crypto/*/*.c: make sure libcmp overrides symbols from OpenSSL, also f…

…or v3.2+
mpeylo · Feb 9, 2024 · ac1dd51 · ac1dd51
1 parent c24de75
commit ac1dd51
Show file tree

Hide file tree

Showing 20 changed files with 12 additions and 88 deletions.
diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c
@@ -122,8 +122,6 @@ ASN1_ADB(OSSL_CMP_ITAV) = {
     ADB_ENTRY(NID_id_it_certReqTemplate,
               ASN1_OPT(OSSL_CMP_ITAV, infoValue.certReqTemplate,
                        OSSL_CMP_CERTREQTEMPLATE)),
-#endif
-#if OPENSSL_VERSION_NUMBER >= 0x30200000L || OPENSSL_VERSION_NUMBER >= 0x30000000L
     ADB_ENTRY(NID_id_it_rootCaCert,
               ASN1_OPT(OSSL_CMP_ITAV, infoValue.rootCaCert, X509)),
     ADB_ENTRY(NID_id_it_certProfile,

diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
@@ -21,8 +21,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/cmp_util.h>
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
-
 #define IS_CREP(t) ((t) == OSSL_CMP_PKIBODY_IP || (t) == OSSL_CMP_PKIBODY_CP \
                         || (t) == OSSL_CMP_PKIBODY_KUP)
 
@@ -1060,5 +1058,3 @@ STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx)
 
     return itavs; /* NULL indicates error case */
 }
-
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
@@ -34,8 +34,6 @@ TYPE *OSSL_CMP_CTX_get0_##NAME(const OSSL_CMP_CTX *ctx) \
     return ctx->FIELD; \
 }
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
-
 /*
  * Get current certificate store containing trusted root CA certs
  */
@@ -577,8 +575,6 @@ int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, const TYPE *val) \
     return 1; \
 }
 
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
-
 #define X509_invalid(cert) (!ossl_x509v3_cache_extensions(cert))
 #define EVP_PKEY_invalid(key) 0
 
@@ -602,8 +598,6 @@ int PREFIX##_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \
     return 1; \
 }
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
-
 #define DEFINE_OSSL_set1_up_ref(PREFIX, FIELD, TYPE)    \
 int PREFIX##_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \
 { \
@@ -644,9 +638,7 @@ int PREFIX##_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \
     return 1; \
 }
 
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
 DEFINE_OSSL_set1_up_ref(ossl_cmp_ctx, validatedSrvCert, X509)
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
 
 /*
  * Pins the server certificate to be directly trusted (even if it is expired)
@@ -783,10 +775,8 @@ DEFINE_OSSL_CMP_CTX_set1(p10CSR, X509_REQ)
  */
 DEFINE_OSSL_set0(ossl_cmp_ctx, newCert, X509)
 
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
 /* Get successfully validated server cert, if any, of current transaction */
 DEFINE_OSSL_CMP_CTX_get0(validatedSrvCert, X509)
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
 
 /*
  * Get the (newly received in IP/KUP/CP) client certificate from the context
@@ -1062,5 +1052,3 @@ int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt)
         return -1;
     }
 }
-
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c
@@ -14,8 +14,6 @@
 
 #ifndef OPENSSL_NO_CMP
 
-# if OPENSSL_VERSION_NUMBER <= 0x30200000L
-
 # ifndef OPENSSL_NO_ERR
 
 static const ERR_STRING_DATA CMP_str_reasons[] = {
@@ -184,8 +182,6 @@ int ossl_err_load_CMP_strings(void)
     return 1;
 }
 
-# endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
-
 #else
 NON_EMPTY_TRANSLATION_UNIT
 #endif
diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c
@@ -20,8 +20,6 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 
-#if OPENSSL_VERSION_NUMBER <= 0x30300000L
-
 int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno)
 {
     if (!ossl_assert(hdr != NULL))
@@ -370,5 +368,3 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
 
     return 1;
 }
-
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c
@@ -26,8 +26,6 @@
 #include <openssl/buffer.h>
 #include <openssl/err.h>
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
-
 #define DEFAULT_RETRY_AFTER 60 /* one minute */
 
