Browse Source
spice: Fix compilation without deprecated OpenSSL APIs
Fixes openwrt/packages#10451 Supersedes openwrt/packages#10461 Signed-off-by: Rosen Penev <rosenp@gmail.com> (use separate upstreamed patches) Ref: https://github.com/openwrt/packages/pull/10461 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>lilik-openwrt-22.03
Yousong Zhou
5 years ago
3 changed files with 128 additions and 1 deletions
Split View
Diff Options
-
+2 -1libs/spice/Makefile
-
+48 -0libs/spice/patches/0001-reds-Fix-SSL_CTX_set_ecdh_auto-call-for-some-old-Ope.patch
-
+78 -0libs/spice/patches/0002-reds-Fix-compilation-without-deprecated-OpenSSL-1.1-.patch
+ 2
- 1
libs/spice/Makefile
View File
+ 48
- 0
libs/spice/patches/0001-reds-Fix-SSL_CTX_set_ecdh_auto-call-for-some-old-Ope.patch
View File
| @ -0,0 +1,48 @@ | |||
| From 214736dce643ce3ee257da017373e88cc19d2d3b Mon Sep 17 00:00:00 2001 | |||
| From: Frediano Ziglio <fziglio@redhat.com> | |||
| Date: Thu, 20 Jun 2019 13:26:11 +0100 | |||
| Subject: [PATCH] reds: Fix SSL_CTX_set_ecdh_auto call for some old OpenSSL | |||
| SSL_CTX_set_ecdh_auto is not defined in some old versions of OpenSSL | |||
| Signed-off-by: Frediano Ziglio <fziglio@redhat.com> | |||
| Acked-by: Jeremy White <jwhite@codeweavers.com> | |||
| --- | |||
| configure.ac | 9 +++++++++ | |||
| server/reds.c | 2 ++ | |||
| 2 files changed, 11 insertions(+) | |||
| diff --git a/configure.ac b/configure.ac | |||
| index e12d7e85..49c009d4 100644 | |||
| --- a/configure.ac | |||
| +++ b/configure.ac | |||
| @@ -209,6 +209,15 @@ AC_SUBST(SSL_CFLAGS) | |||
| AC_SUBST(SSL_LIBS) | |||
| AS_VAR_APPEND([SPICE_REQUIRES], [" openssl"]) | |||
| +save_CFLAGS="$CFLAGS" | |||
| +CFLAGS="$CFLAGS $SSL_CFLAGS" | |||
| +AC_CHECK_DECLS([SSL_CTX_set_ecdh_auto], [], [], [ | |||
| +AC_INCLUDES_DEFAULT | |||
| +#include <openssl/err.h> | |||
| +#include <openssl/ssl.h> | |||
| +]) | |||
| +CFLAGS="$save_CFLAGS" | |||
| + | |||
| AC_CHECK_LIB(jpeg, jpeg_destroy_decompress, | |||
| AC_MSG_CHECKING([for jpeglib.h]) | |||
| AC_TRY_CPP( | |||
| diff --git a/server/reds.c b/server/reds.c | |||
| index 792e9838..b4061fbc 100644 | |||
| --- a/server/reds.c | |||
| +++ b/server/reds.c | |||
| @@ -2937,7 +2937,9 @@ static int reds_init_ssl(RedsState *reds) | |||
| } | |||
| SSL_CTX_set_options(reds->ctx, ssl_options); | |||
| +#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO || defined(SSL_CTX_set_ecdh_auto) | |||
| SSL_CTX_set_ecdh_auto(reds->ctx, 1); | |||
| +#endif | |||
| /* Load our keys and certificates*/ | |||
| return_code = SSL_CTX_use_certificate_chain_file(reds->ctx, reds->config->ssl_parameters.certs_file); | |||
+ 78
- 0
libs/spice/patches/0002-reds-Fix-compilation-without-deprecated-OpenSSL-1.1-.patch
View File
| @ -0,0 +1,78 @@ | |||
| From 5bc932f7a71ede7d8ecd9d88804af95a2eb955c0 Mon Sep 17 00:00:00 2001 | |||
| From: Rosen Penev <rosenp@gmail.com> | |||
| Date: Sun, 3 Nov 2019 15:34:33 -0800 | |||
| Subject: [PATCH] reds: Fix compilation without deprecated OpenSSL 1.1 APIs | |||
| Missing headers for BN_ and RSA_ functions. | |||
| Initialization is deprecated with 1.1. | |||
| Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||
| Acked-by: Frediano Ziglio <fziglio@redhat.com> | |||
| --- | |||
| AUTHORS hunk removed as it does not apply (with 0.14.2 at least) | |||
| AUTHORS | 1 + | |||
| server/reds.c | 24 ++++++++++++++++-------- | |||
| 2 files changed, 17 insertions(+), 8 deletions(-) | |||
| diff --git a/server/reds.c b/server/reds.c | |||
| index c55aa3f8..dc03ef3a 100644 | |||
| --- a/server/reds.c | |||
| +++ b/server/reds.c | |||
| @@ -36,7 +36,9 @@ | |||
| #include <ws2tcpip.h> | |||
| #endif | |||
| +#include <openssl/bn.h> | |||
| #include <openssl/err.h> | |||
| +#include <openssl/rsa.h> | |||
| #if HAVE_SASL | |||
| #include <sasl/sasl.h> | |||
| @@ -2838,13 +2840,8 @@ static void openssl_thread_setup(void) | |||
| CRYPTO_set_id_callback(pthreads_thread_id); | |||
| CRYPTO_set_locking_callback(pthreads_locking_callback); | |||
| } | |||
| -#else | |||
| -static inline void openssl_thread_setup(void) | |||
| -{ | |||
| -} | |||
| -#endif | |||
| -static gpointer openssl_global_init(gpointer arg) | |||
| +static gpointer openssl_global_init_once(gpointer arg) | |||
| { | |||
| SSL_library_init(); | |||
| SSL_load_error_strings(); | |||
| @@ -2854,9 +2851,20 @@ static gpointer openssl_global_init(gpointer arg) | |||
| return NULL; | |||
| } | |||
| -static int reds_init_ssl(RedsState *reds) | |||
| +static inline void openssl_global_init(void) | |||
| { | |||
| static GOnce openssl_once = G_ONCE_INIT; | |||
| + g_once(&openssl_once, openssl_global_init_once, NULL); | |||
| +} | |||
| + | |||
| +#else | |||
| +static inline void openssl_global_init(void) | |||
| +{ | |||
| +} | |||
| +#endif | |||
| + | |||
| +static int reds_init_ssl(RedsState *reds) | |||
| +{ | |||
| const SSL_METHOD *ssl_method; | |||
| int return_code; | |||
| /* Limit connection to TLSv1.1 or newer. | |||
| @@ -2865,7 +2873,7 @@ static int reds_init_ssl(RedsState *reds) | |||
| long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1; | |||
| /* Global system initialization*/ | |||
| - g_once(&openssl_once, openssl_global_init, NULL); | |||
| + openssl_global_init(); | |||
| /* Create our context*/ | |||
| /* SSLv23_method() handles TLSv1.x in addition to SSLv2/v3 */ | |||