OpenSSL 1.1.0 fixes from apr-util 1.5.x branch. diff -uap apr-util-1.5.4/build/crypto.m4.openssl11 apr-util-1.5.4/build/crypto.m4 --- apr-util-1.5.4/build/crypto.m4.openssl11 +++ apr-util-1.5.4/build/crypto.m4 @@ -88,7 +88,7 @@ [ if test "$withval" = "yes"; then AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1]) - AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) + AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then apu_have_openssl=1 fi @@ -104,7 +104,7 @@ AC_MSG_NOTICE(checking for openssl in $withval) AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1]) - AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) + AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then apu_have_openssl=1 APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib]) @@ -113,7 +113,7 @@ if test "$apu_have_openssl" != "1"; then AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1]) - AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) + AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then apu_have_openssl=1 APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib]) diff -uap apr-util-1.5.4/crypto/apr_crypto_openssl.c.openssl11 apr-util-1.5.4/crypto/apr_crypto_openssl.c --- apr-util-1.5.4/crypto/apr_crypto_openssl.c.openssl11 +++ apr-util-1.5.4/crypto/apr_crypto_openssl.c @@ -64,7 +64,7 @@ apr_pool_t *pool; const apr_crypto_driver_t *provider; const apr_crypto_t *f; - EVP_CIPHER_CTX cipherCtx; + EVP_CIPHER_CTX *cipherCtx; int initialised; int ivSize; int blockSize; @@ -111,7 +111,11 @@ static apr_status_t crypto_init(apr_pool_t *pool, const char *params, const apu_err_t **result) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L CRYPTO_malloc_init(); +#else + OPENSSL_malloc_init(); +#endif ERR_load_crypto_strings(); /* SSL_load_error_strings(); */ OpenSSL_add_all_algorithms(); @@ -124,6 +128,30 @@ return APR_SUCCESS; } +#if OPENSSL_VERSION_NUMBER < 0x0090802fL + +/* Code taken from OpenSSL 0.9.8b, see + * https://github.com/openssl/openssl/commit/cf6bc84148cb15af09b292394aaf2b45f0d5af0d + */ + +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) +{ + EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + if (ctx) + EVP_CIPHER_CTX_init(ctx); + return ctx; +} + +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) +{ + if (ctx) { + EVP_CIPHER_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } +} + +#endif + /** * @brief Clean encryption / decryption context. * @note After cleanup, a context is free to be reused if necessary. @@ -134,7 +162,7 @@ { if (ctx->initialised) { - EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx); + EVP_CIPHER_CTX_free(ctx->cipherCtx); ctx->initialised = 0; } @@ -491,8 +519,10 @@ apr_pool_cleanup_null); /* create a new context for encryption */ - EVP_CIPHER_CTX_init(&block->cipherCtx); - block->initialised = 1; + if (!block->initialised) { + block->cipherCtx = EVP_CIPHER_CTX_new(); + block->initialised = 1; + } /* generate an IV, if necessary */ usedIv = NULL; @@ -519,16 +549,16 @@ /* set up our encryption context */ #if CRYPTO_OPENSSL_CONST_BUFFERS - if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, + if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, key->key, usedIv)) { #else - if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) { + if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) { #endif return APR_EINIT; } /* Clear up any read padding */ - if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) { + if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) { return APR_EPADDING; } @@ -582,11 +612,16 @@ } #if CRYPT_OPENSSL_CONST_BUFFERS - if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) { + if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) { #else - if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, + if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, (unsigned char *) in, inlen)) { #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); +#else + EVP_CIPHER_CTX_reset(ctx->cipherCtx); +#endif return APR_ECRYPT; } *outlen = outl; @@ -616,14 +651,22 @@ static apr_status_t crypto_block_encrypt_finish(unsigned char *out, apr_size_t *outlen, apr_crypto_block_t *ctx) { + apr_status_t rc = APR_SUCCESS; int len = *outlen; - if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) { - return APR_EPADDING; + if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) { + rc = APR_EPADDING; } - *outlen = len; + else { + *outlen = len; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); +#else + EVP_CIPHER_CTX_reset(ctx->cipherCtx); +#endif - return APR_SUCCESS; + return rc; } @@ -662,8 +705,10 @@ apr_pool_cleanup_null); /* create a new context for encryption */ - EVP_CIPHER_CTX_init(&block->cipherCtx); - block->initialised = 1; + if (!block->initialised) { + block->cipherCtx = EVP_CIPHER_CTX_new(); + block->initialised = 1; + } /* generate an IV, if necessary */ if (key->ivSize) { @@ -674,16 +719,16 @@ /* set up our encryption context */ #if CRYPTO_OPENSSL_CONST_BUFFERS - if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, + if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, key->key, iv)) { #else - if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) { + if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) { #endif return APR_EINIT; } /* Clear up any read padding */ - if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) { + if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) { return APR_EPADDING; } @@ -737,11 +782,16 @@ } #if CRYPT_OPENSSL_CONST_BUFFERS - if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) { + if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) { #else - if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in, + if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in, inlen)) { #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); +#else + EVP_CIPHER_CTX_reset(ctx->cipherCtx); +#endif return APR_ECRYPT; } *outlen = outl; @@ -771,15 +821,22 @@ static apr_status_t crypto_block_decrypt_finish(unsigned char *out, apr_size_t *outlen, apr_crypto_block_t *ctx) { - + apr_status_t rc = APR_SUCCESS; int len = *outlen; - if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) { - return APR_EPADDING; + if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) { + rc = APR_EPADDING; + } + else { + *outlen = len; } - *outlen = len; +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); +#else + EVP_CIPHER_CTX_reset(ctx->cipherCtx); +#endif - return APR_SUCCESS; + return rc; }