 static int keep_alive(int keep_alive, int body_type, BIO *bio)
@@ -120,5 +118,3 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
     sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
     return res;
 }
-
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
@@ -31,8 +31,6 @@
  */
 #endif
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
-
 OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq)
 {
     OSSL_CMP_MSG *msg = NULL;
@@ -1276,4 +1274,3 @@ int ossl_cmp_is_error_with_waiting(const OSSL_CMP_MSG *msg)
             && ossl_cmp_pkisi_get_status(msg->body->value.error->pKIStatusInfo)
             == OSSL_CMP_PKISTATUS_waiting);
 }
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
@@ -18,8 +18,6 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
-
 /*
  * This function is also used by the internal verify_PBMAC() in cmp_vfy.c.
  *
@@ -318,5 +316,3 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
     ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROTECTING_MESSAGE);
     return 0;
 }
-
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
@@ -19,8 +19,6 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
-
 /* the context for the generic CMP server */
 struct ossl_cmp_srv_ctx_st
 {
@@ -774,5 +772,3 @@ OSSL_CMP_MSG *OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
 
     return OSSL_CMP_SRV_process_request(srv_ctx, req);
 }
-
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c
@@ -25,8 +25,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
-
 /* CMP functions related to PKIStatus */
 
 int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si)
@@ -312,5 +310,3 @@ OSSL_CMP_PKISI *OSSL_CMP_STATUSINFO_new(int status, int fail_info,
     ASN1_UTF8STRING_free(utf8_text);
     return NULL;
 }
-
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c
@@ -17,8 +17,6 @@
 #include <openssl/err.h> /* should be implied by cmperr.h */
 #include <openssl/x509v3.h>
 
-#if OPENSSL_VERSION_NUMBER <= 0x30300000L
-
 /*
  * use trace API for CMP-specific logging, prefixed by "CMP " and severity
  */
@@ -297,5 +295,3 @@ int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt,
     *tgt = new;
     return 1;
 }
-
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30300000L */
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
@@ -21,8 +21,6 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
-
 /* Verify a message protected by signature according to RFC section 5.1.3.3 */
 static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
                             const OSSL_CMP_MSG *msg, X509 *cert)
@@ -907,4 +905,3 @@ int ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx,
     return 1;
 }
 
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
diff --git a/crypto/crmf/crmf_asn.c b/crypto/crmf/crmf_asn.c
@@ -43,7 +43,7 @@ ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
 /* explicit #includes not strictly needed since implied by the above: */
 #include <openssl/crmf.h>
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
+#if 1 || OPENSSL_VERSION_NUMBER <= 0x30200000L
 
 ASN1_SEQUENCE(OSSL_CRMF_PRIVATEKEYINFO) = {
     ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO, version, ASN1_INTEGER),
@@ -87,7 +87,7 @@ ASN1_SEQUENCE(OSSL_CRMF_ENCRYPTEDVALUE) = {
 } ASN1_SEQUENCE_END(OSSL_CRMF_ENCRYPTEDVALUE)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
+#endif /* 1 || OPENSSL_VERSION_NUMBER <= 0x30200000L */
 
 /*
  * Note from CMP Updates defining CMPv3:
@@ -102,7 +102,7 @@ ASN1_CHOICE(OSSL_CRMF_ENCRYPTEDKEY) = {
 } ASN1_CHOICE_END(OSSL_CRMF_ENCRYPTEDKEY)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDKEY)
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
+#if 1 || OPENSSL_VERSION_NUMBER <= 0x30200000L
 
 ASN1_SEQUENCE(OSSL_CRMF_SINGLEPUBINFO) = {
     ASN1_SIMPLE(OSSL_CRMF_SINGLEPUBINFO, pubMethod, ASN1_INTEGER),
@@ -180,7 +180,7 @@ ASN1_CHOICE(OSSL_CRMF_POPO) = {
 } ASN1_CHOICE_END(OSSL_CRMF_POPO)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO)
 
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
+#endif /* 1 || OPENSSL_VERSION_NUMBER <= 0x30200000L */
 
 ASN1_ADB_TEMPLATE(attributetypeandvalue_default) =
     ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY);
@@ -272,7 +272,7 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST) = {
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST)
 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST)
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
+#if 1 || OPENSSL_VERSION_NUMBER <= 0x30200000L
 
 ASN1_SEQUENCE(OSSL_CRMF_MSG) = {
     ASN1_SIMPLE(OSSL_CRMF_MSG, certReq, OSSL_CRMF_CERTREQUEST),
@@ -289,4 +289,4 @@ ASN1_ITEM_TEMPLATE(OSSL_CRMF_MSGS) =
 ASN1_ITEM_TEMPLATE_END(OSSL_CRMF_MSGS)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSGS)
 
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
+#endif /* 1 || OPENSSL_VERSION_NUMBER <= 0x30200000L */
diff --git a/crypto/crmf/crmf_err.c b/crypto/crmf/crmf_err.c
@@ -14,8 +14,6 @@
 
