Skip to content

Commit 0d75d3d

Browse files
ysbaddadenSija
andauthored
Require OpenSSL 1.1.1+ or LibreSSL 3+ (#16480)
Drops support for OpenSSL 1.0.2, OpenSSL 1.1.0 and LibreSSL 2 that don't appear in any supported system anymore. One of the oldest, Debian 12 bullseye (oldoldstable) for example, distributes OpenSSL 1.1.1, same for Ubuntu 22.04, ... There should be no impact, but since we drop some support, it's still a breaking change. Co-authored-by: Sijawusz Pur Rahnama <sija@sija.pl>
1 parent 55f4787 commit 0d75d3d

File tree

8 files changed

+196
-315
lines changed

8 files changed

+196
-315
lines changed

spec/std/openssl/pkcs5_spec.cr

Lines changed: 40 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -13,53 +13,51 @@ describe OpenSSL::PKCS5 do
1313
end
1414
end
1515

16-
{% if compare_versions(LibSSL::OPENSSL_VERSION, "1.0.0") >= 0 || LibSSL::LIBRESSL_VERSION != "0.0.0" %}
17-
{% if compare_versions(LibSSL::OPENSSL_VERSION, "3.0.0") < 0 %}
18-
[
19-
{OpenSSL::Algorithm::MD4, 1, 16, "1857f69412150bca4542581d0f9e7fd1"},
20-
{OpenSSL::Algorithm::MD4, 1, 32, "1857f69412150bca4542581d0f9e7fd19332ff5c0b820cb0172457a29c5519be"},
21-
{OpenSSL::Algorithm::MD4, 2**16, 16, "3d87c982c8c4223f4af39406ac3882e6"},
22-
{OpenSSL::Algorithm::MD4, 2**16, 32, "3d87c982c8c4223f4af39406ac3882e6e6b92685dcf89f74df8caf7500b41883"},
23-
{OpenSSL::Algorithm::RIPEMD160, 1, 16, "b725258b125e0bacb0e2307e34feb16a"},
24-
{OpenSSL::Algorithm::RIPEMD160, 1, 32, "b725258b125e0bacb0e2307e34feb16a4d0d6aed6cb4b0eee458fc1829020428"},
25-
{OpenSSL::Algorithm::RIPEMD160, 2**16, 16, "93a8e007de2608e54911684cbebe2780"},
26-
{OpenSSL::Algorithm::RIPEMD160, 2**16, 32, "93a8e007de2608e54911684cbebe27808cc39fa59de9acdf74492155b46c4d2d"},
27-
].each do |(algorithm, iterations, key_size, expected)|
28-
it "computes pbkdf2_hmac #{algorithm}" do
29-
OpenSSL::PKCS5.pbkdf2_hmac("password", "salt", iterations, algorithm, key_size).hexstring.should eq expected
30-
end
31-
end
32-
{% end %}
33-
16+
{% if compare_versions(LibSSL::OPENSSL_VERSION, "3.0.0") < 0 %}
3417
[
35-
{OpenSSL::Algorithm::MD5, 1, 16, "f31afb6d931392daa5e3130f47f9a9b6"},
36-
{OpenSSL::Algorithm::MD5, 1, 32, "f31afb6d931392daa5e3130f47f9a9b6e8e72029d8350b9fb27a9e0e00b9d991"},
37-
{OpenSSL::Algorithm::MD5, 2**16, 16, "8b4ffd76e400c3b74b3d0fbfd9232048"},
38-
{OpenSSL::Algorithm::MD5, 2**16, 32, "8b4ffd76e400c3b74b3d0fbfd9232048762c86fe7684992c6f581f073f6625ee"},
39-
{OpenSSL::Algorithm::SHA1, 1, 16, "0c60c80f961f0e71f3a9b524af601206"},
40-
{OpenSSL::Algorithm::SHA1, 1, 32, "0c60c80f961f0e71f3a9b524af6012062fe037a6e0f0eb94fe8fc46bdc637164"},
