From 5f08e7b75b2af6ca30c9980689c8c196eb7a6520 Mon Sep 17 00:00:00 2001 From: Val Kulkov Date: Fri, 21 Dec 2018 02:15:19 -0500 Subject: [PATCH] opendkim: support OpenSSL 1.1 with/without deprecated APIs This patch enables support of OpenSSL 1.1+ with and without deprecated OpenSSL APIs. Signed-off-by: Val Kulkov --- mail/opendkim/Makefile | 2 +- .../patches/010-openssl_1.1.0_compat.patch | 90 -------- .../patches/010-openssl_1.1_compat.patch | 202 ++++++++++++++++++ 3 files changed, 203 insertions(+), 91 deletions(-) delete mode 100644 mail/opendkim/patches/010-openssl_1.1.0_compat.patch create mode 100644 mail/opendkim/patches/010-openssl_1.1_compat.patch diff --git a/mail/opendkim/Makefile b/mail/opendkim/Makefile index 6a64e2c63..eaf0f81e6 100644 --- a/mail/opendkim/Makefile +++ b/mail/opendkim/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=opendkim PKG_VERSION:=2.10.3 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/$(PKG_NAME) diff --git a/mail/opendkim/patches/010-openssl_1.1.0_compat.patch b/mail/opendkim/patches/010-openssl_1.1.0_compat.patch deleted file mode 100644 index 383990832..000000000 --- a/mail/opendkim/patches/010-openssl_1.1.0_compat.patch +++ /dev/null @@ -1,90 +0,0 @@ -Description: Build and work with either openssl 1.0.2 or 1.1.0 - * Add patch to build with either openssl 1.0.2 or 1.1.0 (Closes: #828466) - - Thanks to Sebastian Andrzej Siewior for the patch -Author: Sebastian Andrzej Siewior -Bug-Debian: http://bugs.debian.org/828466 -Origin: vendor -Forwarded: no -Reviewed-By: Scott Kitterman -Last-Update: - ---- opendkim-2.11.0~alpha.orig/configure.ac -+++ opendkim-2.11.0~alpha/configure.ac -@@ -864,26 +864,28 @@ then - AC_SEARCH_LIBS([ERR_peek_error], [crypto], , - AC_MSG_ERROR([libcrypto not found])) - -- AC_SEARCH_LIBS([SSL_library_init], [ssl], , -- [ -- if test x"$enable_shared" = x"yes" -- then -- AC_MSG_ERROR([Cannot build shared opendkim -- against static openssl libraries. -- Configure with --disable-shared -- to get this working or obtain a -- shared libssl library for -- opendkim to use.]) -- fi - -- # avoid caching issue - last result of SSL_library_init -- # shouldn't be cached for this next check -- unset ac_cv_search_SSL_library_init -- LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl" -- AC_SEARCH_LIBS([SSL_library_init], [ssl], , -- AC_MSG_ERROR([libssl not found]), [-ldl]) -- ] -- ) -+ AC_LINK_IFELSE( -+ [AC_LANG_PROGRAM([[#include ]], -+ [[SSL_library_init();]])], -+ [od_have_ossl="yes";], -+ [od_have_ossl="no";]) -+ if test x"$od_have_ossl" = x"no" -+ then -+ if test x"$enable_shared" = x"yes" -+ then -+ AC_MSG_ERROR([Cannot build shared opendkim -+ against static openssl libraries. -+ Configure with --disable-shared -+ to get this working or obtain a -+ shared libssl library for -+ opendkim to use.]) -+ fi -+ -+ LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl" -+ AC_SEARCH_LIBS([SSL_library_init], [ssl], , -+ AC_MSG_ERROR([libssl not found]), [-ldl]) -+ fi - - AC_CHECK_DECL([SHA256_DIGEST_LENGTH], - AC_DEFINE([HAVE_SHA256], 1, ---- opendkim-2.11.0~alpha.orig/opendkim/opendkim-crypto.c -+++ opendkim-2.11.0~alpha/opendkim/opendkim-crypto.c -@@ -222,7 +222,11 @@ dkimf_crypto_free_id(void *ptr) - { - assert(pthread_setspecific(id_key, ptr) == 0); - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000 -+ OPENSSL_thread_stop(); -+#else - ERR_remove_state(0); -+#endif - - free(ptr); - -@@ -392,11 +396,15 @@ dkimf_crypto_free(void) - { - if (crypto_init_done) - { -+#if OPENSSL_VERSION_NUMBER >= 0x10100000 -+ OPENSSL_thread_stop(); -+#else - CRYPTO_cleanup_all_ex_data(); - CONF_modules_free(); - EVP_cleanup(); - ERR_free_strings(); - ERR_remove_state(0); -+#endif - - if (nmutexes > 0) - { diff --git a/mail/opendkim/patches/010-openssl_1.1_compat.patch b/mail/opendkim/patches/010-openssl_1.1_compat.patch new file mode 100644 index 000000000..ed92fff0f --- /dev/null +++ b/mail/opendkim/patches/010-openssl_1.1_compat.patch @@ -0,0 +1,202 @@ +This patch has been tested with OpenSSL 1.0.2q, 1.1.0j and 1.1.1a +with and without support for deprecated OpenSSL APIs. + +--- a/configure.ac ++++ b/configure.ac +@@ -860,26 +860,10 @@ then + AC_SEARCH_LIBS([ERR_peek_error], [crypto], , + AC_MSG_ERROR([libcrypto not found])) + +- AC_SEARCH_LIBS([SSL_library_init], [ssl], , +- [ +- if test x"$enable_shared" = x"yes" +- then +- AC_MSG_ERROR([Cannot build shared opendkim +- against static openssl libraries. +- Configure with --disable-shared +- to get this working or obtain a +- shared libssl library for +- opendkim to use.]) +- fi +- +- # avoid caching issue - last result of SSL_library_init +- # shouldn't be cached for this next check +- unset ac_cv_search_SSL_library_init +- LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl" +- AC_SEARCH_LIBS([SSL_library_init], [ssl], , +- AC_MSG_ERROR([libssl not found]), [-ldl]) +- ] +- ) ++ od_have_ossl="no" ++ AC_CHECK_LIB(ssl, OPENSSL_init_ssl, [od_have_ossl="yes"]) ++ AC_CHECK_LIB(ssl, SSL_library_init, [od_have_ossl="yes"]) ++ AS_IF([test "x$od_have_ossl" = xno], [AC_MSG_ERROR([libssl not found])]) + + AC_CHECK_DECL([SHA256_DIGEST_LENGTH], + AC_DEFINE([HAVE_SHA256], 1, +--- a/opendkim/opendkim-crypto.c ++++ b/opendkim/opendkim-crypto.c +@@ -139,6 +139,7 @@ static unsigned int nmutexes = 0; + static unsigned long threadid = 0L; + static pthread_mutex_t *mutexes = NULL; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + /* + ** DKIMF_CRYPTO_LOCK_CALLBACK -- locking callback for libcrypto + ** +@@ -166,6 +167,7 @@ dkimf_crypto_lock_callback(int mode, int + + assert(status == 0); + } ++#endif + + /* + ** DKIMF_CRYPTO_GET_ID -- generate/retrieve thread ID +@@ -208,21 +210,15 @@ dkimf_crypto_get_id(void) + static void + dkimf_crypto_free_id(void *ptr) + { +- /* +- ** Trick dkimf_crypto_get_id(); the thread-specific pointer has +- ** already been cleared at this point, but dkimf_crypto_get_id() +- ** may be called by ERR_remove_state() which will then allocate a +- ** new thread pointer if the thread-specific pointer is NULL. This +- ** means a memory leak of thread IDs and, on Solaris, an infinite loop +- ** because the destructor (indirectly) re-sets the thread-specific +- ** pointer to something not NULL. See pthread_key_create(3). +- */ +- + if (ptr != NULL) + { + assert(pthread_setspecific(id_key, ptr) == 0); + +- ERR_remove_state(0); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ OPENSSL_thread_stop(); ++#else ++ ERR_remove_thread_state(NULL); ++#endif + + free(ptr); + +@@ -300,6 +296,7 @@ dkimf_crypto_dyn_destroy(struct