2 files changed, 254 insertions, 0 deletions
diff --git a/meta/recipes-support/apr/apr-util/openssl-1.1.patch b/meta/recipes-support/apr/apr-util/openssl-1.1.patch
new file mode 100644
index 0000000000..891c14183a
--- /dev/null
+++ b/meta/recipes-support/apr/apr-util/openssl-1.1.patch
@@ -0,0 +1,253 @@
+# commit f163d8b5af9185de80d24b4dd13951dd64872aa6
+# Author: Rainer Jung <rjung@apache.org>
+# Date:   Sun Feb 7 14:40:46 2016 +0000
+# 
+#     Add support for OpenSSL 1.1.0:
+#     - Switch configure test for OpenSSL libcrypto
+#       from BN_init() to BN_new().
+#       - BN_init() is gone in OpenSSL 1.1.0.
+#         BN_new() exists at least since 0.9.8.
+#     - use OPENSSL_malloc_init() instead of
+#       CRYPTO_malloc_init
+#     - make cipherCtx a pointer. Type EVP_CIPHER_CTX
+#       is now opaque.
+#       - use EVP_CIPHER_CTX_new() in init() functions
+#         if initialised flag is not set (and set flag)
+#       - use EVP_CIPHER_CTX_free() in cleanup function
+#     - Improve reuse cleanup
+#       - call EVP_CIPHER_CTX_reset() resp.
+#         EVP_CIPHER_CTX_cleanup() in finish functions
+#       - call EVP_CIPHER_CTX_reset() resp.
+#         EVP_CIPHER_CTX_cleanup() when Update fails
+#     Backport of r1728958 and r1728963 from trunk.
+#     
+#     
+#     git-svn-id: https://svn.apache.org/repos/asf/apr/apr-util/branches/1.5.x@1728969 13f79535-47bb-0310-9956-ffa450edef68
+#
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+Upstream-Status: Backport 
+diff --git a/build/crypto.m4 b/build/crypto.m4
+index 9f9be6f..57884e3 100644
+--- a/build/crypto.m4
+++ b/build/crypto.m4
+@@ -88,7 +88,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
+   [
+     if test "$withval" = "yes"; then
+       AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
+-      AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+      AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+       if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
+         apu_have_openssl=1
+       fi
+@@ -104,7 +104,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
+ 
+       AC_MSG_NOTICE(checking for openssl in $withval)
+       AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
+-      AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+      AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+       if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
+         apu_have_openssl=1
+         APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
+@@ -113,7 +113,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
+ 
+       if test "$apu_have_openssl" != "1"; then
+         AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
+-        AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+        AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+         if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
+           apu_have_openssl=1
+           APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
+diff --git a/crypto/apr_crypto_openssl.c b/crypto/apr_crypto_openssl.c
+index 0740f93..7d61fca 100644
+--- a/crypto/apr_crypto_openssl.c
+++ b/crypto/apr_crypto_openssl.c
+@@ -64,7 +64,7 @@ struct apr_crypto_block_t {
+     apr_pool_t *pool;
+     const apr_crypto_driver_t *provider;
+     const apr_crypto_t *f;
+-    EVP_CIPHER_CTX cipherCtx;
+    EVP_CIPHER_CTX *cipherCtx;
+     int initialised;
+     int ivSize;
+     int blockSize;
+@@ -111,7 +111,11 @@ static apr_status_t crypto_shutdown_helper(void *data)
+ static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
+         const apu_err_t **result)
+ {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     CRYPTO_malloc_init();
+#else
+    OPENSSL_malloc_init();
+#endif
+     ERR_load_crypto_strings();
+     /* SSL_load_error_strings(); */
+     OpenSSL_add_all_algorithms();
+@@ -134,7 +138,7 @@ static apr_status_t crypto_block_cleanup(apr_crypto_block_t *ctx)
+ {
+ 
+     if (ctx->initialised) {
+-        EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx);
+        EVP_CIPHER_CTX_free(ctx->cipherCtx);
+         ctx->initialised = 0;
+     }
+ 
+@@ -491,8 +495,10 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
+             apr_pool_cleanup_null);
+ 
+     /* create a new context for encryption */
+-    EVP_CIPHER_CTX_init(&block->cipherCtx);
+-    block->initialised = 1;
+    if (!block->initialised) {
+        block->cipherCtx = EVP_CIPHER_CTX_new();
+        block->initialised = 1;
+    }
+ 
+     /* generate an IV, if necessary */
+     usedIv = NULL;
+@@ -519,16 +525,16 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
+ 
+     /* set up our encryption context */
+ #if CRYPTO_OPENSSL_CONST_BUFFERS
+-    if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
+    if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine,
+             key->key, usedIv)) {
+ #else
+-        if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
+        if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
+ #endif
+         return APR_EINIT;
+     }
+ 
+     /* Clear up any read padding */