41-
{OpenSSL::Algorithm::SHA1, 2**16, 16, "1b345dd55f62a35aecdb9229bc7ae95b"},
42-
{OpenSSL::Algorithm::SHA1, 2**16, 32, "1b345dd55f62a35aecdb9229bc7ae95b305a8d538940134627e46f82d3a41e5e"},
43-
{OpenSSL::Algorithm::SHA224, 1, 16, "3c198cbdb9464b7857966bd05b7bc92b"},
44-
{OpenSSL::Algorithm::SHA224, 1, 32, "3c198cbdb9464b7857966bd05b7bc92bc1cc4e6e63155d4e490557fd85989497"},
45-
{OpenSSL::Algorithm::SHA224, 2**16, 16, "53a7f042a8154092058cfe87e7fbf1c1"},
46-
{OpenSSL::Algorithm::SHA224, 2**16, 32, "53a7f042a8154092058cfe87e7fbf1c1f96826a9a2ffd8bcfda50bb9f60786f0"},
47-
{OpenSSL::Algorithm::SHA256, 1, 16, "120fb6cffcf8b32c43e7225256c4f837"},
48-
{OpenSSL::Algorithm::SHA256, 1, 32, "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b"},
49-
{OpenSSL::Algorithm::SHA256, 2**16, 16, "4156f668bb31db3a17f4d1b91424ef0d"},
50-
{OpenSSL::Algorithm::SHA256, 2**16, 32, "4156f668bb31db3a17f4d1b91424ef0d417ad1f35d055aceaebd8da0f6a44b7e"},
51-
{OpenSSL::Algorithm::SHA384, 1, 16, "c0e14f06e49e32d73f9f52ddf1d0c5c7"},
52-
{OpenSSL::Algorithm::SHA384, 1, 32, "c0e14f06e49e32d73f9f52ddf1d0c5c7191609233631dadd76a567db42b78676"},
53-
{OpenSSL::Algorithm::SHA384, 2**16, 16, "c7b5b0b726f6556587cced08d184253b"},
54-
{OpenSSL::Algorithm::SHA384, 2**16, 32, "c7b5b0b726f6556587cced08d184253bc9d2eb802db134fb9029b86ab25e7cd0"},
55-
{OpenSSL::Algorithm::SHA512, 1, 16, "867f70cf1ade02cff3752599a3a53dc4"},
56-
{OpenSSL::Algorithm::SHA512, 1, 32, "867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252"},
57-
{OpenSSL::Algorithm::SHA512, 2**16, 16, "6f64c3f8023813d8c2cab43cabfaa65e"},
58-
{OpenSSL::Algorithm::SHA512, 2**16, 32, "6f64c3f8023813d8c2cab43cabfaa65ed061822afe974060d8079d122fb869f4"},
18+
{OpenSSL::Algorithm::MD4, 1, 16, "1857f69412150bca4542581d0f9e7fd1"},
19+
{OpenSSL::Algorithm::MD4, 1, 32, "1857f69412150bca4542581d0f9e7fd19332ff5c0b820cb0172457a29c5519be"},
20+
{OpenSSL::Algorithm::MD4, 2**16, 16, "3d87c982c8c4223f4af39406ac3882e6"},
21+
{OpenSSL::Algorithm::MD4, 2**16, 32, "3d87c982c8c4223f4af39406ac3882e6e6b92685dcf89f74df8caf7500b41883"},
22+
{OpenSSL::Algorithm::RIPEMD160, 1, 16, "b725258b125e0bacb0e2307e34feb16a"},
23+
{OpenSSL::Algorithm::RIPEMD160, 1, 32, "b725258b125e0bacb0e2307e34feb16a4d0d6aed6cb4b0eee458fc1829020428"},
24+
{OpenSSL::Algorithm::RIPEMD160, 2**16, 16, "93a8e007de2608e54911684cbebe2780"},
25+
{OpenSSL::Algorithm::RIPEMD160, 2**16, 32, "93a8e007de2608e54911684cbebe27808cc39fa59de9acdf74492155b46c4d2d"},
5926
].each do |(algorithm, iterations, key_size, expected)|
6027
it "computes pbkdf2_hmac #{algorithm}" do
6128
