diff options
author | Alexander Kanavin <alexander.kanavin@linux.intel.com> | 2017-05-10 17:13:25 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-05-18 14:01:47 +0100 |
commit | 67ec852bc3a00951b3577e8289f146b722b36561 (patch) | |
tree | 252edb9250d42ce75482203998062d4d26dfb6cb /meta/recipes-support | |
parent | 860fab8e92b2320838c04e3916550908ca0b2139 (diff) | |
download | poky-67ec852bc3a00951b3577e8289f146b722b36561.tar.gz |
apr-util: add support for openssl 1.1 via backported patch
(From OE-Core rev: 98efbb3183a33f0a94456fd8cfe040d82a12afc3)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
-rw-r--r-- | meta/recipes-support/apr/apr-util/openssl-1.1.patch | 253 | ||||
-rw-r--r-- | meta/recipes-support/apr/apr-util_1.5.4.bb | 1 |
2 files changed, 254 insertions, 0 deletions
diff --git a/meta/recipes-support/apr/apr-util/openssl-1.1.patch b/meta/recipes-support/apr/apr-util/openssl-1.1.patch new file mode 100644 index 0000000000..891c14183a --- /dev/null +++ b/meta/recipes-support/apr/apr-util/openssl-1.1.patch | |||
@@ -0,0 +1,253 @@ | |||
1 | # commit f163d8b5af9185de80d24b4dd13951dd64872aa6 | ||
2 | # Author: Rainer Jung <rjung@apache.org> | ||
3 | # Date: Sun Feb 7 14:40:46 2016 +0000 | ||
4 | # | ||
5 | # Add support for OpenSSL 1.1.0: | ||
6 | # - Switch configure test for OpenSSL libcrypto | ||
7 | # from BN_init() to BN_new(). | ||
8 | # - BN_init() is gone in OpenSSL 1.1.0. | ||
9 | # BN_new() exists at least since 0.9.8. | ||
10 | # - use OPENSSL_malloc_init() instead of | ||
11 | # CRYPTO_malloc_init | ||
12 | # - make cipherCtx a pointer. Type EVP_CIPHER_CTX | ||
13 | # is now opaque. | ||
14 | # - use EVP_CIPHER_CTX_new() in init() functions | ||
15 | # if initialised flag is not set (and set flag) | ||
16 | # - use EVP_CIPHER_CTX_free() in cleanup function | ||
17 | # - Improve reuse cleanup | ||
18 | # - call EVP_CIPHER_CTX_reset() resp. | ||
19 | # EVP_CIPHER_CTX_cleanup() in finish functions | ||
20 | # - call EVP_CIPHER_CTX_reset() resp. | ||
21 | # EVP_CIPHER_CTX_cleanup() when Update fails | ||
22 | # Backport of r1728958 and r1728963 from trunk. | ||
23 | # | ||
24 | # | ||
25 | # git-svn-id: https://svn.apache.org/repos/asf/apr/apr-util/branches/1.5.x@1728969 13f79535-47bb-0310-9956-ffa450edef68 | ||
26 | # | ||
27 | |||
28 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | ||
29 | Upstream-Status: Backport | ||
30 | diff --git a/build/crypto.m4 b/build/crypto.m4 | ||
31 | index 9f9be6f..57884e3 100644 | ||
32 | --- a/build/crypto.m4 | ||
33 | +++ b/build/crypto.m4 | ||
34 | @@ -88,7 +88,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [ | ||
35 | [ | ||
36 | if test "$withval" = "yes"; then | ||
37 | AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1]) | ||
38 | - AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) | ||
39 | + AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) | ||
40 | if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then | ||
41 | apu_have_openssl=1 | ||
42 | fi | ||
43 | @@ -104,7 +104,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [ | ||
44 | |||
45 | AC_MSG_NOTICE(checking for openssl in $withval) | ||
46 | AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1]) | ||
47 | - AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) | ||
48 | + AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) | ||
49 | if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then | ||
50 | apu_have_openssl=1 | ||
51 | APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib]) | ||
52 | @@ -113,7 +113,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [ | ||
53 | |||
54 | if test "$apu_have_openssl" != "1"; then | ||
55 | AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1]) | ||
56 | - AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) | ||
57 | + AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) | ||
58 | if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then | ||
59 | apu_have_openssl=1 | ||
60 | APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib]) | ||
61 | diff --git a/crypto/apr_crypto_openssl.c b/crypto/apr_crypto_openssl.c | ||
