1ctx, data->base, data->length);
#endif
return (ISC_R_SUCCESS);
}
......@@ -211,22 +179,16 @@ openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
DSA_SIG *dsasig;
const BIGNUM *r = 0, *s = NULL;
unsigned int klen;
#if USE_EVP
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
EVP_PKEY *pkey;
unsigned char *sigbuf;
const unsigned char *sb;
unsigned int siglen;
#else
isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
unsigned char digest[ISC_SHA1_DIGESTLENGTH];
#endif
isc_buffer_availableregion(sig, &region);
if (region.length < ISC_SHA1_DIGESTLENGTH * 2 + 1)
return (ISC_R_NOSPACE);
#if USE_EVP
pkey = EVP_PKEY_new();
if (pkey == NULL)
return (ISC_R_NOMEMORY);
......@@ -263,28 +225,6 @@ openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
}
free(sigbuf);
#elif 0
/* Only use EVP for the Digest */
if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) {
return (dst__openssl_toresult3(dctx->category,
"EVP_DigestFinal_ex",
ISC_R_FAILURE));
}
dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
if (dsasig == NULL)
return (dst__openssl_toresult3(dctx->category,
"DSA_do_sign",
DST_R_SIGNFAILURE));
#else
isc_sha1_final(sha1ctx, digest);
dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
if (dsasig == NULL)
return (dst__openssl_toresult3(dctx->category,
"DSA_do_sign",
DST_R_SIGNFAILURE));
#endif
klen = (key->key_size - 512)/64;
if (klen > 255)
return (ISC_R_FAILURE);
......@@ -310,29 +250,14 @@ openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
int status = 0;
unsigned char *cp = sig->base;
DSA_SIG *dsasig;
#if USE_EVP
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
#if 0
EVP_PKEY *pkey;
unsigned char *sigbuf;
#endif
unsigned int siglen;
#else
isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
#endif
unsigned char digest[ISC_SHA1_DIGESTLENGTH];
#if USE_EVP
#if 1
/* Only use EVP for the digest */
if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) {
return (ISC_R_FAILURE);
}
#endif
#else
isc_sha1_final(sha1ctx, digest);
#endif
if (sig->length != 2 * ISC_SHA1_DIGESTLENGTH + 1) {
return (DST_R_VERIFYFAILURE);
......@@ -347,28 +272,8 @@ openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
DSA_SIG_set0(dsasig, r, s);
#if 0
pkey = EVP_PKEY_new();
if (pkey == NULL)
return (ISC_R_NOMEMORY);
if (!EVP_PKEY_set1_DSA(pkey, dsa)) {
EVP_PKEY_free(pkey);
return (ISC_R_FAILURE);
}
/* Convert to Dss-Sig-Value (RFC2459). */
sigbuf = malloc(EVP_PKEY_size(pkey) + 50);
if (sigbuf == NULL) {
EVP_PKEY_free(pkey);
return (ISC_R_NOMEMORY);
}
siglen = (unsigned) i2d_DSA_SIG(dsasig, &sigbuf);
INSIST(EVP_PKEY_size(pkey) >= (int) siglen);
status = EVP_VerifyFinal(evp_md_ctx, sigbuf, siglen, pkey);
EVP_PKEY_free(pkey);
free(sigbuf);
#else
status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
#endif
DSA_SIG_free(dsasig);
switch (status) {
case 1:
......@@ -416,7 +321,6 @@ openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
return (ISC_TRUE);
}
#if OPENSSL_VERSION_NUMBER > 0x00908000L
static int
progress_cb(int p, int n, BN_GENCB *cb) {
union {
......@@ -431,14 +335,12 @@ progress_cb(int p, int n, BN_GENCB *cb) {
u.fptr(p);
return (1);
}
#endif
static isc_result_t
openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
DSA *dsa;
unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
isc_result_t result;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
BN_GENCB *cb;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
......@@ -448,10 +350,6 @@ openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
void (*fptr)(int);
} u;
#else
UNUSED(callback);
#endif
UNUSED(unused);
result = dst__entropy_getdata(rand_array, sizeof(rand_array),
......@@ -459,7 +357,6 @@ openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
if (result != ISC_R_SUCCESS)
return (result);
#if OPENSSL_VERSION_NUMBER > 0x00908000L
dsa = DSA_new();
if (dsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
......@@ -488,14 +385,6 @@ openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
}
BN_GENCB_free(cb);
cb = NULL;
#else
dsa = DSA_generate_parameters(key->key_size, rand_array,
ISC_SHA1_DIGESTLENGTH, NULL, NULL,
NULL, NULL);
if (dsa == NULL)
return (dst__openssl_toresult2("DSA_generate_parameters",
DST_R_OPENSSLFAILURE));
#endif
if (DSA_generate_key(dsa) == 0) {
DSA_free(dsa);
......