OpenSSL::PKCS5.pbkdf2_hmac("password", "salt", iterations, algorithm, key_size).hexstring.should eq expected
6229
end
6330
end
6431
{% end %}
32+
33+
[
34+
{OpenSSL::Algorithm::MD5, 1, 16, "f31afb6d931392daa5e3130f47f9a9b6"},
35+
{OpenSSL::Algorithm::MD5, 1, 32, "f31afb6d931392daa5e3130f47f9a9b6e8e72029d8350b9fb27a9e0e00b9d991"},
36+
{OpenSSL::Algorithm::MD5, 2**16, 16, "8b4ffd76e400c3b74b3d0fbfd9232048"},
37+
{OpenSSL::Algorithm::MD5, 2**16, 32, "8b4ffd76e400c3b74b3d0fbfd9232048762c86fe7684992c6f581f073f6625ee"},
38+
{OpenSSL::Algorithm::SHA1, 1, 16, "0c60c80f961f0e71f3a9b524af601206"},
39+
{OpenSSL::Algorithm::SHA1, 1, 32, "0c60c80f961f0e71f3a9b524af6012062fe037a6e0f0eb94fe8fc46bdc637164"},
40+
{OpenSSL::Algorithm::SHA1, 2**16, 16, "1b345dd55f62a35aecdb9229bc7ae95b"},
41+
{OpenSSL::Algorithm::SHA1, 2**16, 32, "1b345dd55f62a35aecdb9229bc7ae95b305a8d538940134627e46f82d3a41e5e"},
42+
{OpenSSL::Algorithm::SHA224, 1, 16, "3c198cbdb9464b7857966bd05b7bc92b"},
43+
{OpenSSL::Algorithm::SHA224, 1, 32, "3c198cbdb9464b7857966bd05b7bc92bc1cc4e6e63155d4e490557fd85989497"},
44+
{OpenSSL::Algorithm::SHA224, 2**16, 16, "53a7f042a8154092058cfe87e7fbf1c1"},
45+
{OpenSSL::Algorithm::SHA224, 2**16, 32, "53a7f042a8154092058cfe87e7fbf1c1f96826a9a2ffd8bcfda50bb9f60786f0"},
46+
{OpenSSL::Algorithm::SHA256, 1, 16, "120fb6cffcf8b32c43e7225256c4f837"},
47+
{OpenSSL::Algorithm::SHA256, 1, 32, "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b"},
48+
{OpenSSL::Algorithm::SHA256, 2**16, 16, "4156f668bb31db3a17f4d1b91424ef0d"},
49+
{OpenSSL::Algorithm::SHA256, 2**16, 32, "4156f668bb31db3a17f4d1b91424ef0d417ad1f35d055aceaebd8da0f6a44b7e"},
50+
{OpenSSL::Algorithm::SHA384, 1, 16, "c0e14f06e49e32d73f9f52ddf1d0c5c7"},
51+
{OpenSSL::Algorithm::SHA384, 1, 32, "c0e14f06e49e32d73f9f52ddf1d0c5c7191609233631dadd76a567db42b78676"},
52+
{OpenSSL::Algorithm::SHA384, 2**16, 16, "c7b5b0b726f6556587cced08d184253b"},
53+
{OpenSSL::Algorithm::SHA384, 2**16, 32, "c7b5b0b726f6556587cced08d184253bc9d2eb802db134fb9029b86ab25e7cd0"},
54+
{OpenSSL::Algorithm::SHA512, 1, 16, "867f70cf1ade02cff3752599a3a53dc4"},
55+
{OpenSSL::Algorithm::SHA512, 1, 32, "867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252"},
56+
{OpenSSL::Algorithm::SHA512, 2**16, 16, "6f64c3f8023813d8c2cab43cabfaa65e"},
57+
{OpenSSL::Algorithm::SHA512, 2**16, 32, "6f64c3f8023813d8c2cab43cabfaa65ed061822afe974060d8079d122fb869f4"},
58+
].each do |(algorithm, iterations, key_size, expected)|
59+
it "computes pbkdf2_hmac #{algorithm}" do
60+
OpenSSL::PKCS5.pbkdf2_hmac("password", "salt", iterations, algorithm, key_size).hexstring.should eq expected
61+
end
62+
end
6563
end