 #ifndef OPENSSL_NO_CRMF
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
-
 # ifndef OPENSSL_NO_ERR
 
 static const ERR_STRING_DATA CRMF_str_reasons[] = {
@@ -83,8 +81,6 @@ int ossl_err_load_CRMF_strings(void)
     return 1;
 }
 
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
-
 #else
 NON_EMPTY_TRANSLATION_UNIT
 #endif
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
@@ -44,7 +44,6 @@
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_PUBKEY)
 #endif
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
 /*-
  * atyp = Attribute Type
  * valt = Value Type
@@ -616,7 +615,7 @@ int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
 }
 
 #ifndef OPENSSL_NO_CMS
-#if OPENSSL_VERSION_NUMBER < 0x30200000L
+# if OPENSSL_VERSION_NUMBER < 0x30200000L
 /* added to OpenSSL 3.1 in #18301 */
 BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
                                EVP_PKEY *pkey, X509 *cert,
@@ -629,9 +628,8 @@ BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
                            STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls,
                            unsigned int flags,
                            OSSL_LIB_CTX *libctx, const char *propq);
-#endif
+# endif
 #endif /* OPENSSL_NO_CMS */
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
 
 #ifndef OPENSSL_NO_CMS
 DECLARE_ASN1_ITEM(CMS_SignedData) /* copied from cms_local.h */
@@ -934,7 +932,6 @@ X509
     return NULL;
 #endif /* OPENSSL_NO_CMS */
 }
-#if OPENSSL_VERSION_NUMBER < 0x30200000L
 
 #ifndef OPENSSL_NO_CMS
 # if OPENSSL_VERSION_NUMBER <= 0x30200000L
@@ -1052,4 +1049,3 @@ BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data,
 
 # endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
 #endif /* OPENSSL_NO_CMS */
-#endif /* OPENSSL_VERSION_NUMBER < 0x30200000L */
diff --git a/crypto/crmf/crmf_local.h b/crypto/crmf/crmf_local.h
@@ -76,7 +76,7 @@ struct ossl_crmf_encryptedkey_st {
     } value;
 } /* OSSL_CRMF_ENCRYPTEDKEY */;
 
-# if OPENSSL_VERSION_NUMBER <= 0x30200000L
+# if 1 || OPENSSL_VERSION_NUMBER <= 0x30200000L
 
 /*-
  *  Attributes ::= SET OF Attribute
@@ -303,7 +303,7 @@ typedef struct ossl_crmf_popo_st {
     } value;
 } OSSL_CRMF_POPO;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_POPO)
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
+#endif /* 1 || OPENSSL_VERSION_NUMBER <= 0x30200000L */
 
 /*-
  * OptionalValidity ::= SEQUENCE {
@@ -362,7 +362,7 @@ struct ossl_crmf_certrequest_st {
 } /* OSSL_CRMF_CERTREQUEST */;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST)
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST)
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
+#if 1 || OPENSSL_VERSION_NUMBER <= 0x30200000L
 
 /* ossl_crmf_attributetypeandvalue_st decl is in include/internal/crmf.h */
 
@@ -383,6 +383,6 @@ struct ossl_crmf_msg_st {
     STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *regInfo;
 } /* OSSL_CRMF_MSG */;
 
-# endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
+# endif /* 1 || OPENSSL_VERSION_NUMBER <= 0x30200000L */
 
 #endif /* !defined(OSSL_CRYPTO_CRMF_LOCAL_H) */
diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c
@@ -27,8 +27,6 @@
 
 #include "crmf_local.h"
 
-#if OPENSSL_VERSION_NUMBER < 0x30200000L
-
 /*-
  * creates and initializes OSSL_CRMF_PBMPARAMETER (section 4.4)
  * |slen| SHOULD be at least 8 (16 is common)
@@ -257,5 +255,3 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
     }
     return 0;
 }
-
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
@@ -25,8 +25,6 @@
 #include "internal/sockets.h"
 #include "internal/common.h" /* for ossl_assert() */
 
-#if OPENSSL_VERSION_NUMBER <= 0x30200000L
-
 #define HTTP_PREFIX "HTTP/"
 #define HTTP_VERSION_PATT "1." /* allow 1.x */
 #define HTTP_VERSION_STR_LEN sizeof(HTTP_VERSION_PATT) /* == strlen("1.0") */
@@ -1683,5 +1681,3 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
     return ret;
 #undef BUF_SIZE
 }
-
-#endif /* OPENSSL_VERSION_NUMBER <= 0x30200000L */