OpenSSL 1.1.0 fixes from apr-util 1.5.x branch.
diff -uap apr-util-1.5.4/build/crypto.m4.openssl11 apr-util-1.5.4/build/crypto.m4
--- apr-util-1.5.4/build/crypto.m4.openssl11
+++ apr-util-1.5.4/build/crypto.m4
@@ -88,7 +88,7 @@
[
if test "$withval" = "yes"; then
AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
apu_have_openssl=1
fi
@@ -104,7 +104,7 @@
AC_MSG_NOTICE(checking for openssl in $withval)
AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
apu_have_openssl=1
APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
@@ -113,7 +113,7 @@
if test "$apu_have_openssl" != "1"; then
AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
apu_have_openssl=1
APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
diff -uap apr-util-1.5.4/crypto/apr_crypto_openssl.c.openssl11 apr-util-1.5.4/crypto/apr_crypto_openssl.c
--- apr-util-1.5.4/crypto/apr_crypto_openssl.c.openssl11
+++ apr-util-1.5.4/crypto/apr_crypto_openssl.c
@@ -64,7 +64,7 @@
apr_pool_t *pool;
const apr_crypto_driver_t *provider;
const apr_crypto_t *f;
- EVP_CIPHER_CTX cipherCtx;
+ EVP_CIPHER_CTX *cipherCtx;
int initialised;
int ivSize;
int blockSize;
@@ -111,7 +111,11 @@
static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
const apu_err_t **result)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_malloc_init();
+#else
+ OPENSSL_malloc_init();
+#endif
ERR_load_crypto_strings();
/* SSL_load_error_strings(); */
OpenSSL_add_all_algorithms();
@@ -124,6 +128,30 @@
return APR_SUCCESS;
}
+#if OPENSSL_VERSION_NUMBER < 0x0090802fL
+
+/* Code taken from OpenSSL 0.9.8b, see
+ * https://github.com/openssl/openssl/commit/cf6bc84148cb15af09b292394aaf2b45f0d5af0d
+ */
+
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
+{
+ EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+ if (ctx)
+ EVP_CIPHER_CTX_init(ctx);
+ return ctx;
+}
+
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+{
+ if (ctx) {
+ EVP_CIPHER_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
+}
+
+#endif
+
/**
* @brief Clean encryption / decryption context.
* @note After cleanup, a context is free to be reused if necessary.
@@ -134,7 +162,7 @@
{
if (ctx->initialised) {
- EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx);
+ EVP_CIPHER_CTX_free(ctx->cipherCtx);
ctx->initialised = 0;
}
@@ -491,8 +519,10 @@
apr_pool_cleanup_null);
/* create a new context for encryption */
- EVP_CIPHER_CTX_init(&block->cipherCtx);
- block->initialised = 1;
+ if (!block->initialised) {
+ block->cipherCtx = EVP_CIPHER_CTX_new();
+ block->initialised = 1;
+ }
/* generate an IV, if necessary */
usedIv = NULL;
@@ -519,16 +549,16 @@
/* set up our encryption context */
#if CRYPTO_OPENSSL_CONST_BUFFERS
- if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
+ if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine,
key->key, usedIv)) {
#else
- if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
+ if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
#endif
return APR_EINIT;
}
/* Clear up any read padding */
- if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
+ if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
return APR_EPADDING;
}
@@ -582,11 +612,16 @@
}
#if CRYPT_OPENSSL_CONST_BUFFERS
- if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) {
+ if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) {
#else
- if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl,
+ if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl,
(unsigned char *) in, inlen)) {
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
return APR_ECRYPT;
}
*outlen = outl;
@@ -616,14 +651,22 @@
static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
apr_size_t *outlen, apr_crypto_block_t *ctx)
{
+ apr_status_t rc = APR_SUCCESS;
int len = *outlen;
- if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
- return APR_EPADDING;
+ if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
+ rc = APR_EPADDING;
}
- *outlen = len;
+ else {
+ *outlen = len;
+ }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
- return APR_SUCCESS;
+ return rc;
}
@@ -662,8 +705,10 @@
apr_pool_cleanup_null);
/* create a new context for encryption */
- EVP_CIPHER_CTX_init(&block->cipherCtx);
- block->initialised = 1;
+ if (!block->initialised) {
+ block->cipherCtx = EVP_CIPHER_CTX_new();
+ block->initialised = 1;
+ }
/* generate an IV, if necessary */
if (key->ivSize) {
@@ -674,16 +719,16 @@
/* set up our encryption context */
#if CRYPTO_OPENSSL_CONST_BUFFERS
- if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
+ if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine,
key->key, iv)) {
#else
- if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
+ if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
#endif
return APR_EINIT;
}
/* Clear up any read padding */
- if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
+ if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
return APR_EPADDING;
}
@@ -737,11 +782,16 @@
}
#if CRYPT_OPENSSL_CONST_BUFFERS
- if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) {
+ if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) {
#else
- if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in,
+ if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in,
inlen)) {
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
return APR_ECRYPT;
}
*outlen = outl;
@@ -771,15 +821,22 @@
static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
apr_size_t *outlen, apr_crypto_block_t *ctx)
{
-
+ apr_status_t rc = APR_SUCCESS;
int len = *outlen;
- if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
- return APR_EPADDING;
+ if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
+ rc = APR_EPADDING;
+ }
+ else {
+ *outlen = len;
}
- *outlen = len;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
- return APR_SUCCESS;
+ return rc;
}