diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 82fdc87b99c..ea64dc3303c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -5731,6 +5731,13 @@ OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves); // is intentionally not supported in AWS-LC. #define SSL_VERIFY_CLIENT_ONCE 0 +// The following are not supported in AWS-LC. +// TODO: elaoborate +#define SSL_OP_TLSEXT_PADDING 0 +#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0 +#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0 + + // The following have no effect in both AWS-LC and OpenSSL. #define SSL_OP_EPHEMERAL_RSA 0 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0 diff --git a/tests/ci/integration/ruby_patch/ruby_3_1/aws-lc-ruby-temp.patch b/tests/ci/integration/ruby_patch/ruby_3_1/aws-lc-ruby-temp.patch new file mode 100644 index 00000000000..dbe813f1a9f --- /dev/null +++ b/tests/ci/integration/ruby_patch/ruby_3_1/aws-lc-ruby-temp.patch @@ -0,0 +1,162 @@ +diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c +index 0bac027..7d499a0 100644 +--- a/ext/openssl/ossl_config.c ++++ b/ext/openssl/ossl_config.c +@@ -9,6 +9,8 @@ + */ + #include "ossl.h" + ++#if !defined(OPENSSL_IS_AWSLC) ++ + static VALUE cConfig, eConfigError; + + static void +@@ -458,3 +460,9 @@ Init_ossl_config(void) + path_str = ossl_buf2str(path, rb_long2int(strlen(path))); + rb_define_const(cConfig, "DEFAULT_CONFIG_FILE", path_str); + } ++#else ++void ++Init_ossl_config(void) ++{ ++} ++#endif +\ No newline at end of file +diff --git a/ext/openssl/ossl_config.h b/ext/openssl/ossl_config.h +index 4e604f1..1c55ba1 100644 +--- a/ext/openssl/ossl_config.h ++++ b/ext/openssl/ossl_config.h +@@ -10,7 +10,10 @@ + #ifndef OSSL_CONFIG_H + #define OSSL_CONFIG_H + ++#if !defined(OPENSSL_IS_AWSLC) + CONF *GetConfig(VALUE obj); ++#endif ++ + void Init_ossl_config(void); + + #endif /* OSSL_CONFIG_H */ +diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c +index 1e87484..343b5cb 100644 +--- a/ext/openssl/ossl_ocsp.c ++++ b/ext/openssl/ossl_ocsp.c +@@ -1863,9 +1863,6 @@ Init_ossl_ocsp(void) + /* Illegal confirmation request */ + rb_define_const(mOCSP, "RESPONSE_STATUS_MALFORMEDREQUEST", INT2NUM(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST)); + +- /* The certificate was revoked for an unknown reason */ +- rb_define_const(mOCSP, "REVOKED_STATUS_NOSTATUS", INT2NUM(OCSP_REVOKED_STATUS_NOSTATUS)); +- + /* You must sign the request and resubmit */ + rb_define_const(mOCSP, "RESPONSE_STATUS_SIGREQUIRED", INT2NUM(OCSP_RESPONSE_STATUS_SIGREQUIRED)); + +@@ -1909,9 +1906,6 @@ Init_ossl_ocsp(void) + /* Do not search certificates contained in the response for a signer */ + rb_define_const(mOCSP, "NOINTERN", INT2NUM(OCSP_NOINTERN)); + +- /* Do not check the signature on the response */ +- rb_define_const(mOCSP, "NOSIGS", INT2NUM(OCSP_NOSIGS)); +- + /* Do not verify the certificate chain on the response */ + rb_define_const(mOCSP, "NOCHAIN", INT2NUM(OCSP_NOCHAIN)); + +@@ -1921,6 +1915,14 @@ Init_ossl_ocsp(void) + /* Do not check trust */ + rb_define_const(mOCSP, "NOEXPLICIT", INT2NUM(OCSP_NOEXPLICIT)); + ++#if !defined(OPENSSL_IS_AWSLC) ++ ++ /* The certificate was revoked for an unknown reason */ ++ rb_define_const(mOCSP, "REVOKED_STATUS_NOSTATUS", INT2NUM(OCSP_REVOKED_STATUS_NOSTATUS)); ++ ++ /* Do not check the signature on the response */ ++ rb_define_const(mOCSP, "NOSIGS", INT2NUM(OCSP_NOSIGS)); ++ + /* (This flag is not used by OpenSSL 1.0.1g) */ + rb_define_const(mOCSP, "NOCASIGN", INT2NUM(OCSP_NOCASIGN)); + +@@ -1930,6 +1932,8 @@ Init_ossl_ocsp(void) + /* Do not make additional signing certificate checks */ + rb_define_const(mOCSP, "NOCHECKS", INT2NUM(OCSP_NOCHECKS)); + ++#endif ++ + /* Do not verify additional certificates */ + rb_define_const(mOCSP, "TRUSTOTHER", INT2NUM(OCSP_TRUSTOTHER)); + +diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c +index dbe5347..b0b981e 100644 +--- a/ext/openssl/ossl_pkcs7.c ++++ b/ext/openssl/ossl_pkcs7.c +@@ -8,6 +8,7 @@ + * (See the file 'LICENCE'.) + */ + #include "ossl.h" ++#if !defined(OPENSSL_IS_AWSLC) + + #define NewPKCS7si(klass) \ + TypedData_Wrap_Struct((klass), &ossl_pkcs7_signer_info_type, 0) +@@ -1079,3 +1080,5 @@ Init_ossl_pkcs7(void) + DefPKCS7Const(NOATTR); + DefPKCS7Const(NOSMIMECAP); + } ++ ++#endif +\ No newline at end of file +diff --git a/ext/openssl/ossl_pkcs7.h b/ext/openssl/ossl_pkcs7.h +index 3e1b094..9a80d47 100644 +--- a/ext/openssl/ossl_pkcs7.h ++++ b/ext/openssl/ossl_pkcs7.h +@@ -8,6 +8,7 @@ + * (See the file 'LICENCE'.) + */ + #if !defined(_OSSL_PKCS7_H_) ++#if !defined(OPENSSL_IS_AWSLC) + #define _OSSL_PKCS7_H_ + + #define NewPKCS7(klass) \ +@@ -32,5 +33,5 @@ extern VALUE cPKCS7Recipient; + extern VALUE ePKCS7Error; + + void Init_ossl_pkcs7(void); +- ++#endif + #endif /* _OSSL_PKCS7_H_ */ +diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c +index 06d59c2..f248a96 100644 +--- a/ext/openssl/ossl_pkey_ec.c ++++ b/ext/openssl/ossl_pkey_ec.c +@@ -1295,7 +1295,7 @@ static VALUE ossl_ec_point_make_affine(VALUE self) + GetECPointGroup(self, group); + + rb_warn("OpenSSL::PKey::EC::Point#make_affine! is deprecated"); +-#if !OSSL_OPENSSL_PREREQ(3, 0, 0) ++#if !OSSL_OPENSSL_PREREQ(3, 0, 0) && !defined(OPENSSL_IS_AWSLC) + if (EC_POINT_make_affine(group, point, ossl_bn_ctx) != 1) + ossl_raise(cEC_POINT, "EC_POINT_make_affine"); + #endif +@@ -1444,7 +1444,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self) + if (EC_POINT_mul(group, point_result, bn_g, point_self, bn, ossl_bn_ctx) != 1) + ossl_raise(eEC_POINT, NULL); + } else { +-#if (defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3) || defined(LIBRESSL_VERSION_NUMBER) ++#if (defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3) || defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_AWSLC) + rb_raise(rb_eNotImpError, "calling #mul with arrays is not" \ + "supported by this OpenSSL version"); + #else +diff --git a/ext/openssl/ossl_x509.c b/ext/openssl/ossl_x509.c +index