62 | index 0740f93..7d61fca 100644 | ||
63 | --- a/crypto/apr_crypto_openssl.c | ||
64 | +++ b/crypto/apr_crypto_openssl.c | ||
65 | @@ -64,7 +64,7 @@ struct apr_crypto_block_t { | ||
66 | apr_pool_t *pool; | ||
67 | const apr_crypto_driver_t *provider; | ||
68 | const apr_crypto_t *f; | ||
69 | - EVP_CIPHER_CTX cipherCtx; | ||
70 | + EVP_CIPHER_CTX *cipherCtx; | ||
71 | int initialised; | ||
72 | int ivSize; | ||
73 | int blockSize; | ||
74 | @@ -111,7 +111,11 @@ static apr_status_t crypto_shutdown_helper(void *data) | ||
75 | static apr_status_t crypto_init(apr_pool_t *pool, const char *params, | ||
76 | const apu_err_t **result) | ||
77 | { | ||
78 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
79 | CRYPTO_malloc_init(); | ||
80 | +#else | ||
81 | + OPENSSL_malloc_init(); | ||
82 | +#endif | ||
83 | ERR_load_crypto_strings(); | ||
84 | /* SSL_load_error_strings(); */ | ||
85 | OpenSSL_add_all_algorithms(); | ||
86 | @@ -134,7 +138,7 @@ static apr_status_t crypto_block_cleanup(apr_crypto_block_t *ctx) | ||
87 | { | ||
88 | |||
89 | if (ctx->initialised) { | ||
90 | - EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx); | ||
91 | + EVP_CIPHER_CTX_free(ctx->cipherCtx); | ||
92 | ctx->initialised = 0; | ||
93 | } | ||
94 | |||
95 | @@ -491,8 +495,10 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx, | ||
96 | apr_pool_cleanup_null); | ||
97 | |||
98 | /* create a new context for encryption */ | ||
99 | - EVP_CIPHER_CTX_init(&block->cipherCtx); | ||
100 | - block->initialised = 1; | ||
101 | + if (!block->initialised) { | ||
102 | + block->cipherCtx = EVP_CIPHER_CTX_new(); | ||
103 | + block->initialised = 1; | ||
104 | + } | ||
105 | |||
106 | /* generate an IV, if necessary */ | ||
107 | usedIv = NULL; | ||
108 | @@ -519,16 +525,16 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx, | ||
109 | |||
110 | /* set up our encryption context */ | ||
111 | #if CRYPTO_OPENSSL_CONST_BUFFERS | ||
112 | - if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, | ||
113 | + if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, | ||
114 | key->key, usedIv)) { | ||
115 | #else | ||
116 | - if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) { | ||
117 | + if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) { | ||
118 | #endif | ||
119 | return APR_EINIT; | ||
120 | } | ||
121 | |||
122 | /* Clear up any read padding */ | ||
123 | - if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) { | ||
124 | + if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) { | ||
125 | return APR_EPADDING; | ||
126 | } | ||
127 | |||
128 | @@ -582,11 +588,16 @@ static apr_status_t crypto_block_encrypt(unsigned char **out, | ||
129 | } | ||
130 | |||
131 | #if CRYPT_OPENSSL_CONST_BUFFERS | ||
132 | - if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) { | ||
133 | + if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) { | ||
134 | #else | ||
135 | - if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, | ||
136 | + if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, | ||
137 | (unsigned char *) in, inlen)) { | ||
138 | #endif | ||
139 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
140 | + EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); | ||
141 | +#else | ||
142 | + EVP_CIPHER_CTX_reset(ctx->cipherCtx); | ||
143 | +#endif | ||
144 | return APR_ECRYPT; | ||
145 | } | ||
146 | *outlen = outl; | ||
147 | @@ -616,14 +627,22 @@ static apr_status_t crypto_block_encrypt(unsigned char **out, | ||
148 | static apr_status_t crypto_block_encrypt_finish(unsigned char *out, | ||
149 | apr_size_t *outlen, apr_crypto_block_t *ctx) | ||
150 | { | ||
151 | + apr_status_t rc = APR_SUCCESS; | ||
152 | int len = *outlen; | ||
153 | |||
154 | - if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) { | ||
155 | - return APR_EPADDING; | ||
156 | + if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) { | ||
157 | + rc = APR_EPADDING; | ||
158 | + } | ||
159 | + else { | ||
160 | + *outlen = len; | ||
161 | } | ||
162 | - *outlen = len; | ||