+-    if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
+    if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
+         return APR_EPADDING;
+     }
+ 
+@@ -582,11 +588,16 @@ static apr_status_t crypto_block_encrypt(unsigned char **out,
+     }
+ 
+ #if CRYPT_OPENSSL_CONST_BUFFERS
+-    if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) {
+    if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) {
+ #else
+-    if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl,
+    if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl,
+             (unsigned char *) in, inlen)) {
+ #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+        EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+        EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
+         return APR_ECRYPT;
+     }
+     *outlen = outl;
+@@ -616,14 +627,22 @@ static apr_status_t crypto_block_encrypt(unsigned char **out,
+ static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
+         apr_size_t *outlen, apr_crypto_block_t *ctx)
+ {
+    apr_status_t rc = APR_SUCCESS;
+     int len = *outlen;
+ 
+-    if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
+-        return APR_EPADDING;
+    if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
+        rc = APR_EPADDING;
+    }
+    else {
+        *outlen = len;
+     }
+-    *outlen = len;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+    EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
+ 
+-    return APR_SUCCESS;
+    return rc;
+ 
+ }
+ 
+@@ -662,8 +681,10 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
+             apr_pool_cleanup_null);
+ 
+     /* create a new context for encryption */
+-    EVP_CIPHER_CTX_init(&block->cipherCtx);
+-    block->initialised = 1;
+    if (!block->initialised) {
+        block->cipherCtx = EVP_CIPHER_CTX_new();
+        block->initialised = 1;
+    }
+ 
+     /* generate an IV, if necessary */
+     if (key->ivSize) {
+@@ -674,16 +695,16 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
+ 
+     /* set up our encryption context */
+ #if CRYPTO_OPENSSL_CONST_BUFFERS
+-    if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
+    if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine,
+             key->key, iv)) {
+ #else
+-        if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
+        if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
+ #endif
+         return APR_EINIT;
+     }
+ 
+     /* Clear up any read padding */
+-    if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
+    if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
+         return APR_EPADDING;
+     }
+ 
+@@ -737,11 +758,16 @@ static apr_status_t crypto_block_decrypt(unsigned char **out,
+     }
+ 
+ #if CRYPT_OPENSSL_CONST_BUFFERS
+-    if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) {
+    if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) {
+ #else
+-    if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in,
+    if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in,
+             inlen)) {
+ #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+        EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+        EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
+         return APR_ECRYPT;
+     }
+     *outlen = outl;
+@@ -771,15 +797,22 @@ static apr_status_t crypto_block_decrypt(unsigned char **out,
+ static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
+         apr_size_t *outlen, apr_crypto_block_t *ctx)
+ {
+-
+    apr_status_t rc = APR_SUCCESS;
+     int len = *outlen;
+ 
+-    if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
+-        return APR_EPADDING;
+    if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
+        rc = APR_EPADDING;
+     }
+-    *outlen = len;
+    else {
+        *outlen = len;
+    }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+    EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
+ 
+-    return APR_SUCCESS;
+    return rc;
+ 
+ }
+ 
diff --git a/meta/recipes-support/apr/apr-util_1.5.4.bb b/meta/recipes-support/apr/apr-util_1.5.4.bb
index 2b8676fef3..64f4d94d8b 100644
--- a/meta/recipes-support/apr/apr-util_1.5.4.bb
+++ b/meta/recipes-support/apr/apr-util_1.5.4.bb
@@ -13,6 +13,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \
           file://configfix.patch \
           file://configure_fixes.patch \
           file://run-ptest \
+           file://openssl-1.1.patch \
 "
 SRC_URI[md5sum] = "866825c04da827c6e5f53daff5569f42"

diff --git a/meta/recipes-support/apr/apr-util/openssl-1.1.patch b/meta/recipes-support/apr/apr-util/openssl-1.1.patch new file mode 100644 index 0000000000..891c14183a --- /dev/null +++ b/meta/recipes-support/apr/apr-util/openssl-1.1.patch
@@ -0,0 +1,253 @@
		1	# commit f163d8b5af9185de80d24b4dd13951dd64872aa6
		2	# Author: Rainer Jung <rjung@apache.org>
		3	# Date: Sun Feb 7 14:40:46 2016 +0000
		4	#
		5	# Add support for OpenSSL 1.1.0:
		6	# - Switch configure test for OpenSSL libcrypto
		7	# from BN_init() to BN_new().
		8	# - BN_init() is gone in OpenSSL 1.1.0.