spec/std/openssl/ssl/context_spec.cr

Lines changed: 3 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -11,11 +11,7 @@ describe OpenSSL::SSL::Context do
1111
context = OpenSSL::SSL::Context::Client.new
1212

1313
(context.options & OpenSSL::SSL::Options::ALL).should eq(OpenSSL::SSL::Options::ALL)
14-
(context.options & OpenSSL::SSL::Options::NO_SSL_V2).should eq(OpenSSL::SSL::Options::NO_SSL_V2)
15-
(context.options & OpenSSL::SSL::Options::NO_SSL_V3).should eq(OpenSSL::SSL::Options::NO_SSL_V3)
1614
(context.options & OpenSSL::SSL::Options::NO_SESSION_RESUMPTION_ON_RENEGOTIATION).should eq(OpenSSL::SSL::Options::NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
17-
(context.options & OpenSSL::SSL::Options::SINGLE_ECDH_USE).should eq(OpenSSL::SSL::Options::SINGLE_ECDH_USE)
18-
(context.options & OpenSSL::SSL::Options::SINGLE_DH_USE).should eq(OpenSSL::SSL::Options::SINGLE_DH_USE)
1915

2016
context.modes.should eq(OpenSSL::SSL::Modes.flags(AUTO_RETRY, RELEASE_BUFFERS))
2117
context.verify_mode.should eq(OpenSSL::SSL::VerifyMode::PEER)
@@ -27,14 +23,8 @@ describe OpenSSL::SSL::Context do
2723
context = OpenSSL::SSL::Context::Server.new
2824

2925
(context.options & OpenSSL::SSL::Options::ALL).should eq(OpenSSL::SSL::Options::ALL)
30-
(context.options & OpenSSL::SSL::Options::NO_SSL_V2).should eq(OpenSSL::SSL::Options::NO_SSL_V2)
31-
(context.options & OpenSSL::SSL::Options::NO_SSL_V3).should eq(OpenSSL::SSL::Options::NO_SSL_V3)
3226
(context.options & OpenSSL::SSL::Options::NO_SESSION_RESUMPTION_ON_RENEGOTIATION).should eq(OpenSSL::SSL::Options::NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
33-
(context.options & OpenSSL::SSL::Options::SINGLE_ECDH_USE).should eq(OpenSSL::SSL::Options::SINGLE_ECDH_USE)
34-
(context.options & OpenSSL::SSL::Options::SINGLE_DH_USE).should eq(OpenSSL::SSL::Options::SINGLE_DH_USE)
35-
{% if LibSSL::Options.has_constant?(:NO_RENEGOTIATION) %}
36-
(context.options & OpenSSL::SSL::Options::NO_RENEGOTIATION).should eq(OpenSSL::SSL::Options::NO_RENEGOTIATION)
37-
{% end %}
27+
(context.options & OpenSSL::SSL::Options::NO_RENEGOTIATION).should eq(OpenSSL::SSL::Options::NO_RENEGOTIATION)
3828

