mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

Use EVP_PKEY_eq() instead of deprected EVP_PKEY_cmp()

Browse Source 
EVP_PKEY_eq() is the replacement with a smaller result range (0, 1)
instead of (-1, 0, 1).  EVP_PKEY_cmp() is mapped to EVP_PKEY_eq() when
building with older versions of OpenSSL.
This commit is contained in:
Mark Andrews
2021-09-08 16:31:56 +10:00
committed by Aram Sargsyan
parent ebea7ee97b
commit 76decb5353
4 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@@ -626,7 +626,7 @@ AC_COMPILE_IFELSE(
AC_CHECK_FUNCS([OPENSSL_init_ssl OPENSSL_init_crypto]) AC_CHECK_FUNCS([OPENSSL_init_ssl OPENSSL_init_crypto])
AC_CHECK_FUNCS([CRYPTO_zalloc]) AC_CHECK_FUNCS([CRYPTO_zalloc])
AC_CHECK_FUNCS([EVP_PKEY_new_raw_private_key]) AC_CHECK_FUNCS([EVP_PKEY_new_raw_private_key EVP_PKEY_eq])
AC_CHECK_FUNCS([EVP_CIPHER_CTX_new EVP_CIPHER_CTX_free]) AC_CHECK_FUNCS([EVP_CIPHER_CTX_new EVP_CIPHER_CTX_free])
AC_CHECK_FUNCS([EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset EVP_MD_CTX_get0_md]) AC_CHECK_FUNCS([EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset EVP_MD_CTX_get0_md])
AC_CHECK_FUNCS([ERR_get_error_all]) AC_CHECK_FUNCS([ERR_get_error_all])

4
lib/dns/openssl_shim.h
View File

@@ -18,3 +18,7 @@ unsigned long
ERR_get_error_all(const char **file, int *line, const char **func, ERR_get_error_all(const char **file, int *line, const char **func,
const char **data, int *flags); const char **data, int *flags);
#endif /* if !HAVE_ERR_GET_ERROR_ALL */ #endif /* if !HAVE_ERR_GET_ERROR_ALL */
#if !HAVE_EVP_PKEY_EQ
#define EVP_PKEY_eq EVP_PKEY_cmp
#endif

3
lib/dns/opensslecdsa_link.c
View File

@@ -32,6 +32,7 @@
#include "dst_internal.h" #include "dst_internal.h"
#include "dst_openssl.h" #include "dst_openssl.h"
#include "dst_parse.h" #include "dst_parse.h"
#include "openssl_shim.h"
#ifndef NID_X9_62_prime256v1 #ifndef NID_X9_62_prime256v1
#error "P-256 group is not known (NID_X9_62_prime256v1)" #error "P-256 group is not known (NID_X9_62_prime256v1)"
@@ -289,7 +290,7 @@ opensslecdsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
DST_RET(false); DST_RET(false);
} }
status = EVP_PKEY_cmp(pkey1, pkey2); status = EVP_PKEY_eq(pkey1, pkey2);
if (status != 1) { if (status != 1) {
DST_RET(false); DST_RET(false);
} }

5
lib/dns/openssleddsa_link.c
View File

@@ -34,6 +34,7 @@
#include "dst_internal.h" #include "dst_internal.h"
#include "dst_openssl.h" #include "dst_openssl.h"
#include "dst_parse.h" #include "dst_parse.h"
#include "openssl_shim.h"
#define DST_RET(a) \ #define DST_RET(a) \
{ \ { \
@@ -281,7 +282,7 @@ openssleddsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
return (false); return (false);
} }
status = EVP_PKEY_cmp(pkey1, pkey2); status = EVP_PKEY_eq(pkey1, pkey2);
if (status == 1) { if (status == 1) {
return (true); return (true);
} }
@@ -491,7 +492,7 @@ eddsa_check(EVP_PKEY *pkey, EVP_PKEY *pubpkey) {
if (pubpkey == NULL) { if (pubpkey == NULL) {
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} }
if (EVP_PKEY_cmp(pkey, pubpkey) == 1) { if (EVP_PKEY_eq(pkey, pubpkey) == 1) {
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} }
return (ISC_R_FAILURE); return (ISC_R_FAILURE);