search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
archrelease: copy trunk to extra-x86_64
[arch-packages.git] / apr-util / trunk / openssl-1.1.patch
blob090eb02cb125ab26ab9d14b5b7770349eba32b6e
1 # commit f163d8b5af9185de80d24b4dd13951dd64872aa6
2 # Author: Rainer Jung <rjung@apache.org>
3 # Date: Sun Feb 7 14:40:46 2016 +0000
4 #
5 # Add support for OpenSSL 1.1.0:
6 # - Switch configure test for OpenSSL libcrypto
7 # from BN_init() to BN_new().
8 # - BN_init() is gone in OpenSSL 1.1.0.
9 # BN_new() exists at least since 0.9.8.
10 # - use OPENSSL_malloc_init() instead of
11 # CRYPTO_malloc_init
12 # - make cipherCtx a pointer. Type EVP_CIPHER_CTX
13 # is now opaque.
14 # - use EVP_CIPHER_CTX_new() in init() functions
15 # if initialised flag is not set (and set flag)
16 # - use EVP_CIPHER_CTX_free() in cleanup function
17 # - Improve reuse cleanup
18 # - call EVP_CIPHER_CTX_reset() resp.
19 # EVP_CIPHER_CTX_cleanup() in finish functions
20 # - call EVP_CIPHER_CTX_reset() resp.
21 # EVP_CIPHER_CTX_cleanup() when Update fails
22 # Backport of r1728958 and r1728963 from trunk.
23 #
24 #
25 # git-svn-id: https://svn.apache.org/repos/asf/apr/apr-util/branches/1.5.x@1728969 13f79535-47bb-0310-9956-ffa450edef68
26 #
27 diff --git a/build/crypto.m4 b/build/crypto.m4
28 index 9f9be6f..57884e3 100644
29 --- a/build/crypto.m4
30 +++ b/build/crypto.m4
31 @@ -88,7 +88,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
32 [
33 if test "$withval" = "yes"; then
34 AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
35 - AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
36 + AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
37 if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
38 apu_have_openssl=1
39 fi
40 @@ -104,7 +104,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
41
42 AC_MSG_NOTICE(checking for openssl in $withval)
43 AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
44 - AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
45 + AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
46 if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
47 apu_have_openssl=1
48 APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
49 @@ -113,7 +113,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
50
51 if test "$apu_have_openssl" != "1"; then
52 AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
53 - AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
54 + AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
55 if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
56 apu_have_openssl=1
57 APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
58 diff --git a/crypto/apr_crypto_openssl.c b/crypto/apr_crypto_openssl.c
59 index 0740f93..7d61fca 100644
60 --- a/crypto/apr_crypto_openssl.c
61 +++ b/crypto/apr_crypto_openssl.c
62 @@ -64,7 +64,7 @@ struct apr_crypto_block_t {
63 apr_pool_t *pool;
64 const apr_crypto_driver_t *provider;
65 const apr_crypto_t *f;
66 - EVP_CIPHER_CTX cipherCtx;
67 + EVP_CIPHER_CTX *cipherCtx;
68 int initialised;
69 int ivSize;
70 int blockSize;
71 @@ -111,7 +111,11 @@ static apr_status_t crypto_shutdown_helper(void *data)
72 static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
73 const apu_err_t **result)
74 {
75 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
76 CRYPTO_malloc_init();
77 +#else
78 + OPENSSL_malloc_init();
79 +#endif
80 ERR_load_crypto_strings();
81 /* SSL_load_error_strings(); */
82 OpenSSL_add_all_algorithms();
83 @@ -134,7 +138,7 @@ static apr_status_t crypto_block_cleanup(apr_crypto_block_t *ctx)
84 {
85
86 if (ctx->initialised) {
87 - EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx);
88 + EVP_CIPHER_CTX_free(ctx->cipherCtx);
89 ctx->initialised = 0;
90 }
91
92 @@ -491,8 +495,10 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
93 apr_pool_cleanup_null);
94
95 /* create a new context for encryption */
96 - EVP_CIPHER_CTX_init(&block->cipherCtx);
97 - block->initialised = 1;
98 + if (!block->initialised) {
99 + block->cipherCtx = EVP_CIPHER_CTX_new();
100 + block->initialised = 1;
101 + }
102
103 /* generate an IV, if necessary */
104 usedIv = NULL;
105 @@ -519,16 +525,16 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
106
107 /* set up our encryption context */
108 #if CRYPTO_OPENSSL_CONST_BUFFERS
109 - if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
110 + if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine,