3929
context.modes.should eq(OpenSSL::SSL::Modes.flags(AUTO_RETRY, RELEASE_BUFFERS))
4030
context.verify_mode.should eq(OpenSSL::SSL::VerifyMode::NONE)
@@ -47,11 +37,7 @@ describe OpenSSL::SSL::Context do
4737
context.should be_a(OpenSSL::SSL::Context::Client)
4838
context.verify_mode.should eq(OpenSSL::SSL::VerifyMode::NONE)
4939
context.options.no_ssl_v3?.should_not be_true
50-
{% if compare_versions(LibSSL::OPENSSL_VERSION, "1.1.1") >= 0 || compare_versions(LibSSL::LIBRESSL_VERSION, "3.2.0") >= 0 %}
51-
context.modes.should eq(OpenSSL::SSL::Modes::AUTO_RETRY)
52-
{% else %}
53-
context.modes.should eq(OpenSSL::SSL::Modes::None)
54-
{% end %}
40+
context.modes.should eq(OpenSSL::SSL::Modes::AUTO_RETRY)
5541

5642
OpenSSL::SSL::Context::Client.insecure(LibSSL.tlsv1_method)
5743
end
@@ -61,11 +47,7 @@ describe OpenSSL::SSL::Context do
6147
context.should be_a(OpenSSL::SSL::Context::Server)
6248
context.verify_mode.should eq(OpenSSL::SSL::VerifyMode::NONE)
6349
context.options.no_ssl_v3?.should_not be_true
64-
{% if compare_versions(LibSSL::OPENSSL_VERSION, "1.1.1") >= 0 || compare_versions(LibSSL::LIBRESSL_VERSION, "3.2.0") >= 0 %}
65-
context.modes.should eq(OpenSSL::SSL::Modes::AUTO_RETRY)
66-
{% else %}
67-
context.modes.should eq(OpenSSL::SSL::Modes::None)
68-
{% end %}
50+
context.modes.should eq(OpenSSL::SSL::Modes::AUTO_RETRY)
6951

7052
OpenSSL::SSL::Context::Server.insecure(LibSSL.tlsv1_method)
7153
end

src/openssl/lib_crypto.cr

Lines changed: 51 additions & 91 deletions
Original file line numberDiff line numberDiff line change
@@ -109,47 +109,25 @@ lib LibCrypto
109109
alias BioMethodDestroy = Bio* -> Int
110110
alias BioMethodCallbackCtrl = (Bio*, Int, Void*) -> Long
111111

112-
{% if compare_versions(LibCrypto::OPENSSL_VERSION, "1.1.0") >= 0 || compare_versions(LibCrypto::LIBRESSL_VERSION, "2.7.0") >= 0 %}
113-
type BioMethod = Void
114-
{% else %}
115-
struct BioMethod
116-
type_id : Int
117-
name : Char*
118-
bwrite : BioMethodWriteOld
119-
bread : BioMethodReadOld
120-
bputs : BioMethodPuts
121-
bgets : BioMethodGets
122-
ctrl : BioMethodCtrl
123-
create : BioMethodCreate
124-
destroy : BioMethodDestroy
125-
callback_ctrl : BioMethodCallbackCtrl
126-
end
127-
{% end %}
112+
type BioMethod = Void
128113

