LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15807 Commits
1 Branch
46 MiB
Tree: b95f19207e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b95f19207e'
${ noResults }
openwrt-packages-dist/mail/opendkim/patches/010-openssl_1.1_compat.patch

202 lines
5.8 KiB
Raw Normal View History

opendkim: support OpenSSL 1.1 with/without deprecated APIs This patch enables support of OpenSSL 1.1+ with and without deprecated OpenSSL APIs. Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
6 years ago
 
  1. This patch has been tested with OpenSSL 1.0.2q, 1.1.0j and 1.1.1a
  2. with and without support for deprecated OpenSSL APIs.
  3. 

  4. --- a/configure.ac

  5. +++ b/configure.ac

  6. @@ -860,26 +860,10 @@ then

  7.  	AC_SEARCH_LIBS([ERR_peek_error], [crypto], ,
  8.  	               AC_MSG_ERROR([libcrypto not found]))
  9.  
  10. -	AC_SEARCH_LIBS([SSL_library_init], [ssl], ,

  11. -		[

  12. -			if test x"$enable_shared" = x"yes"

  13. -			then

  14. -				AC_MSG_ERROR([Cannot build shared opendkim

  15. -				              against static openssl libraries.

  16. -				              Configure with --disable-shared

  17. -				              to get this working or obtain a

  18. -				              shared libssl library for

  19. -				              opendkim to use.])

  20. -			fi

  21. -

  22. -			# avoid caching issue - last result of SSL_library_init

  23. -			# shouldn't be cached for this next check

  24. -			unset ac_cv_search_SSL_library_init

  25. -			LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl"

  26. -			AC_SEARCH_LIBS([SSL_library_init], [ssl], ,

  27. -			               AC_MSG_ERROR([libssl not found]), [-ldl])

  28. -		]

  29. -	)

  30. +	od_have_ossl="no"

  31. +	AC_CHECK_LIB(ssl, OPENSSL_init_ssl, [od_have_ossl="yes"])

  32. +	AC_CHECK_LIB(ssl, SSL_library_init, [od_have_ossl="yes"])

  33. +	AS_IF([test "x$od_have_ossl" = xno], [AC_MSG_ERROR([libssl not found])])

  34.  
  35.  	AC_CHECK_DECL([SHA256_DIGEST_LENGTH],
  36.                        AC_DEFINE([HAVE_SHA256], 1,
  37. --- a/opendkim/opendkim-crypto.c

  38. +++ b/opendkim/opendkim-crypto.c

  39. @@ -139,6 +139,7 @@ static unsigned int nmutexes = 0;

  40.  static unsigned long threadid = 0L;
  41.  static pthread_mutex_t *mutexes = NULL;
  42.  
  43. +#if OPENSSL_VERSION_NUMBER < 0x10100000

  44.  /*
  45.  **  DKIMF_CRYPTO_LOCK_CALLBACK -- locking callback for libcrypto
  46.  **
  47. @@ -166,6 +167,7 @@ dkimf_crypto_lock_callback(int mode, int

  48.  
  49.  	assert(status == 0);
  50.  }
  51. +#endif

  52.  
  53.  /*
  54.  **  DKIMF_CRYPTO_GET_ID -- generate/retrieve thread ID
  55. @@ -208,21 +210,15 @@ dkimf_crypto_get_id(void)

  56.  static void
  57.  dkimf_crypto_free_id(void *ptr)
  58.  {
  59. -	/*

  60. -	**  Trick dkimf_crypto_get_id(); the thread-specific pointer has

  61. -	**  already been cleared at this point, but dkimf_crypto_get_id()

  62. -	**  may be called by ERR_remove_state() which will then allocate a

  63. -	**  new thread pointer if the thread-specific pointer is NULL.  This

  64. -	**  means a memory leak of thread IDs and, on Solaris, an infinite loop

  65. -	**  because the destructor (indirectly) re-sets the thread-specific

  66. -	**  pointer to something not NULL.  See pthread_key_create(3).

  67. -	*/

  68. -

  69.  	if (ptr != NULL)
  70.  	{
  71.  		assert(pthread_setspecific(id_key, ptr) == 0);
  72.  
  73. -		ERR_remove_state(0);

  74. +#if OPENSSL_VERSION_NUMBER >= 0x10100000

  75. +		OPENSSL_thread_stop();

  76. +#else

  77. +		ERR_remove_thread_state(NULL);

  78. +#endif

  79.  
  80.  		free(ptr);
  81.  
  82. @@ -300,6 +296,7 @@ dkimf_crypto_dyn_destroy(struct CRYPTO_d

  83.  **  	None.
  84.  */
  85.  
  86. +#if OPENSSL_VERSION_NUMBER < 0x10100000

  87.  static void
  88.  dkimf_crypto_dyn_lock(int mode, struct CRYPTO_dynlock_value *lock,
  89.                        /* UNUSED */ const char *file,
  90. @@ -316,6 +313,7 @@ dkimf_crypto_dyn_lock(int mode, struct C

