summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/apr/apr-util
diff options
context:
space:
mode:
authorAlexander Kanavin <alexander.kanavin@linux.intel.com>2017-05-10 17:13:25 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-05-18 14:01:47 +0100
commit67ec852bc3a00951b3577e8289f146b722b36561 (patch)
tree252edb9250d42ce75482203998062d4d26dfb6cb /meta/recipes-support/apr/apr-util
parent860fab8e92b2320838c04e3916550908ca0b2139 (diff)
downloadpoky-67ec852bc3a00951b3577e8289f146b722b36561.tar.gz
apr-util: add support for openssl 1.1 via backported patch
(From OE-Core rev: 98efbb3183a33f0a94456fd8cfe040d82a12afc3) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/apr/apr-util')
-rw-r--r--meta/recipes-support/apr/apr-util/openssl-1.1.patch253
1 files changed, 253 insertions, 0 deletions
diff --git a/meta/recipes-support/apr/apr-util/openssl-1.1.patch b/meta/recipes-support/apr/apr-util/openssl-1.1.patch
new file mode 100644
index 0000000000..891c14183a
--- /dev/null
+++ b/meta/recipes-support/apr/apr-util/openssl-1.1.patch
@@ -0,0 +1,253 @@
1# commit f163d8b5af9185de80d24b4dd13951dd64872aa6
2# Author: Rainer Jung <rjung@apache.org>
3# Date: Sun Feb 7 14:40:46 2016 +0000
4#
5# Add support for OpenSSL 1.1.0:
6# - Switch configure test for OpenSSL libcrypto
7# from BN_init() to BN_new().
8# - BN_init() is gone in OpenSSL 1.1.0.
9# BN_new() exists at least since 0.9.8.
10# - use OPENSSL_malloc_init() instead of
11# CRYPTO_malloc_init
12# - make cipherCtx a pointer. Type EVP_CIPHER_CTX
13# is now opaque.
14# - use EVP_CIPHER_CTX_new() in init() functions
15# if initialised flag is not set (and set flag)
16# - use EVP_CIPHER_CTX_free() in cleanup function
17# - Improve reuse cleanup
18# - call EVP_CIPHER_CTX_reset() resp.
19# EVP_CIPHER_CTX_cleanup() in finish functions
20# - call EVP_CIPHER_CTX_reset() resp.
21# EVP_CIPHER_CTX_cleanup() when Update fails
22# Backport of r1728958 and r1728963 from trunk.
23#
24#
25# git-svn-id: https://svn.apache.org/repos/asf/apr/apr-util/branches/1.5.x@1728969 13f79535-47bb-0310-9956-ffa450edef68
26#
27
28Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
29Upstream-Status: Backport
30diff --git a/build/crypto.m4 b/build/crypto.m4
31index 9f9be6f..57884e3 100644
32--- a/build/crypto.m4
33+++ b/build/crypto.m4
34@@ -88,7 +88,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
35 [
36 if test "$withval" = "yes"; then
37 AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
38- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
39+ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
40 if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
41 apu_have_openssl=1
42 fi
43@@ -104,7 +104,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
44
45 AC_MSG_NOTICE(checking for openssl in $withval)
46 AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
47- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
48+ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
49 if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
50 apu_have_openssl=1
51 APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
52@@ -113,7 +113,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
53
54 if test "$apu_have_openssl" != "1"; then
55 AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
56- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
57+ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
58 if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
59 apu_have_openssl=1
60 APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
61diff --git a/crypto/apr_crypto_openssl.c b/crypto/apr_crypto_openssl.c
62index 0740f93..7d61fca 100644
63--- a/crypto/apr_crypto_openssl.c
64+++ b/crypto/apr_crypto_openssl.c
65@@ -64,7 +64,7 @@ struct apr_crypto_block_t {
66 apr_pool_t *pool;
67 const apr_crypto_driver_t *provider;
68 const apr_crypto_t *f;
69- EVP_CIPHER_CTX cipherCtx;
70+ EVP_CIPHER_CTX *cipherCtx;
71 int initialised;
72 int ivSize;
73 int blockSize;
74@@ -111,7 +111,11 @@ static apr_status_t crypto_shutdown_helper(void *data)
75 static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
76 const apu_err_t **result)
77 {
78+#if OPENSSL_VERSION_NUMBER < 0x10100000L
79 CRYPTO_malloc_init();
80+#else
81+ OPENSSL_malloc_init();
82+#endif
83 ERR_load_crypto_strings();
84 /* SSL_load_error_strings(); */
85 OpenSSL_add_all_algorithms();
86@@ -134,7 +138,7 @@ static apr_status_t crypto_block_cleanup(apr_crypto_block_t *ctx)
87 {
88
89 if (ctx->initialised) {
90- EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx);
91+ EVP_CIPHER_CTX_free(ctx->cipherCtx);
92 ctx->initialised = 0;
93 }
94
95@@ -491,8 +495,10 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
96 apr_pool_cleanup_null);
97
98 /* create a new context for encryption */
99- EVP_CIPHER_CTX_init(&block->cipherCtx);