129114
fun BIO_new(BioMethod*) : Bio*
130115
fun BIO_free(Bio*) : Int
131116

132-
{% if compare_versions(LibCrypto::OPENSSL_VERSION, "1.1.0") >= 0 || compare_versions(LibCrypto::LIBRESSL_VERSION, "2.7.0") >= 0 %}
133-
fun BIO_set_data(Bio*, Void*)
134-
fun BIO_get_data(Bio*) : Void*
135-
fun BIO_set_init(Bio*, Int)
136-
fun BIO_set_shutdown(Bio*, Int)
137-
138-
fun BIO_meth_new(Int, Char*) : BioMethod*
139-
fun BIO_meth_set_read(BioMethod*, BioMethodReadOld)
140-
fun BIO_meth_set_write(BioMethod*, BioMethodWriteOld)
141-
fun BIO_meth_set_puts(BioMethod*, BioMethodPuts)
142-
fun BIO_meth_set_gets(BioMethod*, BioMethodGets)
143-
fun BIO_meth_set_ctrl(BioMethod*, BioMethodCtrl)
144-
fun BIO_meth_set_create(BioMethod*, BioMethodCreate)
145-
fun BIO_meth_set_destroy(BioMethod*, BioMethodDestroy)
146-
fun BIO_meth_set_callback_ctrl(BioMethod*, BioMethodCallbackCtrl)
147-
{% end %}
148-
# LibreSSL does not define these symbols
149-
{% if compare_versions(LibCrypto::OPENSSL_VERSION, "1.1.1") >= 0 %}
150-
fun BIO_meth_set_read_ex(BioMethod*, BioMethodRead)
151-
fun BIO_meth_set_write_ex(BioMethod*, BioMethodWrite)
152-
{% end %}
117+
fun BIO_set_data(Bio*, Void*)
118+
fun BIO_get_data(Bio*) : Void*
119+
fun BIO_set_init(Bio*, Int)
120+
fun BIO_set_shutdown(Bio*, Int)
121+
122+
fun BIO_meth_new(Int, Char*) : BioMethod*
123+
fun BIO_meth_set_read(BioMethod*, BioMethodReadOld)
124+
fun BIO_meth_set_write(BioMethod*, BioMethodWriteOld)
125+
fun BIO_meth_set_puts(BioMethod*, BioMethodPuts)
126+
fun BIO_meth_set_gets(BioMethod*, BioMethodGets)
127+
fun BIO_meth_set_ctrl(BioMethod*, BioMethodCtrl)
128+
fun BIO_meth_set_create(BioMethod*, BioMethodCreate)
129+
fun BIO_meth_set_destroy(BioMethod*, BioMethodDestroy)
130+
fun BIO_meth_set_callback_ctrl(BioMethod*, BioMethodCallbackCtrl)
153131

154132
fun sha1 = SHA1(data : Char*, length : SizeT, md : Char*) : Char*
155133

@@ -175,9 +153,7 @@ lib LibCrypto
175153
fun obj_obj2nid = OBJ_obj2nid(obj : ASN1_OBJECT) : Int
176154
fun obj_ln2nid = OBJ_ln2nid(ln : Char*) : Int
177155
fun obj_sn2nid = OBJ_sn2nid(sn : Char*) : Int
178-
{% if compare_versions(OPENSSL_VERSION, "1.0.2") >= 0 || LIBRESSL_VERSION != "0.0.0" %}
179-
fun obj_find_sigid_algs = OBJ_find_sigid_algs(sigid : Int32, pdig_nid : Int32*, ppkey_nid : Int32*) : Int32
180-
{% end %}
156+
fun obj_find_sigid_algs = OBJ_find_sigid_algs(sigid : Int32, pdig_nid : Int32*, ppkey_nid : Int32*) : Int32
181157

182158
fun asn1_object_free = ASN1_OBJECT_free(obj : ASN1_OBJECT)
183159
fun asn1_string_data = ASN1_STRING_data(x : ASN1_STRING) : Char*
@@ -230,13 +206,8 @@ lib LibCrypto
230206

231207
fun evp_digestfinal_ex = EVP_DigestFinal_ex(ctx : EVP_MD_CTX, md : UInt8*, size : UInt32*) : Int32
232208

233-
{% if compare_versions(OPENSSL_VERSION, "1.1.0") >= 0 || compare_versions(LibCrypto::LIBRESSL_VERSION, "2.7.0") >= 0 %}
234-
fun evp_md_ctx_new = EVP_MD_CTX_new : EVP_MD_CTX
235-
fun evp_md_ctx_free = EVP_MD_CTX_free(ctx : EVP_MD_CTX)
236-
{% else %}
237-
fun evp_md_ctx_new = EVP_MD_CTX_create : EVP_MD_CTX
238-
fun evp_md_ctx_free = EVP_MD_CTX_destroy(ctx : EVP_MD_CTX)
239-
{% end %}
209+
fun evp_md_ctx_new = EVP_MD_CTX_new : EVP_MD_CTX
210+
fun evp_md_ctx_free = EVP_MD_CTX_free(ctx : EVP_MD_CTX)
240211