  91.  
  92.  	assert(status == 0);
  93.  }
  94. +#endif

  95.  
  96.  /*
  97.  **  DKIMF_CRYPTO_INIT -- set up openssl dependencies
  98. @@ -335,7 +333,12 @@ dkimf_crypto_init(void)

  99.  	int n;
  100.  	int status;
  101.  
  102. +#if OPENSSL_VERSION_NUMBER < 0x10100000

  103.  	n = CRYPTO_num_locks();
  104. +#else

  105. +	// see openssl/crypto.h for more details

  106. +	n = 1;

  107. +#endif

  108.  	mutexes = (pthread_mutex_t *) malloc(n * sizeof(pthread_mutex_t));
  109.  	if (mutexes == NULL)
  110.  		return errno;
  111. @@ -357,15 +360,22 @@ dkimf_crypto_init(void)

  112.  	if (status != 0)
  113.  		return status;
  114.  
  115. +#if OPENSSL_VERSION_NUMBER < 0x10100000

  116.  	SSL_load_error_strings();
  117.  	SSL_library_init();
  118.  	ERR_load_crypto_strings();
  119. +#else

  120. +	OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);

  121. +	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);

  122. +#endif

  123.  
  124. +#if OPENSSL_VERSION_NUMBER < 0x10000000

  125.  	CRYPTO_set_id_callback(&dkimf_crypto_get_id);
  126.  	CRYPTO_set_locking_callback(&dkimf_crypto_lock_callback);
  127.  	CRYPTO_set_dynlock_create_callback(&dkimf_crypto_dyn_create);
  128.  	CRYPTO_set_dynlock_lock_callback(&dkimf_crypto_dyn_lock);
  129.  	CRYPTO_set_dynlock_destroy_callback(&dkimf_crypto_dyn_destroy);
  130. +#endif

  131.  
  132.  #ifdef USE_OPENSSL_ENGINE
  133.  	if (!SSL_set_engine(NULL))
  134. @@ -392,11 +402,15 @@ dkimf_crypto_free(void)

  135.  {
  136.  	if (crypto_init_done)
  137.  	{
  138. +#if OPENSSL_VERSION_NUMBER >= 0x10100000

  139. +		OPENSSL_thread_stop();

  140. +#else

  141.  		CRYPTO_cleanup_all_ex_data();
  142.  		CONF_modules_free();
  143.  		EVP_cleanup();
  144.  		ERR_free_strings();
  145. -		ERR_remove_state(0);

  146. +		ERR_remove_thread_state(NULL);

  147. +#endif

  148.  
  149.  		if (nmutexes > 0)
  150.  		{
  151. --- a/libopendkim/dkim.c

  152. +++ b/libopendkim/dkim.c

  153. @@ -4195,8 +4195,10 @@ dkim_init_openssl(void)

  154.  {
  155.  	pthread_mutex_lock(&openssl_lock);
  156.  
  157. +#if OPENSSL_VERSION_NUMBER < 0x10100000

  158.  	if (openssl_refcount == 0)
  159.  		OpenSSL_add_all_algorithms();
  160. +#endif

  161.  	openssl_refcount++;
  162.  
  163.  	pthread_mutex_unlock(&openssl_lock);
  164. @@ -4220,8 +4222,10 @@ dkim_close_openssl(void)

  165.  	pthread_mutex_lock(&openssl_lock);
  166.  
  167.  	openssl_refcount--;
  168. +#if OPENSSL_VERSION_NUMBER < 0x10100000

  169.  	if (openssl_refcount == 0)
  170.  		EVP_cleanup();
  171. +#endif

  172.  
  173.  	pthread_mutex_unlock(&openssl_lock);
  174.  }
  175. --- a/opendkim/opendkim-testkey.c

  176. +++ b/opendkim/opendkim-testkey.c

  177. @@ -452,7 +452,11 @@ main(int argc, char **argv)

  178.  	memset(err, '\0', sizeof err);
  179.  
  180.  #ifndef USE_GNUTLS
  181. +#if OPENSSL_VERSION_NUMBER < 0x10100000

  182.  	ERR_load_crypto_strings();
  183. +#else

  184. +	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);

  185. +#endif

  186.  #endif /* ! USE_GNUTLS */
  187.  
  188.  	/* process a KeyTable if specified and not overridden */
  189. --- a/opendkim/opendkim.c

  190. +++ b/opendkim/opendkim.c

  191. @@ -15540,7 +15540,11 @@ main(int argc, char **argv)

  192.  			printf("\tCompiled with GnuTLS %s\n", GNUTLS_VERSION);
  193.  #else /* USE_GNUTLS */
  194.  			printf("\tCompiled with %s\n",
  195. +#if OPENSSL_VERSION_NUMBER < 0x10100000

  196.  			       SSLeay_version(SSLEAY_VERSION));
  197. +#else

  198. +			       OpenSSL_version(OPENSSL_VERSION));

  199. +#endif

  200.  #endif /* USE_GNUTLS */
  201.  			printf("\tSMFI_VERSION 0x%x\n", SMFI_VERSION);
  202.  #ifdef HAVE_SMFI_VERSION