111 key->key, usedIv)) {
112 #else
113 - if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
114 + if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
115 #endif
116 return APR_EINIT;
117 }
118
119 /* Clear up any read padding */
120 - if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
121 + if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
122 return APR_EPADDING;
123 }
124
125 @@ -582,11 +588,16 @@ static apr_status_t crypto_block_encrypt(unsigned char **out,
126 }
127
128 #if CRYPT_OPENSSL_CONST_BUFFERS
129 - if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) {
130 + if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) {
131 #else
132 - if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl,
133 + if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl,
134 (unsigned char *) in, inlen)) {
135 #endif
136 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
137 + EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
138 +#else
139 + EVP_CIPHER_CTX_reset(ctx->cipherCtx);
140 +#endif
141 return APR_ECRYPT;
142 }
143 *outlen = outl;
144 @@ -616,14 +627,22 @@ static apr_status_t crypto_block_encrypt(unsigned char **out,
145 static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
146 apr_size_t *outlen, apr_crypto_block_t *ctx)
147 {
148 + apr_status_t rc = APR_SUCCESS;
149 int len = *outlen;
150
151 - if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
152 - return APR_EPADDING;
153 + if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
154 + rc = APR_EPADDING;
155 + }
156 + else {
157 + *outlen = len;
158 }
159 - *outlen = len;
160 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
161 + EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
162 +#else
163 + EVP_CIPHER_CTX_reset(ctx->cipherCtx);
164 +#endif
165
166 - return APR_SUCCESS;
167 + return rc;
168
169 }
170
171 @@ -662,8 +681,10 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
172 apr_pool_cleanup_null);
173
174 /* create a new context for encryption */
175 - EVP_CIPHER_CTX_init(&block->cipherCtx);
176 - block->initialised = 1;
177 + if (!block->initialised) {
178 + block->cipherCtx = EVP_CIPHER_CTX_new();
179 + block->initialised = 1;
180 + }
181
182 /* generate an IV, if necessary */
183 if (key->ivSize) {
184 @@ -674,16 +695,16 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
185
186 /* set up our encryption context */
187 #if CRYPTO_OPENSSL_CONST_BUFFERS
188 - if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
189 + if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine,
190 key->key, iv)) {
191 #else
192 - if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
193 + if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
194 #endif
195 return APR_EINIT;
196 }
197
198 /* Clear up any read padding */
199 - if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
200 + if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
201 return APR_EPADDING;
202 }
203
204 @@ -737,11 +758,16 @@ static apr_status_t crypto_block_decrypt(unsigned char **out,
205 }
206
207 #if CRYPT_OPENSSL_CONST_BUFFERS
208 - if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) {
209 + if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) {
210 #else
211 - if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in,
212 + if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in,
213 inlen)) {
214 #endif
215 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
216 + EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
217 +#else
218 + EVP_CIPHER_CTX_reset(ctx->cipherCtx);
219 +#endif
220 return APR_ECRYPT;
221 }
222 *outlen = outl;
223 @@ -771,15 +797,22 @@ static apr_status_t crypto_block_decrypt(unsigned char **out,
224 static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
225 apr_size_t *outlen, apr_crypto_block_t *ctx)
226 {
227 -
228 + apr_status_t rc = APR_SUCCESS;
229 int len = *outlen;
230
231 - if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
232 - return APR_EPADDING;
233 + if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
234 + rc = APR_EPADDING;
235 }
236 - *outlen = len;
237 + else {
238 + *outlen = len;
239 + }
240 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
241 + EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
242 +#else
243 + EVP_CIPHER_CTX_reset(ctx->cipherCtx);
244 +#endif
245
246 - return APR_SUCCESS;
247 + return rc;
248
249 }
250
archlinux package build