......@@ -13,10 +13,6 @@
#if defined(OPENSSL) && defined(HAVE_OPENSSL_ECDSA)
#if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA384)
#error "ECDSA without EVP for SHA2?"
#endif
#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/safe.h>
......
This diff is collapsed.
# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
#
# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
# Foundation, Inc.
# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
......@@ -33,7 +34,7 @@ m4_define([_lt_join],
# ------------
# Manipulate m4 lists.
# These macros are necessary as long as will still need to support
# Autoconf-2.59 which quotes differently.
# Autoconf-2.59, which quotes differently.
m4_define([lt_car], [[$1]])
m4_define([lt_cdr],
[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
......@@ -44,7 +45,7 @@ m4_define([lt_unquote], $1)
# lt_append(MACRO-NAME, STRING, [SEPARATOR])
# ------------------------------------------
# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'.
# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
# Note that neither SEPARATOR nor STRING are expanded; they are appended
# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
# No SEPARATOR is output if MACRO-NAME was previously undefined (different
......
# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
#
# Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc.
# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
# Foundation, Inc.
# Written by Scott James Remnant, 2004.
#
# This file is free software; the Free Software Foundation gives
......@@ -11,7 +12,7 @@
# These exist entirely to fool aclocal when bootstrapping libtool.
#
# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN)
# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
# which have later been changed to m4_define as they aren't part of the
# exported API, or moved to Autoconf or Automake where they belong.
#
......@@ -25,7 +26,7 @@
# included after everything else. This provides aclocal with the
# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
# because those macros already exist, or will be overwritten later.
# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
#
# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
# Yes, that means every name once taken will need to remain here until
......
......@@ -198,9 +198,6 @@ my @substdefh = ("AES_CC",
"DNS_RDATASET_FIXED",
"ENABLE_RPZ_NSDNAME",
"ENABLE_RPZ_NSIP",
"HAVE_EVP_SHA256",
"HAVE_EVP_SHA384",
"HAVE_EVP_SHA512",
"HAVE_FIPS_MODE",
"HAVE_GEOIP",
"HAVE_GEOIP_CITY_V6",
......@@ -1572,14 +1569,12 @@ if ($use_openssl eq "yes") {
#include <openssl/opensslv.h>
int main() {
if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL &&
OPENSSL_VERSION_NUMBER < 0x00908000L) ||
OPENSSL_VERSION_NUMBER >= 0x0090804fL)
if (OPENSSL_VERSION_NUMBER >= 0x10000000L) {
return (0);
}
printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n",
OPENSSL_VERSION_NUMBER);
printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n"
"Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n\n");
printf("Require OPENSSL_VERSION_NUMBER 0x10000000L or greater (1.0.0)\n\n");
return (1);
}
EOF
......@@ -1624,108 +1619,6 @@ EOF
}
}
# check EVP_sha256 / EVP_sha384 / EVP_sha512
if ($use_openssl eq "yes") {
if ($verbose) {
printf "checking for EVP_sha256\n";
}
open F, ">testsha256.c" || die $!;
print F << 'EOF';
extern void *EVP_sha256();
int main() {
return EVP_sha256() != 0;
}
EOF
close F;
my $library = $configlib{"OPENSSL_LIB"};
$compret = `cl /nologo /MD testsha256.c "$library"`;
if (grep { -f and -x } ".\\testsha256.exe") {
`.\\testsha256.exe`;
if ($? == 0) {
if ($verbose) {
print "EVP_sha256 test failed: disabling EVP_sha256\n";
}
$use_ecdsa = "no";
$enable_openssl_hash = "no";
} else {
$configdefh{"HAVE_EVP_SHA256"} = 1;
}
} else {
if ($verbose) {
print "can't compile EVP_sha256 test: $compret\n";
print "disabling EVP_sha256\n";
}
$use_ecdsa = "no";
$enable_openssl_hash = "no";
}
if ($verbose) {
printf "checking for EVP_sha384\n";
}
open F, ">testsha384.c" || die $!;
print F << 'EOF';
extern void *EVP_sha384();
int main() {
return EVP_sha384() != 0;
}
EOF
close F;
$compret = `cl /nologo /MD testsha384.c "$library"`;
if (grep { -f and -x } ".\\testsha384.exe") {
`.\\testsha384.exe`;
if ($? == 0) {
if ($verbose) {
print "EVP_sha384 test failed: disabling EVP_sha384\n";
}
$use_ecdsa = "no";
$enable_openssl_hash = "no";
} else {
$configdefh{"HAVE_EVP_SHA384"} = 1;
}
} else {
if ($verbose) {
print "can't compile EVP_sha384 test: $compret\n";
print "disabling EVP_sha384\n";
}
$use_ecdsa = "no";
$enable_openssl_hash = "no";
}