241212
fun evp_get_cipherbyname = EVP_get_cipherbyname(name : UInt8*) : EVP_CIPHER
242213

@@ -307,9 +278,7 @@ lib LibCrypto
307278
fun md5 = MD5(data : UInt8*, length : LibC::SizeT, md : UInt8*) : UInt8*
308279

309280
fun pkcs5_pbkdf2_hmac_sha1 = PKCS5_PBKDF2_HMAC_SHA1(pass : LibC::Char*, passlen : LibC::Int, salt : UInt8*, saltlen : LibC::Int, iter : LibC::Int, keylen : LibC::Int, out : UInt8*) : LibC::Int
310-
{% if compare_versions(OPENSSL_VERSION, "1.0.0") >= 0 || LIBRESSL_VERSION != "0.0.0" %}
311-
fun pkcs5_pbkdf2_hmac = PKCS5_PBKDF2_HMAC(pass : LibC::Char*, passlen : LibC::Int, salt : UInt8*, saltlen : LibC::Int, iter : LibC::Int, digest : EVP_MD, keylen : LibC::Int, out : UInt8*) : LibC::Int
312-
{% end %}
281+
fun pkcs5_pbkdf2_hmac = PKCS5_PBKDF2_HMAC(pass : LibC::Char*, passlen : LibC::Int, salt : UInt8*, saltlen : LibC::Int, iter : LibC::Int, digest : EVP_MD, keylen : LibC::Int, out : UInt8*) : LibC::Int
313282

314283
NID_X9_62_prime256v1 = 415
315284

@@ -330,7 +299,7 @@ lib LibCrypto
330299
NID_commonName = 13
331300
NID_subject_alt_name = 85
332301

333-
{% if compare_versions(OPENSSL_VERSION, "1.1.0") >= 0 %}
302+
{% if OPENSSL_VERSION != "0.0.0" %}
334303
fun sk_free = OPENSSL_sk_free(st : Void*)
335304
fun sk_num = OPENSSL_sk_num(x0 : Void*) : Int
336305
fun sk_pop_free = OPENSSL_sk_pop_free(st : Void*, callback : (Void*) ->)
@@ -354,9 +323,7 @@ lib LibCrypto
354323
fun x509_get_ext = X509_get_ext(x : X509, idx : Int) : X509_EXTENSION
355324
fun x509_get_ext_count = X509_get_ext_count(x : X509) : Int
356325
fun x509_get_ext_d2i = X509_get_ext_d2i(x : X509, nid : Int, crit : Int*, idx : Int*) : Void*
357-
{% if compare_versions(OPENSSL_VERSION, "1.0.2") >= 0 || LIBRESSL_VERSION != "0.0.0" %}
358-
fun x509_get_signature_nid = X509_get_signature_nid(x509 : X509) : Int32
359-
{% end %}
326+
fun x509_get_signature_nid = X509_get_signature_nid(x509 : X509) : Int32
360327

361328
MBSTRING_UTF8 = 0x1000
362329

@@ -381,42 +348,35 @@ lib LibCrypto
381348

382349
fun x509_store_add_cert = X509_STORE_add_cert(ctx : X509_STORE, x : X509) : Int
383350

384-
{% unless compare_versions(OPENSSL_VERSION, "1.1.0") >= 0 || compare_versions(LibCrypto::LIBRESSL_VERSION, "3.0.0") >= 0 %}
385-
fun err_load_crypto_strings = ERR_load_crypto_strings
386-
fun openssl_add_all_algorithms = OPENSSL_add_all_algorithms_noconf
387-
{% end %}
351+
type X509VerifyParam = Void*
388352