		9	# BN_new() exists at least since 0.9.8.
		10	# - use OPENSSL_malloc_init() instead of
		11	# CRYPTO_malloc_init
		12	# - make cipherCtx a pointer. Type EVP_CIPHER_CTX
		13	# is now opaque.
		14	# - use EVP_CIPHER_CTX_new() in init() functions
		15	# if initialised flag is not set (and set flag)
		16	# - use EVP_CIPHER_CTX_free() in cleanup function
		17	# - Improve reuse cleanup
		18	# - call EVP_CIPHER_CTX_reset() resp.
		19	# EVP_CIPHER_CTX_cleanup() in finish functions
		20	# - call EVP_CIPHER_CTX_reset() resp.
		21	# EVP_CIPHER_CTX_cleanup() when Update fails
		22	# Backport of r1728958 and r1728963 from trunk.
		23	#
		24	#
		25	# git-svn-id: https://svn.apache.org/repos/asf/apr/apr-util/branches/1.5.x@1728969 13f79535-47bb-0310-9956-ffa450edef68
		26	#
		27
		28	Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
		29	Upstream-Status: Backport
		30	diff --git a/build/crypto.m4 b/build/crypto.m4
		31	index 9f9be6f..57884e3 100644
		32	--- a/build/crypto.m4
		33	+++ b/build/crypto.m4
		34	@@ -88,7 +88,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
		35	[
		36	if test "$withval" = "yes"; then
		37	AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
		38	- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
		39	+ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
		40	if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
		41	apu_have_openssl=1
		42	fi
		43	@@ -104,7 +104,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
		44
		45	AC_MSG_NOTICE(checking for openssl in $withval)
		46	AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
		47	- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
		48	+ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
		49	if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
		50	apu_have_openssl=1
		51	APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
		52	@@ -113,7 +113,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
		53
		54	if test "$apu_have_openssl" != "1"; then
		55	AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
		56	- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
		57	+ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
		58	if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
		59	apu_have_openssl=1
		60	APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
		61	diff --git a/crypto/apr_crypto_openssl.c b/crypto/apr_crypto_openssl.c
		62	index 0740f93..7d61fca 100644
		63	--- a/crypto/apr_crypto_openssl.c
		64	+++ b/crypto/apr_crypto_openssl.c
		65	@@ -64,7 +64,7 @@ struct apr_crypto_block_t {
		66	apr_pool_t *pool;
		67	const apr_crypto_driver_t *provider;
		68	const apr_crypto_t *f;
		69	- EVP_CIPHER_CTX cipherCtx;
		70	+ EVP_CIPHER_CTX *cipherCtx;
		71	int initialised;
		72	int ivSize;
		73	int blockSize;
		74	@@ -111,7 +111,11 @@ static apr_status_t crypto_shutdown_helper(void *data)
		75	static apr_status_t crypto_init(apr_pool_t pool, const char params,
		76	const apu_err_t **result)
		77	{
		78	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		79	CRYPTO_malloc_init();
		80	+#else
		81	+ OPENSSL_malloc_init();
		82	+#endif
		83	ERR_load_crypto_strings();
		84	/* SSL_load_error_strings(); */
		85	OpenSSL_add_all_algorithms();
		86	@@ -134,7 +138,7 @@ static apr_status_t crypto_block_cleanup(apr_crypto_block_t *ctx)
		87	{
		88
		89	if (ctx->initialised) {
		90	- EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx);
		91	+ EVP_CIPHER_CTX_free(ctx->cipherCtx);
		92	ctx->initialised = 0;
		93	}
		94
		95	@@ -491,8 +495,10 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
		96	apr_pool_cleanup_null);
		97
		98	/* create a new context for encryption */
		99	- EVP_CIPHER_CTX_init(&block->cipherCtx);
		100	- block->initialised = 1;
		101	+ if (!block->initialised) {
		102	+ block->cipherCtx = EVP_CIPHER_CTX_new();
		103	+ block->initialised = 1;
		104	+ }
		105
		106	/* generate an IV, if necessary */
		107	usedIv = NULL;
		108	@@ -519,16 +525,16 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
		109
		110	/* set up our encryption context */
		111	#if CRYPTO_OPENSSL_CONST_BUFFERS
		112	- if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
		113	+ if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine,
		114	key->key, usedIv)) {
		115	#else
		116	- if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char ) key->key, (unsigned char ) usedIv)) {
		117	+ if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char ) key->key, (unsigned char ) usedIv)) {
		118	#endif
		119	return APR_EINIT;
		120	}
		121
		122	/* Clear up any read padding */
		123	- if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
		124	+ if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
		125	return APR_EPADDING;
		126	}
		127
		128	@@ -582,11 +588,16 @@ static apr_status_t crypto_block_encrypt(unsigned char **out,
		129	}
		130
		131	#if CRYPT_OPENSSL_CONST_BUFFERS