CRYPTO_d + ** None. + */ + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + static void + dkimf_crypto_dyn_lock(int mode, struct CRYPTO_dynlock_value *lock, + /* UNUSED */ const char *file, +@@ -316,6 +313,7 @@ dkimf_crypto_dyn_lock(int mode, struct C + + assert(status == 0); + } ++#endif + + /* + ** DKIMF_CRYPTO_INIT -- set up openssl dependencies +@@ -335,7 +333,12 @@ dkimf_crypto_init(void) + int n; + int status; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + n = CRYPTO_num_locks(); ++#else ++ // see openssl/crypto.h for more details ++ n = 1; ++#endif + mutexes = (pthread_mutex_t *) malloc(n * sizeof(pthread_mutex_t)); + if (mutexes == NULL) + return errno; +@@ -357,15 +360,22 @@ dkimf_crypto_init(void) + if (status != 0) + return status; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + SSL_load_error_strings(); + SSL_library_init(); + ERR_load_crypto_strings(); ++#else ++ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); ++ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); ++#endif + ++#if OPENSSL_VERSION_NUMBER < 0x10000000 + CRYPTO_set_id_callback(&dkimf_crypto_get_id); + CRYPTO_set_locking_callback(&dkimf_crypto_lock_callback); + CRYPTO_set_dynlock_create_callback(&dkimf_crypto_dyn_create); + CRYPTO_set_dynlock_lock_callback(&dkimf_crypto_dyn_lock); + CRYPTO_set_dynlock_destroy_callback(&dkimf_crypto_dyn_destroy); ++#endif + + #ifdef USE_OPENSSL_ENGINE + if (!SSL_set_engine(NULL)) +@@ -392,11 +402,15 @@ dkimf_crypto_free(void) + { + if (crypto_init_done) + { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ OPENSSL_thread_stop(); ++#else + CRYPTO_cleanup_all_ex_data(); + CONF_modules_free(); + EVP_cleanup(); + ERR_free_strings(); +- ERR_remove_state(0); ++ ERR_remove_thread_state(NULL); ++#endif + + if (nmutexes > 0) + { +--- a/libopendkim/dkim.c ++++ b/libopendkim/dkim.c +@@ -4195,8 +4195,10 @@ dkim_init_openssl(void) + { + pthread_mutex_lock(&openssl_lock); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if (openssl_refcount == 0) + OpenSSL_add_all_algorithms(); ++#endif + openssl_refcount++; + + pthread_mutex_unlock(&openssl_lock); +@@ -4220,8 +4222,10 @@ dkim_close_openssl(void) + pthread_mutex_lock(&openssl_lock); + + openssl_refcount--; ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if (openssl_refcount == 0) + EVP_cleanup(); ++#endif + + pthread_mutex_unlock(&openssl_lock); + } +--- a/opendkim/opendkim-testkey.c ++++ b/opendkim/opendkim-testkey.c +@@ -452,7 +452,11 @@ main(int argc, char **argv) + memset(err, '\0', sizeof err); + + #ifndef USE_GNUTLS ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + ERR_load_crypto_strings(); ++#else ++ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); ++#endif + #endif /* ! USE_GNUTLS */ + + /* process a KeyTable if specified and not overridden */ +--- a/opendkim/opendkim.c ++++ b/opendkim/opendkim.c +@@ -15540,7 +15540,11 @@ main(int argc, char **argv) + printf("\tCompiled with GnuTLS %s\n", GNUTLS_VERSION); + #else /* USE_GNUTLS */ + printf("\tCompiled with %s\n", ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + SSLeay_version(SSLEAY_VERSION)); ++#else ++ OpenSSL_version(OPENSSL_VERSION)); ++#endif + #endif /* USE_GNUTLS */ + printf("\tSMFI_VERSION 0x%x\n", SMFI_VERSION); + #ifdef HAVE_SMFI_VERSION