163 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
164 | + EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); | ||
165 | +#else | ||
166 | + EVP_CIPHER_CTX_reset(ctx->cipherCtx); | ||
167 | +#endif | ||
168 | |||
169 | - return APR_SUCCESS; | ||
170 | + return rc; | ||
171 | |||
172 | } | ||
173 | |||
174 | @@ -662,8 +681,10 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx, | ||
175 | apr_pool_cleanup_null); | ||
176 | |||
177 | /* create a new context for encryption */ | ||
178 | - EVP_CIPHER_CTX_init(&block->cipherCtx); | ||
179 | - block->initialised = 1; | ||
180 | + if (!block->initialised) { | ||
181 | + block->cipherCtx = EVP_CIPHER_CTX_new(); | ||
182 | + block->initialised = 1; | ||
183 | + } | ||
184 | |||
185 | /* generate an IV, if necessary */ | ||
186 | if (key->ivSize) { | ||
187 | @@ -674,16 +695,16 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx, | ||
188 | |||
189 | /* set up our encryption context */ | ||
190 | #if CRYPTO_OPENSSL_CONST_BUFFERS | ||
191 | - if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, | ||
192 | + if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, | ||
193 | key->key, iv)) { | ||
194 | #else | ||
195 | - if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) { | ||
196 | + if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) { | ||
197 | #endif | ||
198 | return APR_EINIT; | ||
199 | } | ||
200 | |||
201 | /* Clear up any read padding */ | ||
202 | - if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) { | ||
203 | + if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) { | ||
204 | return APR_EPADDING; | ||
205 | } | ||
206 | |||
207 | @@ -737,11 +758,16 @@ static apr_status_t crypto_block_decrypt(unsigned char **out, | ||
208 | } | ||
209 | |||
210 | #if CRYPT_OPENSSL_CONST_BUFFERS | ||
211 | - if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) { | ||
212 | + if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) { | ||
213 | #else | ||
214 | - if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in, | ||
215 | + if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in, | ||
216 | inlen)) { | ||
217 | #endif | ||
218 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
219 | + EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); | ||
220 | +#else | ||
221 | + EVP_CIPHER_CTX_reset(ctx->cipherCtx); | ||
222 | +#endif | ||
223 | return APR_ECRYPT; | ||
224 | } | ||
225 | *outlen = outl; | ||
226 | @@ -771,15 +797,22 @@ static apr_status_t crypto_block_decrypt(unsigned char **out, | ||
227 | static apr_status_t crypto_block_decrypt_finish(unsigned char *out, | ||
228 | apr_size_t *outlen, apr_crypto_block_t *ctx) | ||
229 | { | ||
230 | - | ||
231 | + apr_status_t rc = APR_SUCCESS; | ||
232 | int len = *outlen; | ||
233 | |||
234 | - if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) { | ||
235 | - return APR_EPADDING; | ||
236 | + if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) { | ||
237 | + rc = APR_EPADDING; | ||
238 | } | ||
239 | - *outlen = len; | ||
240 | + else { | ||
241 | + *outlen = len; | ||
242 | + } | ||
243 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
244 | + EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); | ||
245 | +#else | ||
246 | + EVP_CIPHER_CTX_reset(ctx->cipherCtx); | ||
247 | +#endif | ||
248 | |||
249 | - return APR_SUCCESS; | ||
250 | + return rc; | ||
251 | |||
252 | } | ||
253 | |||
diff --git a/meta/recipes-support/apr/apr-util_1.5.4.bb b/meta/recipes-support/apr/apr-util_1.5.4.bb index 2b8676fef3..64f4d94d8b 100644 --- a/meta/recipes-support/apr/apr-util_1.5.4.bb +++ b/meta/recipes-support/apr/apr-util_1.5.4.bb | |||
@@ -13,6 +13,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \ | |||
13 | file://configfix.patch \ | 13 | file://configfix.patch \ |
14 | file://configure_fixes.patch \ | 14 | file://configure_fixes.patch \ |
15 | file://run-ptest \ | 15 | file://run-ptest \ |
16 | file://openssl-1.1.patch \ | ||
16 | " | 17 | " |
17 | 18 | ||
18 | SRC_URI[md5sum] = "866825c04da827c6e5f53daff5569f42" | 19 | SRC_URI[md5sum] = "866825c04da827c6e5f53daff5569f42" |