		132	- if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) {
		133	+ if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) {
		134	#else
		135	- if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl,
		136	+ if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl,
		137	(unsigned char *) in, inlen)) {
		138	#endif
		139	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		140	+ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
		141	+#else
		142	+ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
		143	+#endif
		144	return APR_ECRYPT;
		145	}
		146	*outlen = outl;
		147	@@ -616,14 +627,22 @@ static apr_status_t crypto_block_encrypt(unsigned char **out,
		148	static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
		149	apr_size_t outlen, apr_crypto_block_t ctx)
		150	{
		151	+ apr_status_t rc = APR_SUCCESS;
		152	int len = *outlen;
		153
		154	- if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
		155	- return APR_EPADDING;
		156	+ if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
		157	+ rc = APR_EPADDING;
		158	+ }
		159	+ else {
		160	+ *outlen = len;
		161	}
		162	- *outlen = len;
		163	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		164	+ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
		165	+#else
		166	+ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
		167	+#endif
		168
		169	- return APR_SUCCESS;
		170	+ return rc;
		171
		172	}
		173
		174	@@ -662,8 +681,10 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
		175	apr_pool_cleanup_null);
		176
		177	/* create a new context for encryption */
		178	- EVP_CIPHER_CTX_init(&block->cipherCtx);
		179	- block->initialised = 1;
		180	+ if (!block->initialised) {
		181	+ block->cipherCtx = EVP_CIPHER_CTX_new();
		182	+ block->initialised = 1;
		183	+ }
		184
		185	/* generate an IV, if necessary */
		186	if (key->ivSize) {
		187	@@ -674,16 +695,16 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
		188
		189	/* set up our encryption context */
		190	#if CRYPTO_OPENSSL_CONST_BUFFERS
		191	- if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
		192	+ if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine,
		193	key->key, iv)) {
		194	#else
		195	- if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char ) key->key, (unsigned char ) iv)) {
		196	+ if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char ) key->key, (unsigned char ) iv)) {
		197	#endif
		198	return APR_EINIT;
		199	}
		200
		201	/* Clear up any read padding */
		202	- if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
		203	+ if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
		204	return APR_EPADDING;
		205	}
		206
		207	@@ -737,11 +758,16 @@ static apr_status_t crypto_block_decrypt(unsigned char **out,
		208	}
		209
		210	#if CRYPT_OPENSSL_CONST_BUFFERS
		211	- if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) {
		212	+ if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) {
		213	#else
		214	- if (!EVP_DecryptUpdate(&ctx->cipherCtx, out, &outl, (unsigned char ) in,
		215	+ if (!EVP_DecryptUpdate(ctx->cipherCtx, out, &outl, (unsigned char ) in,
		216	inlen)) {
		217	#endif
		218	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		219	+ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
		220	+#else
		221	+ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
		222	+#endif
		223	return APR_ECRYPT;
		224	}
		225	*outlen = outl;
		226	@@ -771,15 +797,22 @@ static apr_status_t crypto_block_decrypt(unsigned char **out,
		227	static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
		228	apr_size_t outlen, apr_crypto_block_t ctx)
		229	{
		230	-
		231	+ apr_status_t rc = APR_SUCCESS;
		232	int len = *outlen;
		233
		234	- if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
		235	- return APR_EPADDING;
		236	+ if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
		237	+ rc = APR_EPADDING;
		238	}
		239	- *outlen = len;
		240	+ else {
		241	+ *outlen = len;
		242	+ }
		243	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		244	+ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
		245	+#else
		246	+ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
		247	+#endif
		248
		249	- return APR_SUCCESS;
		250	+ return rc;
		251
		252	}
		253


diff --git a/meta/recipes-support/apr/apr-util_1.5.4.bb b/meta/recipes-support/apr/apr-util_1.5.4.bb index 2b8676fef3..64f4d94d8b 100644 --- a/meta/recipes-support/apr/apr-util_1.5.4.bb +++ b/meta/recipes-support/apr/apr-util_1.5.4.bb
@@ -13,6 +13,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \
13	file://configfix.patch \	13	file://configfix.patch \
14	file://configure_fixes.patch \	14	file://configure_fixes.patch \
15	file://run-ptest \	15	file://run-ptest \
		16	file://openssl-1.1.patch \
16	"	17	"
17		18
18	SRC_URI[md5sum] = "866825c04da827c6e5f53daff5569f42"	19	SRC_URI[md5sum] = "866825c04da827c6e5f53daff5569f42"