100- block->initialised = 1;
101+ if (!block->initialised) {
102+ block->cipherCtx = EVP_CIPHER_CTX_new();
103+ block->initialised = 1;
104+ }
105
106 /* generate an IV, if necessary */
107 usedIv = NULL;
108@@ -519,16 +525,16 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
109
110 /* set up our encryption context */
111 #if CRYPTO_OPENSSL_CONST_BUFFERS
112- if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
113+ if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine,
114 key->key, usedIv)) {
115 #else
116- if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
117+ if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
118 #endif
119 return APR_EINIT;
120 }
121
122 /* Clear up any read padding */
123- if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
124+ if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
125 return APR_EPADDING;
126 }
127
128@@ -582,11 +588,16 @@ static apr_status_t crypto_block_encrypt(unsigned char **out,
129 }
130
131 #if CRYPT_OPENSSL_CONST_BUFFERS
132- if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) {
133+ if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) {
134 #else
135- if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl,
136+ if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl,
137 (unsigned char *) in, inlen)) {
138 #endif
139+#if OPENSSL_VERSION_NUMBER < 0x10100000L
140+ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
141+#else
142+ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
143+#endif
144 return APR_ECRYPT;
145 }
146 *outlen = outl;
147@@ -616,14 +627,22 @@ static apr_status_t crypto_block_encrypt(unsigned char **out,
148 static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
149 apr_size_t *outlen, apr_crypto_block_t *ctx)
150 {
151+ apr_status_t rc = APR_SUCCESS;
152 int len = *outlen;
153
154- if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
155- return APR_EPADDING;
156+ if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
157+ rc = APR_EPADDING;
158+ }
159+ else {
160+ *outlen = len;
161 }
162- *outlen = len;
163+#if OPENSSL_VERSION_NUMBER < 0x10100000L
164+ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
165+#else
166+ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
167+#endif
168
169- return APR_SUCCESS;
170+ return rc;
171
172 }
173
174@@ -662,8 +681,10 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
175 apr_pool_cleanup_null);
176
177 /* create a new context for encryption */
178- EVP_CIPHER_CTX_init(&block->cipherCtx);
179- block->initialised = 1;
180+ if (!block->initialised) {
181+ block->cipherCtx = EVP_CIPHER_CTX_new();
182+ block->initialised = 1;
183+ }
184
185 /* generate an IV, if necessary */
186 if (key->ivSize) {
187@@ -674,16 +695,16 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
188
189 /* set up our encryption context */
190 #if CRYPTO_OPENSSL_CONST_BUFFERS
191- if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
192+ if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine,
193 key->key, iv)) {
194 #else
195- if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
196+ if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
197 #endif
198 return APR_EINIT;
199 }
200
201 /* Clear up any read padding */
202- if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
203+ if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
204 return APR_EPADDING;
205 }
206
207@@ -737,11 +758,16 @@ static apr_status_t crypto_block_decrypt(unsigned char **out,
208 }
209
210 #if CRYPT_OPENSSL_CONST_BUFFERS
211- if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) {
212+ if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) {
213 #else
214- if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in,
215+ if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in,
216 inlen)) {
217 #endif
218+#if OPENSSL_VERSION_NUMBER < 0x10100000L
219+ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
220+#else
221+ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
222+#endif
223 return APR_ECRYPT;
224 }
225 *outlen = outl;
226@@ -771,15 +797,22 @@ static apr_status_t crypto_block_decrypt(unsigned char **out,
227 static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
228 apr_size_t *outlen, apr_crypto_block_t *ctx)
229 {
230-
231+ apr_status_t rc = APR_SUCCESS;
232 int len = *outlen;
233
234- if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
235- return APR_EPADDING;
236+ if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
237+ rc = APR_EPADDING;
238 }
239- *outlen = len;
240+ else {
241+ *outlen = len;
242+ }
243+#if OPENSSL_VERSION_NUMBER < 0x10100000L
244+ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
245+#else
246+ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
247+#endif
248
249- return APR_SUCCESS;
250+ return rc;
251
252 }
253