389-
{% if compare_versions(OPENSSL_VERSION, "1.0.2") >= 0 || LIBRESSL_VERSION != "0.0.0" %}
390-
type X509VerifyParam = Void*
391-
392-
@[Flags]
393-
enum X509VerifyFlags : ULong
394-
CB_ISSUER_CHECK = 0x1
395-
USE_CHECK_TIME = 0x2
396-
CRL_CHECK = 0x4
397-
CRL_CHECK_ALL = 0x8
398-
IGNORE_CRITICAL = 0x10
399-
X509_STRICT = 0x20
400-
ALLOW_PROXY_CERTS = 0x40
401-
POLICY_CHECK = 0x80
402-
EXPLICIT_POLICY = 0x100
403-
INHIBIT_ANY = 0x200
404-
INHIBIT_MAP = 0x400
405-
NOTIFY_POLICY = 0x800
406-
EXTENDED_CRL_SUPPORT = 0x1000
407-
USE_DELTAS = 0x2000
408-
CHECK_SS_SIGNATURE = 0x4000
409-
TRUSTED_FIRST = 0x8000
410-
SUITEB_128_LOS_ONLY = 0x10000
411-
SUITEB_192_LOS = 0x20000
412-
SUITEB_128_LOS = 0x30000
413-
PARTIAL_CHAIN = 0x80000
414-
NO_ALT_CHAINS = 0x100000
415-
end
416-
417-
fun x509_verify_param_lookup = X509_VERIFY_PARAM_lookup(name : UInt8*) : X509VerifyParam
418-
fun x509_verify_param_set1_host = X509_VERIFY_PARAM_set1_host(param : X509VerifyParam, name : UInt8*, len : SizeT) : Int
419-
fun x509_verify_param_set1_ip_asc = X509_VERIFY_PARAM_set1_ip_asc(param : X509VerifyParam, ip : UInt8*) : Int
420-
fun x509_verify_param_set_flags = X509_VERIFY_PARAM_set_flags(param : X509VerifyParam, flags : X509VerifyFlags) : Int
421-
{% end %}
353+
@[Flags]
354+
enum X509VerifyFlags : ULong
355+
CB_ISSUER_CHECK = 0x1
356+
USE_CHECK_TIME = 0x2
357+
CRL_CHECK = 0x4
358+
CRL_CHECK_ALL = 0x8
359+
IGNORE_CRITICAL = 0x10
360+
X509_STRICT = 0x20
361+
ALLOW_PROXY_CERTS = 0x40
362+
POLICY_CHECK = 0x80
363+
EXPLICIT_POLICY = 0x100
364+
INHIBIT_ANY = 0x200
365+
INHIBIT_MAP = 0x400
366+
NOTIFY_POLICY = 0x800
367+
EXTENDED_CRL_SUPPORT = 0x1000
368+
USE_DELTAS = 0x2000
369+
CHECK_SS_SIGNATURE = 0x4000
370+
TRUSTED_FIRST = 0x8000
371+
SUITEB_128_LOS_ONLY = 0x10000
372+
SUITEB_192_LOS = 0x20000
373+
SUITEB_128_LOS = 0x30000
374+
PARTIAL_CHAIN = 0x80000
375+
NO_ALT_CHAINS = 0x100000
376+
end
377+
378+
fun x509_verify_param_lookup = X509_VERIFY_PARAM_lookup(name : UInt8*) : X509VerifyParam
379+
fun x509_verify_param_set1_host = X509_VERIFY_PARAM_set1_host(param : X509VerifyParam, name : UInt8*, len : SizeT) : Int
380+
fun x509_verify_param_set1_ip_asc = X509_VERIFY_PARAM_set1_ip_asc(param : X509VerifyParam, ip : UInt8*) : Int
381+
fun x509_verify_param_set_flags = X509_VERIFY_PARAM_set_flags(param : X509VerifyParam, flags : X509VerifyFlags) : Int
422382
end

0 commit comments

Comments
 (0)