f847070..53b6270 100644 +--- a/ext/openssl/ossl_x509.c ++++ b/ext/openssl/ossl_x509.c +@@ -243,8 +243,8 @@ Init_ossl_x509(void) + DefX509Const(TRUST_SSL_SERVER); + DefX509Const(TRUST_EMAIL); + DefX509Const(TRUST_OBJECT_SIGN); +- DefX509Const(TRUST_OCSP_SIGN); +- DefX509Const(TRUST_OCSP_REQUEST); ++ // DefX509Const(TRUST_OCSP_SIGN); ++ // DefX509Const(TRUST_OCSP_REQUEST); + DefX509Const(TRUST_TSA); + + DefX509Default(CERT_AREA, cert_area); diff --git a/tests/ci/integration/ruby_patch/ruby_3_1/aws-lc-ruby.patch b/tests/ci/integration/ruby_patch/ruby_3_1/aws-lc-ruby.patch deleted file mode 100644 index 8bceae5c35e..00000000000 --- a/tests/ci/integration/ruby_patch/ruby_3_1/aws-lc-ruby.patch +++ /dev/null @@ -1,407 +0,0 @@ -diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c -index 0bac027..c5f00e6 100644 ---- a/ext/openssl/ossl_config.c -+++ b/ext/openssl/ossl_config.c -@@ -243,146 +243,146 @@ config_get_section(VALUE self, VALUE section) - return hash; - } - --static void --get_conf_section_doall_arg(CONF_VALUE *cv, VALUE *aryp) --{ -- if (cv->name) -- return; -- rb_ary_push(*aryp, rb_str_new_cstr(cv->section)); --} -- --/* IMPLEMENT_LHASH_DOALL_ARG_CONST() requires >= OpenSSL 1.1.0 */ --static IMPLEMENT_LHASH_DOALL_ARG_FN(get_conf_section, CONF_VALUE, VALUE) -- --/* -- * call-seq: -- * config.sections -> array of string -- * -- * Get the names of all sections in the current configuration. -- */ --static VALUE --config_get_sections(VALUE self) --{ -- CONF *conf = GetConfig(self); -- VALUE ary; -- -- ary = rb_ary_new(); -- lh_doall_arg((_LHASH *)conf->data, LHASH_DOALL_ARG_FN(get_conf_section), -- &ary); -- return ary; --} -- --static void --dump_conf_value_doall_arg(CONF_VALUE *cv, VALUE *strp) --{ -- VALUE str = *strp; -- STACK_OF(CONF_VALUE) *sk; -- int i, num; -- -- if (cv->name) -- return; -- sk = (STACK_OF(CONF_VALUE) *)cv->value; -- num = sk_CONF_VALUE_num(sk); -- rb_str_cat_cstr(str, "[ "); -- rb_str_cat_cstr(str, cv->section); -- rb_str_cat_cstr(str, " ]\n"); -- for (i = 0; i < num; i++){ -- CONF_VALUE *v = sk_CONF_VALUE_value(sk, i); -- rb_str_cat_cstr(str, v->name ? v->name : "None"); -- rb_str_cat_cstr(str, "="); -- rb_str_cat_cstr(str, v->value ? v->value : "None"); -- rb_str_cat_cstr(str, "\n"); -- } -- rb_str_cat_cstr(str, "\n"); --} -- --static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_conf_value, CONF_VALUE, VALUE) -- --/* -- * call-seq: -- * config.to_s -> string -- * -- * -- * Gets the parsable form of the current configuration. -- * -- * Given the following configuration being created: -- * -- * config = OpenSSL::Config.new -- * #=> # -- * config['default'] = {"foo"=>"bar","baz"=>"buz"} -- * #=> {"foo"=>"bar", "baz"=>"buz"} -- * puts config.to_s -- * #=> [ default ] -- * # foo=bar -- * # baz=buz -- * -- * You can parse get the serialized configuration using #to_s and then parse -- * it later: -- * -- * serialized_config = config.to_s -- * # much later... -- * new_config = OpenSSL::Config.parse(serialized_config) -- * #=> # -- * puts new_config -- * #=> [ default ] -- * foo=bar -- * baz=buz -- */ --static VALUE --config_to_s(VALUE self) --{ -- CONF *conf = GetConfig(self); -- VALUE str; -- -- str = rb_str_new(NULL, 0); -- lh_doall_arg((_LHASH *)conf->data, LHASH_DOALL_ARG_FN(dump_conf_value), -- &str); -- return str; --} -- --static void --each_conf_value_doall_arg(CONF_VALUE *cv, void *unused) --{ -- STACK_OF(CONF_VALUE) *sk; -- VALUE section; -- int i, num; -- -- if (cv->name) -- return; -- sk = (STACK_OF(CONF_VALUE) *)cv->value; -- num = sk_CONF_VALUE_num(sk); -- section = rb_str_new_cstr(cv->section); -- for (i = 0; i < num; i++){ -- CONF_VALUE *v = sk_CONF_VALUE_value(sk, i); -- VALUE name = v->name ? rb_str_new_cstr(v->name) : Qnil; -- VALUE value = v->value ? rb_str_new_cstr(v->value) : Qnil; -- rb_yield(rb_ary_new3(3, section, name, value)); -- } --} -- --static IMPLEMENT_LHASH_DOALL_ARG_FN(each_conf_value, CONF_VALUE, void) -- --/* -- * call-seq: -- * config.each { |section, key, value| } -- * -- * Retrieves the section and its pairs for the current configuration. -- * -- * config.each do |section, key, value| -- * # ... -- * end -- */ --static VALUE --config_each(VALUE self) --{ -- CONF *conf = GetConfig(self); -- -- RETURN_ENUMERATOR(self, 0, 0); -- -- lh_doall_arg((_LHASH *)conf->data, LHASH_DOALL_ARG_FN(each_conf_value), -- NULL); -- return self; --} -+// static void -+// get_conf_section_doall_arg(CONF_VALUE *cv, VALUE *aryp) -+// { -+// if (cv->name) -+// return; -+// rb_ary_push(*aryp, rb_str_new_cstr(cv->section)); -+// } -+ -+// /* IMPLEMENT_LHASH_DOALL_ARG_CONST() requires >= OpenSSL 1.1.0 */ -+// static IMPLEMENT_LHASH_DOALL_ARG_FN(get_conf_section, CONF_VALUE, VALUE) -+ -+// /* -+// * call-seq: -+// * config.sections -> array of string -+// * -+// * Get the names of all sections in the current configuration. -+// */ -+// static VALUE -+// config_get_sections(VALUE self) -+// { -+// CONF *conf = GetConfig(self); -+// VALUE ary; -+ -+// ary = rb_ary_new(); -+// lh_doall_arg((_LHASH *)conf->data, LHASH_DOALL_ARG_FN(get_conf_section), -+// &ary); -+// return ary; -+// } -+ -+// static void -+// dump_conf_value_doall_arg(CONF_VALUE *cv, VALUE *strp) -+// { -+// VALUE str = *strp; -+// STACK_OF(CONF_VALUE) *sk; -+// int i, num; -+ -+// if (cv->name) -+// return; -+// sk = (STACK_OF(CONF_VALUE) *)cv->value; -+// num = sk_CONF_VALUE_num(sk); -+// rb_str_cat_cstr(str, "[ "); -+// rb_str_cat_cstr(str, cv->section); -+// rb_str_cat_cstr(str, " ]\n"); -+// for (i = 0; i < num; i++){ -+// CONF_VALUE *v = sk_CONF_VALUE_value(sk, i); -+// rb_str_cat_cstr(str, v->name ? v->name : "None"); -+// rb_str_cat_cstr(str, "="); -+// rb_str_cat_cstr(str, v->value ? v->value : "None"); -+// rb_str_cat_cstr(str, "\n"); -+// } -+// rb_str_cat_cstr(str, "\n"); -+// } -+ -+// static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_conf_value, CONF_VALUE, VALUE) -+ -+// /* -+// * call-seq: -+// * config.to_s -> string -+// * -+// * -+// * Gets the parsable form of the current configuration. -+// * -+// * Given the following configuration being created: -+// * -+// * config = OpenSSL::Config.new -+// * #=> # -+// * config['default'] = {"foo"=>"bar","baz"=>"buz"} -+// * #=> {"foo"=>"bar", "baz"=>"buz"} -+// * puts config.to_s -+// * #=> [ default ] -+// * # foo=bar -+// * # baz=buz -+// * -+// * You can parse get the serialized configuration using #to_s and then parse -+// * it later: -+// * -+// * serialized_config = config.to_s -+// * # much later... -+// * new_config = OpenSSL::Config.parse(serialized_config) -+// * #=> # -+// * puts new_config -+// * #=> [ default ] -+// * foo=bar -+// * baz=buz -+// */ -+// static VALUE -+// config_to_s(VALUE self) -+// { -+// CONF *conf = GetConfig(self); -+// VALUE str; -+ -+// str = rb_str_new(NULL, 0); -+// lh_doall_arg((_LHASH *)conf->data, LHASH_DOALL_ARG_FN(dump_conf_value), -+// &str); -+// return str; -+// } -+ -+// static void -+// each_conf_value_doall_arg(CONF_VALUE *cv, void *unused) -+// { -+// STACK_OF(CONF_VALUE) *sk; -+// VALUE section; -+// int i, num; -+ -+// if (cv->name) -+// return; -+// sk = (STACK_OF(CONF_VALUE) *)cv->value; -+// num = sk_CONF_VALUE_num(sk); -+// section = rb_str_new_cstr(cv->section); -+// for (i = 0; i < num; i++){ -+// CONF_VALUE *v = sk_CONF_VALUE_value(sk, i); -+// VALUE name = v->name ? rb_str_new_cstr(v->name) : Qnil; -+// VALUE value = v->value ? rb_str_new_cstr(v->value) : Qnil; -+// rb_yield(rb_ary_new3(3, section, name, value)); -+// } -+// } -+ -+// static IMPLEMENT_LHASH_DOALL_ARG_FN(each_conf_value, CONF_VALUE, void) -+ -+// /* -+// * call-seq: -+// * config.each { |section, key, value| } -+// * -+// * Retrieves the section and its pairs for the current configuration. -+// * -+// * config.each do |section, key, value| -+// * # ... -+// * end -+// */ -+// static VALUE -+// config_each(VALUE self) -+// { -+// CONF *conf = GetConfig(self); -+ -+// RETURN_ENUMERATOR(self, 0, 0); -+ -+// lh_doall_arg((_LHASH *)conf->data, LHASH_DOALL_ARG_FN(each_conf_value), -+// NULL); -+// return self; -+// } - - /* - * call-seq: -@@ -446,15 +446,15 @@ Init_ossl_config(void) - rb_define_method(cConfig, "get_value", config_get_value, 2); - rb_define_method(cConfig, "[]", config_get_section, 1); - rb_define_method(cConfig, "sections", config_get_sections, 0); -- rb_define_method(cConfig, "to_s", config_to_s, 0); -- rb_define_method(cConfig, "each", config_each, 0); -+ // rb_define_method(cConfig, "to_s", config_to_s, 0); -+ // rb_define_method(cConfig, "each", config_each, 0); - rb_define_method(cConfig, "inspect", config_inspect, 0); - - /* Document-const: DEFAULT_CONFIG_FILE - * - * The default system configuration file for OpenSSL. - */ -- path = CONF_get1_default_config_file(); -- path_str = ossl_buf2str(path, rb_long2int(strlen(path))); -- rb_define_const(cConfig, "DEFAULT_CONFIG_FILE", path_str); -+ // path = CONF_get1_default_config_file(); -+ // path_str = ossl_buf2str(path, rb_long2int(strlen(path))); -+ // rb_define_const(cConfig, "DEFAULT_CONFIG_FILE", path_str); - } -diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c -index 1e87484..23de3a2 100644 ---- a/ext/openssl/ossl_ocsp.c -+++ b/ext/openssl/ossl_ocsp.c -@@ -10,7 +10,7 @@ - */ - #include "ossl.h" - --#if !defined(OPENSSL_NO_OCSP) -+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_IS_AWSLC) - - #define NewOCSPReq(klass) \ - TypedData_Wrap_Struct((klass), &ossl_ocsp_request_type, 0) -diff --git a/ext/openssl/ossl_ocsp.h b/ext/openssl/ossl_ocsp.h -index 6d2aac8..5e86ac8 100644 ---- a/ext/openssl/ossl_ocsp.h -+++ b/ext/openssl/ossl_ocsp.h -@@ -11,7 +11,7 @@ - #if !defined(_OSSL_OCSP_H_) - #define _OSSL_OCSP_H_ - --#if !defined(OPENSSL_NO_OCSP) -+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_IS_AWSLC) - extern VALUE mOCSP; - extern VALUE cOCSPReq; - extern VALUE cOCSPRes; -diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c -index dbe5347..5c28230 100644 ---- a/ext/openssl/ossl_pkcs7.c -+++ b/ext/openssl/ossl_pkcs7.c -@@ -9,6 +9,8 @@ - */ - #include "ossl.h" - -+#if !defined(OPENSSL_IS_AWSLC) -+ - #define NewPKCS7si(klass) \ - TypedData_Wrap_Struct((klass), &ossl_pkcs7_signer_info_type, 0) - #define SetPKCS7si(obj, p7si) do { \ -@@ -1079,3 +1081,5 @@ Init_ossl_pkcs7(void) - DefPKCS7Const(NOATTR); - DefPKCS7Const(NOSMIMECAP); - } -+ -+#endif -\ No newline at end of file -diff --git a/ext/openssl/ossl_pkcs7.h b/ext/openssl/ossl_pkcs7.h -index 3e1b094..bc12b10 100644 ---- a/ext/openssl/ossl_pkcs7.h -+++ b/ext/openssl/ossl_pkcs7.h -@@ -10,6 +10,8 @@ - #if !defined(_OSSL_PKCS7_H_) - #define _OSSL_PKCS7_H_ - -+#if !defined(OPENSSL_IS_AWSLC) -+ - #define NewPKCS7(klass) \ - TypedData_Wrap_Struct((klass), &ossl_pkcs7_type, 0) - #define SetPKCS7(obj, pkcs7) do { \ -@@ -33,4 +35,6 @@ extern VALUE ePKCS7Error; - - void Init_ossl_pkcs7(void); - -+#endif -+ - #endif /* _OSSL_PKCS7_H_ */ -diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c -index ee143d6..bedc279 100644 ---- a/ext/openssl/ossl_pkey.c -+++ b/ext/openssl/ossl_pkey.c -@@ -361,16 +361,16 @@ pkey_generate(int argc, VALUE *argv, VALUE self, int genparam) - if (!ctx) - ossl_raise(ePKeyError, "EVP_PKEY_CTX_new_from_name"); - #else -- const EVP_PKEY_ASN1_METHOD *ameth; -- ENGINE *tmpeng; -+ // const EVP_PKEY_ASN1_METHOD *ameth; -+ // ENGINE *tmpeng; - int pkey_id; - -- StringValue(alg); -- ameth = EVP_PKEY_asn1_find_str(&tmpeng, RSTRING_PTR(alg), -- RSTRING_LENINT(alg)); -- if (!ameth) -- ossl_raise(ePKeyError, "algorithm %"PRIsVALUE" not found", alg); -- EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); -+ // StringValue(alg); -+ // ameth = EVP_PKEY_asn1_find_str(&tmpeng, RSTRING_PTR(alg), -+ // RSTRING_LENINT(alg)); -+ // if (!ameth) -+ // ossl_raise(ePKeyError, "algorithm %"PRIsVALUE" not found", alg); -+ // EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); - #if !defined(OPENSSL_NO_ENGINE) - if (tmpeng) - ENGINE_finish(tmpeng);